Andreas Schneider [Wed, 13 Feb 2019 09:41:19 +0000 (10:41 +0100)]
pidl: Use NDR_ZERO_STRUCT(P) macros
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
532ce0d20a8016c1270ea689de627da8aa4abfdd)
Andreas Schneider [Wed, 13 Feb 2019 09:38:02 +0000 (10:38 +0100)]
librpc:ndr: Add NDR_ZERO_STRUCT(P) macros
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
666802a3db3115ca09f3ffed58c8e4a8cabd65de)
Andreas Schneider [Wed, 13 Feb 2019 09:35:13 +0000 (10:35 +0100)]
librpc:ndr: Implement ndr_zero_memory()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
2a7086f1ac4ad91fb7cd958e9386abb996794ed1)
Ralph Boehme [Tue, 5 Feb 2019 13:08:56 +0000 (14:08 +0100)]
tldap: avoid more use after free errors
See the previous commit for an explanation. :)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13776
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Feb 6 10:19:12 CET 2019 on sn-devel-144
(cherry picked from commit
bf91ee0a9727cc392583fe84ad069204be758515)
Ralph Boehme [Tue, 5 Feb 2019 12:56:53 +0000 (13:56 +0100)]
tldap: avoid a use after free crash
I saw the following crash in tldap in the winbindd idmap child on a
member server after messing with the LDAP server on the DC:
0 0x00007f77ea9a307a in __GI___waitpid (pid=9815, stat_loc=stat_loc@entry=0x7ffe77569eb0, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:29
1 0x00007f77ea91bfbb in do_system (line=<optimized out>) at ../sysdeps/posix/system.c:148
2 0x00007f77edd8c24b in smb_panic_s3 (why=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../source3/lib/util.c:828
3 0x00007f77f15afe85 in smb_panic (why=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../lib/util/fault.c:170
4 0x00007f77f08e2678 in talloc_abort (reason=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../lib/talloc/talloc.c:472
5 0x00007f77f08e268b in talloc_abort_access_after_free () at ../lib/talloc/talloc.c:477
6 0x00007f77f08e2710 in talloc_chunk_from_ptr (ptr=0x55da7605a020) at ../lib/talloc/talloc.c:494
7 0x00007f77f08e4a19 in _talloc_free (ptr=0x55da7605a020, location=0x7f77e181474d "../source3/lib/tldap.c:1918") at ../lib/talloc/talloc.c:1716
8 0x00007f77e180b65c in tldap_search_all_done (subreq=0x55da7605a020) at ../source3/lib/tldap.c:1918
9 0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da7605a020, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:125
10 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da7605a020, state=TEVENT_REQ_USER_ERROR, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:162
11 0x00007f77f0af1113 in _tevent_req_error (req=0x55da7605a020, error=
9780923860630110289, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:180
12 0x00007f77e180781a in tevent_req_ldap_error (req=0x55da7605a020, rc=...) at ../source3/lib/tldap.c:47
13 0x00007f77e180b2c4 in tldap_search_done (subreq=0x55da76058280) at ../source3/lib/tldap.c:1813
14 0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da76058280, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:125
15 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da76058280, state=TEVENT_REQ_USER_ERROR, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:162
16 0x00007f77f0af11cd in tevent_req_trigger (ev=0x55da760526c0, im=0x55da76058360, private_data=0x55da76058280) at ../lib/tevent/tevent_req.c:219
17 0x00007f77f0af0378 in tevent_common_loop_immediate (ev=0x55da760526c0) at ../lib/tevent/tevent_immediate.c:135
18 0x00007f77f0af8b8f in epoll_event_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent_epoll.c:911
19 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent_standard.c:114
20 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent.c:725
21 0x00007f77f0af1361 in tevent_req_poll (req=0x55da7605eed0, ev=0x55da760526c0) at ../lib/tevent/tevent_req.c:269
22 0x00007f77e180fec9 in tldap_gensec_bind (ctx=0x55da76051ec0, creds=0x55da76052250, target_service=0x7f77e18164b3 "ldap", target_hostname=0x55da7605d182 "dc1.sdom1.site", target_principal=0x0, lp_ctx=0x55da76052180, gensec_features=6) at ../source3/lib/tldap_gensec_bind.c:358
23 0x00007f77e1810d21 in idmap_ad_get_tldap_ctx (mem_ctx=0x55da76050510, domname=0x55da76051d50 "sdom1", pld=0x55da76050518) at ../source3/winbindd/idmap_ad.c:326
24 0x00007f77e1811056 in idmap_ad_context_create (mem_ctx=0x55da76059c00, dom=0x55da76059c00, domname=0x55da76051d50 "sdom1", pctx=0x7ffe7756a5f8) at ../source3/winbindd/idmap_ad.c:374
25 0x00007f77e18119c0 in idmap_ad_get_context (dom=0x55da76059c00, pctx=0x7ffe7756a640) at ../source3/winbindd/idmap_ad.c:554
26 0x00007f77e181275b in idmap_ad_sids_to_unixids (dom=0x55da76059c00, ids=0x55da760518a0) at ../source3/winbindd/idmap_ad.c:784
27 0x00007f77e1813217 in idmap_ad_sids_to_unixids_retry (dom=0x55da76059c00, ids=0x55da760518a0) at ../source3/winbindd/idmap_ad.c:947
