Andrew Bartlett [Mon, 25 Jun 2018 04:43:38 +0000 (16:43 +1200)]
dsdb: Use customary variable names for the audit private context
The variable name "ac" typically implies the async context, and the long-life
private context is normally denoted private, not context. This aligns better
with other modules.
talloc_get_type_abort() is now also used.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Mon, 25 Jun 2018 04:23:00 +0000 (16:23 +1200)]
dsdb: Use customary variable names for audit event contexts
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Mon, 25 Jun 2018 03:42:42 +0000 (15:42 +1200)]
dsdb: Use correct memory context for imessaging_client_init() in audit logging
This is only used for selftest, to send out the log messages for checking.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Mon, 25 Jun 2018 02:52:59 +0000 (14:52 +1200)]
audit_logging: Remove duplciate error printing
These errors are already logged at DBG_NOTICE in get_event_server()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Mon, 25 Jun 2018 02:52:19 +0000 (14:52 +1200)]
audit_logging: Initialise event_server
It is better if this is a known zero value to start, even if we check the errors
correctly.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Mon, 25 Jun 2018 02:51:35 +0000 (14:51 +1200)]
audit_logging: Remove incorrect check for NT_STATUS_OBJECT_NAME_NOT_FOUND
NT_STATUS_OBJECT_NAME_NOT_FOUND is not a case we can ignore, it would mean that event_server
is not initialised.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Mon, 25 Jun 2018 02:48:27 +0000 (14:48 +1200)]
audit_logging: Clarify debug messages
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Thu, 21 Jun 2018 17:32:29 +0000 (05:32 +1200)]
autobuild: Build samba-fileserver --without-json-audit
This build target is already --without-ad-dc and is the one we need to ensure is
compatible with a host without the Jansson JSON library.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jun 26 02:03:30 CEST 2018 on sn-devel-144
Andrew Bartlett [Thu, 21 Jun 2018 17:18:52 +0000 (05:18 +1200)]
dsdb: Ensure a build --without-json-audit --without-ad-dc compiles
We still build some of the ldb_modules even when we are not a DC, so we must
split up the DSDB_MODULE_HELPERS.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Thu, 21 Jun 2018 17:39:08 +0000 (05:39 +1200)]
lib/audit_logging: Only build audit_logging_test for --enable-selftest on the AD DC
This allows a --without-ad-dc --enable-selftest build to compile, still testing some
fileserver-only features.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Thu, 21 Jun 2018 16:50:09 +0000 (04:50 +1200)]
lib/audit_logging: Require jansson JSON library for building the AD DC
This combination is untested and it is reasonable to require this
broadly available library for the AD DC build.
Doing so keeps the combinational complexity down and ensures we test
what we ship. (It was failing to compile).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Thu, 21 Jun 2018 16:47:10 +0000 (04:47 +1200)]
build: Move --without-json-audit and json lib detection to lib/audit_logging
This is the common location of the audit logging code now
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Gary Lockyer [Wed, 6 Jun 2018 13:30:44 +0000 (15:30 +0200)]
dsdb: Log the transaction duraton.
This is not a general purpose profiling solution, but these JSON
logs are already being generated and stored, so this is worth adding.
This will allow administrators to identify long running
transactions, and identify potential performance bottlenecks.
This complements a similar patch set to log authentication duration.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 25 11:16:18 CEST 2018 on sn-devel-144
Andrew Bartlett [Sun, 10 Jun 2018 11:00:34 +0000 (13:00 +0200)]
auth: For NTLM and KDC authentication, log the authentication duration
This is not a general purpose profiling solution, but these JSON logs are already being
generated and stored, so this is worth adding.
Some administrators are very keen to know how long authentication
takes, particularly due to long replication transactions in other
processes.
This complements a similar patch set to log the transaction duration.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Fri, 22 Jun 2018 14:25:10 +0000 (16:25 +0200)]
talloc_stack: Call talloc destructors while frame is still around
This fixes "samba-tool ntacl set -d10"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 23 04:56:44 CEST 2018 on sn-devel-144
Andrej Gessel [Tue, 19 Jun 2018 08:07:51 +0000 (10:07 +0200)]
check return value before using key_values
there are also mem leaks in this function
Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrej Gessel [Fri, 15 Jun 2018 09:02:15 +0000 (11:02 +0200)]
ldb: check return values
Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Tue, 19 Jun 2018 22:09:41 +0000 (15:09 -0700)]
krb5_wrap: fix keep_old_entries logic for older kerberos libraries
MIT kerberos 1.13 and older only stores 8 bits of the KVNO. The change
from commit
35b2fb4ff32 resulted in breakage for these kerberos
versions: 'net ads keytab create' reads a large KVNO from AD, and only
the lower 8 bits are stored. The next check then removed the entry again
as the 8 bit value did not match the currently valid KVNO.