28 0x000055da7459ce05 in _wbint_Sids2UnixIDs (p=0x7ffe7756a870, r=0x55da76050860) at ../source3/winbindd/winbindd_dual_srv.c:202
29 0x000055da7460aa5e in api_wbint_Sids2UnixIDs (p=0x7ffe7756a870) at default/librpc/gen_ndr/srv_winbind.c:391
30 0x000055da7459c7f4 in winbindd_dual_ndrcmd (domain=0x0, state=0x7ffe7756abb8) at ../source3/winbindd/winbindd_dual_ndr.c:369
31 0x000055da7459828c in child_process_request (child=0x55da74874bc0 <static_idmap_child>, state=0x7ffe7756abb8) at ../source3/winbindd/winbindd_dual.c:666
32 0x000055da7459ae58 in child_handler (ev=0x55da7602c2b0, fde=0x55da7603f8a0, flags=1, private_data=0x7ffe7756abb0) at ../source3/winbindd/winbindd_dual.c:1567
33 0x00007f77f0af85f1 in epoll_event_loop (epoll_ev=0x55da76048b00, tvalp=0x7ffe7756aab0) at ../lib/tevent/tevent_epoll.c:728
34 0x00007f77f0af8c29 in epoll_event_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent_epoll.c:930
35 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent_standard.c:114
36 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent.c:725
37 0x000055da7459b9e9 in fork_domain_child (child=0x55da74874bc0 <static_idmap_child>) at ../source3/winbindd/winbindd_dual.c:1766
38 0x000055da74596e96 in wb_child_request_waited (subreq=0x0) at ../source3/winbindd/winbindd_dual.c:188
39 0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da7604f820, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:125
40 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da7604f820, state=TEVENT_REQ_DONE, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:162
41 0x00007f77f0af10cd in _tevent_req_done (req=0x55da7604f820, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:168
42 0x00007f77f0af0cc1 in tevent_queue_wait_trigger (req=0x55da7604f820, private_data=0x0) at ../lib/tevent/tevent_queue.c:355
43 0x00007f77f0af06f2 in tevent_queue_immediate_trigger (ev=0x55da7602c2b0, im=0x55da760466a0, private_data=0x55da76046580) at ../lib/tevent/tevent_queue.c:149
44 0x00007f77f0af0378 in tevent_common_loop_immediate (ev=0x55da7602c2b0) at ../lib/tevent/tevent_immediate.c:135
45 0x00007f77f0af8b8f in epoll_event_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent_epoll.c:911
46 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent_standard.c:114
47 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent.c:725
48 0x000055da74561431 in main (argc=2, argv=0x7ffe7756c968) at ../source3/winbindd/winbindd.c:1803
subreq is a child of the state of req which will already be free by the
callback of req.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13776
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
9465292d4109f710f8fcd141a076f5c8278577bc)
Andreas Schneider [Wed, 30 Jan 2019 17:45:34 +0000 (18:45 +0100)]
s3:vfs: Correctly check if OFD locks should be enabled or not
Also the smb.conf options should only be checked once and a reload of
the config should not switch to a different locking mode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 9 03:43:50 CET 2019 on sn-devel-144
(cherry picked from commit
7ff94b18e2e39567ef7a208084cc5c914c39d3bd)
Andreas Schneider [Wed, 30 Jan 2019 17:09:52 +0000 (18:09 +0100)]
s3:vfs: Initialize pid to 0 in test_netatalk_lock()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2ff2594b2bd878928cec30bc72a95a6d38bee154)
Jeremy Allison [Thu, 7 Feb 2019 02:01:52 +0000 (18:01 -0800)]
s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code.
Originally added for BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584
to demonstrate a lock order violation, this test
exposed problems in the mapping of SMB1/2 share modes
and open modes to NetATalk modes once we moved to OFD locks.
Change the test slightly (and add comments)
so it demonstrates working NetATalk share modes
on an open file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 8 23:26:46 CET 2019 on sn-devel-144
(cherry picked from commit
28990e4ba23695ecf264117efad90cc4e573302e)
Jeremy Allison [Thu, 7 Feb 2019 01:49:16 +0000 (17:49 -0800)]
s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code.
This exhibited itself as a problem with OFD locks reported
as:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770
However, due to underlying bugs in the vfs_fruit
code the file locks were not being properly applied.
There are two problems in fruit_check_access().
Problem #1:
Inside fruit_check_access() we have:
flags = fcntl(fsp->fh->fd, F_GETFL);
..
if (flags & (O_RDONLY|O_RDWR)) {
We shouldn't be calling fcntl(fsp->fh->fd, ..) directly.
fsp->fh->fd may be a made up number from an underlying
VFS module that has no meaning to a system call.
Secondly, in all POSIX systems - O_RDONLY is defined as
*zero*. O_RDWR = 2.
Which means flags & (O_RDONLY|O_RDWR) becomes (flags & 2),
not what we actually thought.
Problem #2:
deny_mode is *not* a bitmask, it's a set of discrete values.
Inside fruit_check_access() we have:
if (deny_mode & DENY_READ) and also (deny_mode & DENY_WRITE)
However, deny modes are defined as:
/* deny modes */
define DENY_DOS 0
define DENY_ALL 1
define DENY_WRITE 2
define DENY_READ 3
define DENY_NONE 4
define DENY_FCB 7
so if deny_mode = DENY_WRITE, or if deny_mode = DENY_READ
then it's going to trigger both the if (deny_mode & DENY_READ)
*and* the (deny_mode & DENY_WRITE) conditions.
These problems allowed the original test test_netatalk_lock code to
pass (which was added for BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584
to demonstrate the lock order violation).
This patch refactors the fruit_check_access()
code to be much simpler (IMHO) to understand.
Firstly, pass in the SMB1/2 share mode, not old
DOS deny modes.
Secondly, read all the possible NetAtalk locks
into local variables:
netatalk_already_open_for_reading
netatalk_already_open_with_deny_read
netatalk_already_open_for_writing
netatalk_already_open_with_deny_write
Then do the share mode/access mode checks
with the requested values against any stored
netatalk modes/access modes.
Finally add in NetATalk compatible locks
that represent our share modes/access modes
into the file, with an early return if we don't
have FILE_READ_DATA (in which case we can't
write locks anyway).
The patch is easier to understand by looking
at the completed patched fruit_check_access()
function, rather than trying to look at the
diff.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit
3204dc66f6801a7c8c87c48f601e0ebdee9e3d40)
Jeremy Allison [Fri, 18 Jan 2019 22:24:30 +0000 (14:24 -0800)]
smbd: uid: Don't crash if 'force group' is added to an existing share connection.
smbd could crash if "force group" is added to a
share definition whilst an existing connection
to that share exists. In that case, don't change
the existing credentials for force group, only
do so for new connections.
Remove knownfail from regression test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jan 25 16:31:27 CET 2019 on sn-devel-144
(cherry picked from commit
e37f9956c1f2416408bad048a4618f6366086b6a)
Jeremy Allison [Thu, 24 Jan 2019 18:15:56 +0000 (10:15 -0800)]
s3: tests: Add regression test for smbd crash on share force group change with existing connection.
Mark as known fail for now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
7b21b4c1f538650f23ec77fb3c02fe1e224d89aa)
David Disseldorp [Tue, 29 Jan 2019 00:55:04 +0000 (01:55 +0100)]
printing: check lp_load_printers() prior to pcap cache update
Avoid explicit and housekeeping timer triggered printcap cache updates
if lp_load_printers() is disabled.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13766
Signed-off-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Feb 1 19:25:03 CET 2019 on sn-devel-144
(cherry picked from commit
6a77237c50dd258521f356af0b5dc9942dd5592e)
David Disseldorp [Tue, 29 Jan 2019 00:50:15 +0000 (01:50 +0100)]
printing: drop pcap_cache_loaded() guard around load_printers()
Add the pcap_cache_loaded() check to load_printers() and return early
if it returns false. This simplifies callers in preparation for checking
lp_load_printers() in the printcap cache update code-path.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13766
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit
0ae7c3144a30910adb1e54cf46d54d42a1036839)
Günther Deschner [Tue, 15 Jan 2019 13:26:17 +0000 (14:26 +0100)]
s3-smbd: use fruit:model string for mDNS registration
With this change we now allow to modify the icon to represent Samba in
Finder. Possible values are at least:
fruit:model = iMac
fruit:model = MacBook
fruit:model = MacPro
fruit:model = Xserve
fruit:model = RackMac
Prior to this change we only displayed the correct icon when a mac
client negotiated the apple create context over SMB.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13746
Based on proposed patch from Rouven WEILER <Rouven_Weiler@gmx.net>
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Jan 15 21:27:20 CET 2019 on sn-devel-144
(cherry picked from commit
538ce72f1b2fa78450e3b711e58bd0e238faf466)
Andrew Bartlett [Fri, 1 Feb 2019 01:41:18 +0000 (14:41 +1300)]
ldb: Release ldb 1.5.3
* Avoid inefficient one-level searches (bug 13762)
* The test api.py should not rely on order of entries in dict (bug 13772)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13772
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit
5e716c0256a6bec92e7855ccfc077a328320f2ea)
Autobuild-User(v4-10-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-10-test): Wed Feb 13 16:24:32 CET 2019 on sn-devel-144
Andrew Bartlett [Fri, 1 Feb 2019 01:22:17 +0000 (14:22 +1300)]
ldb: Add even more comments on what strict does to the list intersections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit
e7f524fd2128aacb82e980652af8eb6fd275e1a8)
Tim Beale [Thu, 10 Jan 2019 01:25:06 +0000 (14:25 +1300)]
ldb: Rename variable
The old name confused me because it's not really related to the
one-level index at all. It's the result from evaluating the indexed
search specified in the ac->tree.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
57a565b2fd680fc1a34f4ab91c6f6314f68ef67f)
Tim Beale [Thu, 10 Jan 2019 01:19:19 +0000 (14:19 +1300)]
ldb: Elaborate on ldb_kv_search_indexed() comments
Disclaimer: this is based on my limited understanding of what the code
is doing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
132600685b8c5d4964f20634cd7a64b14f41cfa7)
Tim Beale [Thu, 10 Jan 2019 00:53:47 +0000 (13:53 +1300)]
ldb: Remove comment that no longer makes sense
This comment was written before the GUID_index_attribute block of code
existed. So we now *do* load the index values and *do* check for a
strict intersect, so the comment is redundant.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
72928444823c5b18ac9ef98e7432c999d70aa571)
Tim Beale [Thu, 10 Jan 2019 00:34:18 +0000 (13:34 +1300)]
ldb: Avoid inefficient one-level searches
Commit
88ae60ed186c9 introduced a problem that made one-level
searches inefficient if there were a lot of child objects in the same
level, and the requested object didn't exist. Basically, it ignored the
case where ldb_kv_index_dn() returned LDB_ERR_NO_SUCH_OBJECT, i.e. the
indexed lookup was successful, but didn't find a match. At which point,
there was no more processing we needed to do.