Fix this by limiting the check to only 8 bits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13478
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Sat Jun 23 00:57:47 CEST 2018 on sn-devel-144
Swen Schillig [Wed, 7 Mar 2018 13:40:33 +0000 (14:40 +0100)]
ctdb-common: replace talloc / memcpy by talloc_memdup
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Jun 22 11:57:19 CEST 2018 on sn-devel-144
Andreas Schneider [Fri, 15 Jun 2018 12:59:00 +0000 (14:59 +0200)]
krb5_plugin: Add winbind localauth plugin for MIT Kerberos
Applications (like OpenSSH) don't know about users and and
their relationship to Kerberos principals. This plugin allows that
Kerberos principals can be validated against local user accounts.
Administrator@WURST.WORLD -> WURST\Administrator
https://web.mit.edu/kerberos/krb5-latest/doc/plugindev/localauth.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13480
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 21 15:52:02 CEST 2018 on sn-devel-144
Jeremy Allison [Wed, 20 Jun 2018 21:49:33 +0000 (14:49 -0700)]
s3: smbd: Don't use getcwd() directly. We must always go through the VFS.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 20 Jun 2018 09:38:28 +0000 (11:38 +0200)]
s3:winbind: Fix regression introduced with bso #12851
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12851
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 21 01:03:52 CEST 2018 on sn-devel-144
Andreas Schneider [Mon, 18 Jun 2018 08:43:53 +0000 (10:43 +0200)]
s3:smbget: Fix buffer truncation issues with gcc8
../source3/utils/smbget.c: In function ‘smb_download_file’:
../source3/utils/smbget.c:97:27: error: ‘b’ directive output may be truncated writing 1 byte into a region of size between 0 and 19 [-Werror=format-truncation=]
snprintf(buffer, l, "%jdb", (intmax_t)s);
^
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Mon, 18 Jun 2018 08:34:27 +0000 (10:34 +0200)]
s3:registry: Fix buffer truncation issues issues with gcc8
../source3/registry/reg_perfcount.c: In function ‘reg_perfcount_get_hkpd’:
../source3/registry/reg_perfcount.c:337:29: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation=]
snprintf(buf, buflen,"%d%s", key_part1, key_part2);
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Mon, 18 Jun 2018 08:24:06 +0000 (10:24 +0200)]
samdb: Fix build error with gcc8
../source4/dsdb/samdb/ldb_modules/samldb.c: In function ‘samldb_add’:
../source4/dsdb/samdb/ldb_modules/samldb.c:424:6: error: ‘found’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (found) {
^
../source4/dsdb/samdb/ldb_modules/samldb.c:348:11: note: ‘found’ was declared here
bool ok, found;
^~~~~
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Swen Schillig [Fri, 25 May 2018 08:40:54 +0000 (10:40 +0200)]
Possible memory leak in map_info3_to_validation
In case of a failing call to copy_netr_SamInfo3, the allocated memory
for "validation" needs to be free'd before returning.
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 20 21:05:40 CEST 2018 on sn-devel-144
Björn Baumbach [Tue, 19 Jun 2018 14:32:10 +0000 (16:32 +0200)]
heimdal: remove include/includedir directives for krb5.conf
The original heimdal code introduces a segmentation fault, due to an
uninitialized pointer. This code does not seem to be tested very well.
Revert "heimdal: Add include/includedir directives for krb5.conf"
This reverts commit
0a6e9b6c0e15fa6fe46acdd357d76b8df447317f.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Björn Baumbach <bbaumbach@samba.org>
Autobuild-Date(master): Wed Jun 20 17:48:16 CEST 2018 on sn-devel-144
Noel Power [Wed, 13 Jun 2018 11:51:50 +0000 (12:51 +0100)]
python/samba/netcmd: Fix NameError exception
Running make test TEST=samba4.drs.samba_tool_drs.python results in
BlackboxProcessError: Command '/tmp/samba-testbase/b12/samba/bin/samba-tool drs clone-dc-database samba.example.com --server=localdc -USAMBADOMAIN/Administrator%locDCpass1 --targetdir=/tmp/samba-testbase/b12/samba/bin/ab/tmp/tmpWPo8r3'; exit status 255; stdout: ''; stderr: 'ERROR(<type 'exceptions.NameError'>): uncaught exception - global name 'logging' is not defined
File "bin/python/samba/netcmd/__init__.py", line 177, in _run
return self.run(*args, **kwargs)
File "bin/python/samba/netcmd/drs.py", line 697, in run
logger.setLevel(logging.INFO)
'
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 20 04:08:53 CEST 2018 on sn-devel-144
Noel Power [Thu, 14 Jun 2018 14:32:03 +0000 (15:32 +0100)]
python/samba: enclose map.values with list (py2/py3)
Fix errors in samba.tests.samba_tool.visualize_drs that with python 3
will generate exception with messages something like
'can't iterate dict_values'
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Thu, 14 Jun 2018 14:48:36 +0000 (15:48 +0100)]
python/samba: Another object.next() to next(object) py2/py3 converstion
fix samba.tests.samba_tool.visualize_drs
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Mon, 28 May 2018 16:01:57 +0000 (17:01 +0100)]
python/samba/emulate: py2/py3 .next usage, replace with next() fn
Noel Power [Fri, 11 May 2018 15:37:44 +0000 (16:37 +0100)]
python/samba/tests: py2/py3 port has_keys usage
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Mon, 28 May 2018 15:56:00 +0000 (16:56 +0100)]
python/samab: py2/py3 string.upper(astring) -> astring.upper
Noel Power [Mon, 28 May 2018 15:22:25 +0000 (16:22 +0100)]
python/samba: Py2|Py3 compat, fix more missed exception tuple issues
Tim Beale [Sun, 17 Jun 2018 21:52:57 +0000 (09:52 +1200)]
tests: Increase PSO test timeouts to minimise failures
When PSOs exist in the DB, there is some extra overhead involved in user
logins (an extra expand-nested-groups operation for every user login).