The behaviour after
88ae60ed186c9 was to fall-through and run the
ldb_kv_index_filter() function over *all* the children. This still
returned the correct result, but could be costly if there were a lot of
children.
The case
88ae60ed186c9 was trying to fix was where we could not do
an indexed search (e.g. trying to match on a 'attribute=*' filter). In
which case we want to ignore the LDB_ERR_OPERATIONS_ERROR and just run
ldb_kv_index_filter() over all the children. This is still more
efficient than the fallback of doing a full database scan.
This patch adds in a short-circuit for the NO_SUCH_OBJECT case, so we
can skip the unnecessary ldb_kv_index_filter() work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
9a893f9613bd6440abd8e487d22a39ab5b82a7b9)
Karolin Seeger [Wed, 6 Feb 2019 08:00:43 +0000 (09:00 +0100)]
VERSION: Bump version up to 4.10.0rc2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 6 Feb 2019 07:59:54 +0000 (08:59 +0100)]
VERSION: Diable GIT_SNAPSHOT for the 4.10.0rc2 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 6 Feb 2019 07:57:04 +0000 (08:57 +0100)]
WHATSNEW: Add release notes for Samba 4.10.0rc2.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Anoop C S [Wed, 23 Jan 2019 10:10:43 +0000 (15:40 +0530)]
s3-vfs: Use ENOATTR in errno comparison for getxattr
* ENODATA is not defined in FreeBSD
* ENOATTR is defined to be a synonym for ENODATA in Linux
* In its absence Samba already defines ENOATTR to either
ENODATA or ENOENT
Thus it is safe and correct to compare with ENOATTR rather
than ENODATA.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13774
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 23 21:59:10 CET 2019 on sn-devel-144
(cherry picked from commit
c99402724a65f4e1f8ed4dcd236a43e0603bef0a)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Tue Feb 5 23:59:06 CET 2019 on sn-devel-144
Günther Deschner [Thu, 17 Jan 2019 14:21:07 +0000 (15:21 +0100)]
s3-vfs: add glusterfs_fuse vfs module.
This module only implements the get_real_filename function by accessing
a distinct extended attribute that is available over a glusterfs fuse
mount.
By implementing this vfs function users of a glusterfs fuse mount
achieve a much better performance in create based workloads where samba
then can avoid trying multiple case folding options to detect the real
filename.
Patch is based on an initial patch provided by
Poornima G <pgurusid@redhat.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13774
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Jan 22 18:37:56 CET 2019 on sn-devel-144
(cherry picked from commit
adffe0dcf002aa4721dc7897261895e3486d5271)
Stefan Metzmacher [Thu, 17 Jan 2019 22:50:45 +0000 (23:50 +0100)]
selftest:Samba4: use 'smbcontrol samba shutdown'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 30 01:51:48 CET 2019 on sn-devel-144
(cherry picked from commit
d03991f569b54ae0a11911b622107fbae701715d)
Stefan Metzmacher [Thu, 17 Jan 2019 15:27:10 +0000 (16:27 +0100)]
s4:server: add support for 'smbcontrol samba shutdown'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
(cherry picked from commit
832776c0fcf7cc658c128765514755c2d15b06a6)
Stefan Metzmacher [Mon, 28 Jan 2019 15:29:51 +0000 (16:29 +0100)]
s4:server: avoid using pid=0 for the parent 'samba' process
It confuses the 'samba-tool processes' output and log messages.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
(cherry picked from commit
5bd7a8e5685caa09067745b108ef7e53e3108e97)
Stefan Metzmacher [Tue, 15 Jan 2019 00:39:06 +0000 (01:39 +0100)]
s4:messaging: add support 'smbcontrol <pid> debug/debuglevel'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
(cherry picked from commit
3a0c1da432c53de234b54bac90a3fb84534994eb)
Stefan Metzmacher [Thu, 17 Jan 2019 15:29:37 +0000 (16:29 +0100)]
manpages/samba.7.xml: smbcontrol can also work with 'samba'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
(cherry picked from commit
12b9adec3ff48f4356f9ff865891dc3c652ff86b)
Jeremy Allison [Tue, 22 Jan 2019 17:24:35 +0000 (09:24 -0800)]
libcli: dns: Change internal DNS_REQUEST_TIMEOUT from 2 to 10 seconds.
Should make us more robust when dealing with slow DNS servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13750
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 22 23:37:16 CET 2019 on sn-devel-144
(cherry picked from commit
36c42e6d629a0d4b0e5c60bdd68e08a8e60c477a)
Jeremy Allison [Tue, 15 Jan 2019 16:45:26 +0000 (08:45 -0800)]
python: dns_hub: Fix indentation of 'raise' on error.
Remove second socket.sendto().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13750
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
dd231a16a338cfe63d12cadf0fc3e2ebe7cac828)
Tim Beale [Wed, 16 Jan 2019 02:37:00 +0000 (15:37 +1300)]
join: Throw CommandError instead of Exception for simple errors
Throwing an exception here still dumps out the Python stack trace, which
can be a little disconcerting for users.
In this case, the stack trace isn't going to really help at all (the
problem is pretty obvious), and it obscures the useful message
explaining what went wrong.
Throw a CommandError instead, which samba-tool will catch and display
more nicely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Jeremy Allison <rpenny@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 16 22:11:04 CET 2019 on sn-devel-144
(cherry picked from commit
9e4b08f4c384b8cae5ad853a7be7cf03e2749be5)
Tim Beale [Wed, 16 Jan 2019 02:17:38 +0000 (15:17 +1300)]
join: Fix TypeError when handling exception
When we can't resolve a domain name, we were inadvertently throwing a
TypeError whilst trying to output a helpful message. E.g.
ERROR(<class 'TypeError'>): uncaught exception - 'NTSTATUSError' object
does not support indexing
Instead of indexing the object, we want to index the Exception.args so
that we just display the string portion of the exception error.
The same problem is also present for the domain trust commands.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Jeremy Allison <rpenny@samba.org>
(cherry picked from commit
3bb7808984c163a7bba66fb983411d1281589722)
Anoop C S [Tue, 20 Mar 2018 06:02:20 +0000 (11:32 +0530)]
vfs_glusterfs: Adapt to changes in libgfapi signatures
VFS module for GlusterFS fails to compile due to recent changes done to
some API signatures. Therefore adding missing arguments to those APIs
adapting to new signatures.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13330
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Feb 3 17:00:33 CET 2019 on sn-devel-144
(cherry picked from commit
0e3eda5bab5ae9316a42725aea048fb350020ec7)
Günther Deschner [Tue, 22 Jan 2019 10:18:20 +0000 (11:18 +0100)]
WHATSNEW: fix typo.
Guenther
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13757
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Anoop C S [Mon, 21 Jan 2019 08:54:49 +0000 (14:24 +0530)]
WHATSNEW: Add missing parenthesis
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13757
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Volker Lendecke [Mon, 14 Jan 2019 14:04:59 +0000 (15:04 +0100)]
ctdb: Print locks latency in machinereadable stats
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13742
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 16 05:34:17 CET 2019 on sn-devel-144
(cherry picked from commit
193a0d6f01372604b925d1972591062a0bb2400f)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Mon Feb 4 13:09:49 CET 2019 on sn-devel-144
Tim Beale [Mon, 21 Jan 2019 22:08:13 +0000 (11:08 +1300)]
WHATSNEW: Update for Bug 13676 changes in Samba 4.10
Although it's unlikely that users will be using the 'smb' Python
bindings, it's probably worth noting in the release notes that these
bindings will be deprecated in future releases.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Tim Beale [Wed, 16 Jan 2019 20:41:21 +0000 (09:41 +1300)]
netcmd: Try to improve domain backup error message
I ran this command as non-root by mistake and didn't find the error
message particularly helpful. Tweak the error message so it reminds the
user that they should be root. Also display the path we're looking for
the sam.ldb file in, to give them more clues.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Jan 21 16:34:06 CET 2019 on sn-devel-144
(cherry picked from commit
10e54a095f005c0988a7e5e8a35cea6200197854)
Tim Beale [Tue, 15 Jan 2019 21:02:07 +0000 (10:02 +1300)]
tests: Run ntacls_backup tests against testenv with SMBv1 disabled
Just to prove that the NTACL backup works over SMBv2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
7fb93eaca74ffe17bbe7255210dd3090afe8d5dc)
Tim Beale [Thu, 13 Dec 2018 03:29:33 +0000 (16:29 +1300)]
selftest: Give the backup testenvs a 'test1' share
The ntacls_backup tests use the test1 share, and we want to run them
against the restoredc (which has SMBv1 disabled).
The xattr.tdb file is needed for the backend_obj.wrap_getxattr() call
(in ntacls.py) to work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a310de2db13c02a602e74139cb47ea9a25628e01)
Tim Beale [Tue, 15 Jan 2019 04:12:20 +0000 (17:12 +1300)]
tests: Run GPO commands against testenv with SMBv1 disabled
Just to prove that they work across SMBv2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
da33c2c4e4849f0985b08fbdc58cbd59b8426ec6)
Tim Beale [Tue, 15 Jan 2019 01:09:15 +0000 (14:09 +1300)]
ntacls: Pass correct use_ntvfs through to setntacl()
We were already checking the smb.conf to see if it uses the NTVFS file
server or the default smbd server. However, we weren't passing this
through to the setntacl() call.
This fixes the problem we noticed with 'samba-tool gpo aclcheck' failing
after a restore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
f3fe96fc2e2d942b4a2e241777b5ee12b2295b97)
Tim Beale [Fri, 11 Jan 2019 02:09:48 +0000 (15:09 +1300)]
tests: Run samba_tool.gpo tests against backup testenvs
Run the GPO tests against the backup/restore testenvs.
Because the backup/restore preserves the NTACLs of the sysvol files,
running the GPO tests against the backup testenvs is a good sanity-
check. If fact it highlights that there is currently a problem with
restoring the GPO files - this shows up in 'samba-tool gpo aclcheck',
but we never noticed it until now.
NTACL backup works slightly different for offline backups, and rename
backups end up with more sysvol files, so run the tests against both
these envs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
2a7372da7b84921b247cefc23d7003b8056d74a4)
Tim Beale [Fri, 11 Jan 2019 02:57:21 +0000 (15:57 +1300)]
s4:pysmb: Add error log that the s4 bindings are deprecated
We plan to delete the s4 SMB Python bindings in the next Samba release
after v4.10, but first give external consumers a heads-up, just in case
they are currently using the s4 bindings.
Note the auth_log tests still use the s4 bindings, but all user-facing
tools should now be updated to use the s3 bindings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
6a29e63f32c0024587020fc1f92b3d1ecaa0afbc)
Tim Beale [Fri, 11 Jan 2019 01:53:16 +0000 (14:53 +1300)]
netcmd: Change GPO commands to use s3 SMB Py bindings
This means we can now use GPO commands on a DC that has SMBv1 disabled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
08f1627cb3fa1c9ff7a0f74e32874d305647dc42)
Tim Beale [Fri, 11 Jan 2019 01:25:32 +0000 (14:25 +1300)]
s3:pylibsmb: Add FILE_READ_ATTRIBUTES access to .loadfile() API
Add FILE_READ_ATTRIBUTES when opening the file handle, as we need to
read the file's size.
The .loadfile() API can end up calling cli_qfileinfo_basic() to get the
file size. This can end up doing a 'FILE_ALL_INFORMATION' SMBv2 request
underneath, which the MS-SMB2 spec (section 3.3.5.20.1 Handling
SMB2_0_INFO_FILE) says the file handle must have FILE_READ_ATTRIBUTES
access granted.
I noticed this problem when running .loadfile() against the NTVFS
server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
0304b08de5ba1b4a6e08568a559c52f7d9e943d3)
Tim Beale [Tue, 8 Jan 2019 02:10:46 +0000 (15:10 +1300)]
netcmd: Change SMB flags from s4 Py bindings to s3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
345746ea5f4cca2620421ac0c8a649a596f5c19d)
Tim Beale [Tue, 8 Jan 2019 01:42:05 +0000 (14:42 +1300)]
s3:pylibsmb: Add .set_acl API to SMB py bindings
This is pretty similar code to py_smb_getacl(), except it's calling
cli_set_security_descriptor() instead of cli_query_security_descriptor()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b982811b60521624f1f600841ffa05e306eb936a)
Tim Beale [Thu, 13 Dec 2018 21:37:11 +0000 (10:37 +1300)]
python/gpclass: Convert gpclass to use s3 SMB Python bindings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3b2e86bba1f6b22b144b07db454b842f0c0779ae)
Justin Stephenson [Mon, 14 Jan 2019 15:36:47 +0000 (10:36 -0500)]
s3:libsmb: Honor disable_netbios option in smbsock_connect_send
If disable_netbios is set, return before the tevent timer is triggered
to prevent outgoing netbios connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
c324f84a2fa25e29d2f7879fbcd35ce0e76a78f8)
Karolin Seeger [Tue, 15 Jan 2019 10:02:10 +0000 (11:02 +0100)]
VERSION: Bump version up to 4.10.0rc2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(replaces commit
75106e05b42e5d4629aacfa941213745d9d6e819)
Karolin Seeger [Tue, 15 Jan 2019 10:01:07 +0000 (11:01 +0100)]
VERSION: Bump version up to 4.10.0rc1...
and disable GIT_SNAPSHOT for the release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(replaces commit
9537e5d2a14a35bcba659d679d2d156de6c678cc)
Karolin Seeger [Tue, 15 Jan 2019 09:59:52 +0000 (10:59 +0100)]
WHATSNEW: Add release note for Samba 4.10.0rc1.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(replaces commit
3f4bd61b8408f8d97817023f07de20746ce54f90)
Stefan Metzmacher [Mon, 14 Jan 2019 22:41:49 +0000 (23:41 +0100)]
ldb: version 1.5.2
* Build fixes
* dirsync: Allow arbitrary length cookies
(bug #13686)
* The build uses python3 by default:
* --extra-python would take python2 now
* To build with python2 only use:
PYTHON=python2 ./configure
PYTHON=python2 make
PYTHON=python2 make install
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Stefan Metzmacher [Mon, 14 Jan 2019 22:40:36 +0000 (23:40 +0100)]
tevent: version 0.9.38
* Deprecate tevent wrapper api again
* Build fixes
* The build uses python3 by default:
* --extra-python would take python2 now
* To build with python2 only use:
PYTHON=python2 ./configure
PYTHON=python2 make
PYTHON=python2 make install
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Stefan Metzmacher [Mon, 14 Jan 2019 22:40:05 +0000 (23:40 +0100)]
talloc: version 2.1.15
* Deprecate talloc_set_memlimit() and talloc_autofree_context()
* Fix undefined behavior in talloc_memdup
* The build uses python3 by default:
* --extra-python would take python2 now
* To build with python2 only use:
PYTHON=python2 ./configure
PYTHON=python2 make
PYTHON=python2 make install
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Stefan Metzmacher [Tue, 15 Jan 2019 10:23:20 +0000 (11:23 +0100)]
Merge remote-tracking branch 'origin/v4-10-test' into HEAD
This is a noop just to get the history of origin/v4-10-test
inline with master before the real 4.10.0rc1.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Karolin Seeger [Tue, 15 Jan 2019 10:19:46 +0000 (11:19 +0100)]
Revert "WHATSNEW: Add release note for Samba 4.10.0rc1."
This reverts commit
3f4bd61b8408f8d97817023f07de20746ce54f90.
Karolin Seeger [Tue, 15 Jan 2019 10:19:43 +0000 (11:19 +0100)]
Revert "VERSION: Bump version up to 4.10.0rc1..."
This reverts commit
9537e5d2a14a35bcba659d679d2d156de6c678cc.
Karolin Seeger [Tue, 15 Jan 2019 10:19:40 +0000 (11:19 +0100)]
Revert "VERSION: Bump version up to 4.10.0rc2..."
This reverts commit
75106e05b42e5d4629aacfa941213745d9d6e819.
Volker Lendecke [Wed, 3 Jan 2018 15:22:24 +0000 (16:22 +0100)]
addns: Async ads_dns_lookup_ns
Use dns_lookup_send/recv to get NS records
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jan 15 11:16:00 CET 2019 on sn-devel-144
Karolin Seeger [Tue, 15 Jan 2019 10:02:10 +0000 (11:02 +0100)]
VERSION: Bump version up to 4.10.0rc2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 15 Jan 2019 10:01:07 +0000 (11:01 +0100)]
VERSION: Bump version up to 4.10.0rc1...
and disable GIT_SNAPSHOT for the release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 15 Jan 2019 09:59:52 +0000 (10:59 +0100)]
WHATSNEW: Add release note for Samba 4.10.0rc1.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Volker Lendecke [Wed, 3 Jan 2018 12:26:54 +0000 (13:26 +0100)]
addns: Async ads_dns_lookup_srv
Use dns_lookup_send/recv to get SRV records. This avoids synchronous libresolv
calls and provides the infrastructure to get dsgetdcname async.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 3 Jan 2019 15:44:45 +0000 (16:44 +0100)]
samba_dnsupdate: With dns_hub, we don't need resolv_wrap
Best viewed with git show -b
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 2 Jan 2019 20:24:34 +0000 (21:24 +0100)]
selftest: Use dns_hub's resolv.conf
Pass it as RESOLV_CONF envvar everywhere
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 2 Jan 2019 13:18:44 +0000 (14:18 +0100)]
selftest: Add dns_hub deps
All the DCs want the dns forwarder
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 6 Feb 2018 08:46:41 +0000 (09:46 +0100)]
selftest: setup_dns_hub
Start the central dns forwarder on interface 64
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 12 Jan 2018 14:53:03 +0000 (15:53 +0100)]
selftest: add central dns forwarder
This is a small DNS server that has hard redirects to the different domain
controllers based on domain names. This is required because future commits will
avoid calling into libresolv's code which resolv_wrapper takes care of.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 10 Jan 2019 15:54:41 +0000 (16:54 +0100)]
libcli/dns: Add dns_res_rec_get_sockaddr
Pull the address from a res_rec if it's there
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Jan 2018 15:05:35 +0000 (16:05 +0100)]
libcli/dns: clidns must depend on ndr_standard, not on NDR_DNS
Otherwise we can't link this into other libraries
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Jan 2018 16:06:53 +0000 (17:06 +0100)]
libcli/dns: Make "clidns" a library
This will be linked into the SAMBA_LIBRARY "addns" in the next step. Because
the other user, "dnsserver_common", is also a library, we can't link this as a
subsystem anymore.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Jan 2018 19:58:05 +0000 (20:58 +0100)]
dns_lookup: Let make test override the resolv.conf location
Make this a separate commit: That is the feature that libc unfortunately does
not give us.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 2 Jan 2018 12:56:56 +0000 (13:56 +0100)]
libcli/dns: Add dns_lookup
Wrapper function to parse resolv.conf and talk to multiple nameservers. This is
the code where we might want to add a "working nameserver" cache. glibc always
looks at the first configured nameserver. If that's dead, glibc runs into a
timeout and only then asks the second one that might succeed. When more than
one dns query is to be performed, these timeouts add up.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 1 Jan 2018 18:35:46 +0000 (19:35 +0100)]
libcli/dns: Add resolv.conf parsing
Right now this only looks at the nameserver setting. It is initally made for
asynchronous AD DC lookup routines, where we don't need the "search", "domain"
and other settings. When we convert general "net", "smbclient" and others to
use this, we might either add "domain" handling to this code or look at
something like c-ares which already does it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 19 Dec 2018 13:16:38 +0000 (14:16 +0100)]
dns_update: samba_dnsupdate's exit code is not an errno
This avoids confusing messages, samba_dnsupdate returns the number of
failed updates
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 11 Jan 2019 13:18:53 +0000 (14:18 +0100)]
addns: Centralize siteless lookup fallback
We had the same logic 3 times, coalesce into one
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Wuerthner [Thu, 10 Jan 2019 13:28:14 +0000 (14:28 +0100)]
vfs_fileid: fix get_connectpath_ino
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13741
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 15 04:13:15 CET 2019 on sn-devel-144
Ralph Boehme [Mon, 14 Jan 2019 12:51:23 +0000 (13:51 +0100)]
s3:smbd: perform impersonation in smb2_query_directory_fetch_write_time_done()
This is not strictly required, as we ne never trigger additional VFS
requests via this codepath. But for safety reasons ensure we're running
in the correct impersonation state.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jan 14 22:30:24 CET 2019 on sn-devel-144
Ralph Boehme [Mon, 14 Jan 2019 12:51:23 +0000 (13:51 +0100)]
s3:smbd: perform impersonation in smb2_query_directory_dos_mode_done()
This is needed as the callback might be called in an arbitrary
impersonation state.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 14 Jan 2019 12:51:23 +0000 (13:51 +0100)]
s3:smbd: perform impersonation in dos_mode_at_vfs_get_dosmode_done()
This is needed as the callback might be called in an arbitrary
impersonation state.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 14 Jan 2019 12:54:29 +0000 (13:54 +0100)]
vfs_default: use change_to_user_by_fsp() instead of change_to_user()
Cosmetic change.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 14 Jan 2019 12:51:23 +0000 (13:51 +0100)]
vfs: perform impersonation in smb_vfs_call_getxattrat_done()
This is needed as the callback might be called in an arbitrary
impersonation state.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 14 Jan 2019 12:52:51 +0000 (13:52 +0100)]
vfs: use struct initializer in smb_vfs_call_getxattrat_send()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 14 Jan 2019 12:51:23 +0000 (13:51 +0100)]
vfs: perform impersonation in smb_vfs_call_get_dos_attributes_done()
This is needed as the callback might be called in an arbitrary
impersonation state.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 14 Jan 2019 12:50:31 +0000 (13:50 +0100)]
vfs: use struct initializer in smb_vfs_call_get_dos_attributes_send
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Tim Beale [Thu, 13 Dec 2018 04:31:23 +0000 (17:31 +1300)]
netcmd: Change domain backup commands to use s3 SMB Py bindings
This means we can now backup a DC that has SMBv1 disabled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Mon Jan 14 06:49:09 CET 2019 on sn-devel-144
Tim Beale [Thu, 13 Dec 2018 03:05:36 +0000 (16:05 +1300)]
tests: Change ntaclsbackup tests over to use s3 Py bindings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Tim Beale [Wed, 12 Dec 2018 03:14:43 +0000 (16:14 +1300)]
s3:pylibsmb: Add .get_acl() API to SMB py bindings
There is no obvious async-equivalent of cli_query_security_descriptor(),
so it will throw an error if anyone tries to use it in multi-threaded
mode. Currently only samba-tool and tests use the (s4) .get_acl() API,
both of which will be fine using the synchronous API.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Noel Power [Mon, 12 Nov 2018 16:06:10 +0000 (16:06 +0000)]
lib/ldb: Use new PYARG_ES format for parseTuple
While 'es' format works great for unicode (in python2) and
str (in python3) The behaviour with str (in python2) is unexpected.
In python2 the str type is (re-encoded) with the specified encoding.
In python2 the 'et' type would be a better match, that ensures 'str'
type is treated like it was with 's' (no reencoding) and unicode is
encoded with the specified encoding. However in python3 'et' allows
byte (or bytearray) params to be accepted (with no reencoding), we
don't want this. This patch adds a new PYARG_STR_UNI format code which
is a hybrid, in python2 it evaluates to 'et' and in python3 'es' and
so gives the desired behaviour for each python version.
Additionally remove the associated known fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13616
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sun Jan 13 03:53:00 CET 2019 on sn-devel-144
Noel Power [Mon, 12 Nov 2018 17:56:46 +0000 (17:56 +0000)]
selftest: Enable ldb.python for PY3
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Noel Power [Mon, 12 Nov 2018 17:42:51 +0000 (17:42 +0000)]
lib/ldb/tests/python: Add test to pass utf8 encoded bytes to ldb.Dn
This test should demonstrate an error with the 'es' format in python
where a 'str' byte-string is passed (containing utf8 encoded bytes)
with some characters that cannot be decoded as ascii. The same
code if run in python3 should generate an error (needs string not
bytes)
Also Add knownfail for ldb.Dn passed utf8 encoded byte string
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Noel Power [Tue, 11 Dec 2018 15:58:44 +0000 (15:58 +0000)]
s4/libnet: use 'et' as format for ParseTuple with python2
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Noel Power [Tue, 11 Dec 2018 15:58:07 +0000 (15:58 +0000)]
python: use 'et' as format for ParseTuple with python2
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Noel Power [Tue, 11 Dec 2018 15:32:11 +0000 (15:32 +0000)]
auth/credentials: use 'et' as format for ParseTuple with python2
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Noel Power [Tue, 11 Dec 2018 15:18:10 +0000 (15:18 +0000)]
python: Add new compat PYARG_STR_UNI format
In python2 PYARG_STR_UNI evaluates to et which allows str type
(e.g bytes) pass through unencoded and accepts unicode objects
encoded as utf8
In python3 PYARG_STR_UNI evaluates to es which allows str type
encoded as named/specified encoding
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Noel Power [Fri, 9 Nov 2018 16:47:00 +0000 (16:47 +0000)]
python: Fix memory leak with ParseTuple (using 'es' format)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>