Currently password_lockout tests are quite query-intensive - each call
to _check_account() does ~6 RPC operations/LDB searches (plus sleeps for
20 millisecs). Plus the actual user login attempt being tested. It looks
like the current test needs to do 3 login attempts/_check_account()
calls within a 2-second window. While the PSO test cases usually work
OK, sometimes they fail (presumably they take slightly longer and fall
outside this 2-second window). Presumably this is due to the cloud
instance's CPU being slightly more loaded when the test is run.
Long-term the plan is to refactor the user login so that the extra
expand-nested-groups operation is unnecessary for PSOs. In the
short-term, increase the window the test uses from 2 seconds to 3
seconds.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Sun, 17 Jun 2018 21:03:40 +0000 (09:03 +1200)]
tests: Increase minPwdAge used for PSO tests
The PSO minPwdAge test was using a 1 second timeout. While this seemed
to work fine most of the time, we did see a rackspace failure that was
presumably due to the test taking longer than 1-second to execute
(which resulted in the password not being correctly rejected).
This patch increases the minPwdAge used, to try to avoid this problem
happening.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Thu, 3 May 2018 09:47:44 +0000 (11:47 +0200)]
winbind: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 19 11:43:16 CEST 2018 on sn-devel-144
Volker Lendecke [Wed, 25 Apr 2018 10:05:37 +0000 (12:05 +0200)]
lib: Align integer types
Loop-variable and bound should be the same type
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 4 May 2018 19:02:41 +0000 (21:02 +0200)]
idmap_hash: Align integer types
Loop-variable and bound should be the same type
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Mon, 18 Jun 2018 13:22:18 +0000 (15:22 +0200)]
testparm: Remove warning from the last century
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Mon, 18 Jun 2018 11:46:32 +0000 (13:46 +0200)]
librpc/crypto: Fix a misleading comment
Probably cut&paste error
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jun 18 18:34:51 CEST 2018 on sn-devel-144
Nicolas Williams [Fri, 15 Jun 2018 12:45:38 +0000 (14:45 +0200)]
heimdal: Add include/includedir directives for krb5.conf
Cherry-pick of Heimdal commit
fe43be85587f834266623adb0ecf2793d212a7ca
Removed tests and documentation from original commit by
Björn Baumbach <bb@sernet.de>, since we do not ship them.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11573
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Björn Baumbach <bbaumbach@samba.org>
Autobuild-Date(master): Mon Jun 18 15:52:26 CEST 2018 on sn-devel-144
Björn Baumbach [Fri, 15 Jun 2018 12:33:40 +0000 (14:33 +0200)]
heimdal: small code adaption to cherry-pick heimdal commit
Check asprintf() return value.
Make use of krb5_enomem().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11573
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Jeffrey Altman [Thu, 16 Jun 2016 20:25:41 +0000 (16:25 -0400)]
heimdal: lib/krb5: do not fail set_config_files due to parse error
Follow Apple's lead and do not fail krb5_set_config_files() simply
because one of the files in the profile list fails to parse correctly.
Doing so can lead to hard to find failures and could lead to an end
user shooting themselves in the foot and no longer be able to login
to their system to fix it.
Parse as many of the files as we can. Only fail krb5_set_config_files()
if init_context_from_config_file() fails.
Change-Id: I122664c6d707a5f926643808ba414bf4f681f8b8
Cherry-pick of Heimdal commit
b7cf5e7caf9b270f4d4151d2690177b11a7a1bdf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11573
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: remove unused smbd_server_connection->ev_ctx
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jun 18 11:46:36 CEST 2018 on sn-devel-144
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: add an effective {smb,smbd_smb2}_request->ev_ctx that holds the event context used for the request processing
In future this will an impersonation wrapper tevent_context based on the
user session.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: add an effective connection_struct->user_ev_ctx that holds the event context used for the current user
This will be filled with an impersonation wrapper in the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: use sconn->root_ev_ctx for smbd_sig_{term,hup}_handler()
They already call change_to_root_user(), which can be removed
later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: use sconn->root_ev_ctx for brl_timeout_fn()
This already calls change_to_root_user(), which can be removed
later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: add smbd_server_connection->{root,guest}_ev_ctx pointer
For now these are just the same as smbd_server_connection->ev_ctx,
but this will change in future and we'll use impersonation wrappers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: use raw_ev_ctx to clear the MSG_SMB_CONF_UPDATED registration
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: explain that/why we use the raw tevent_context for linux_oplock_signal_handler()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: explain that/why we use the raw tevent_context for do_break_to_none()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: explain that/why we use the raw tevent_context for oplock_timeout_handler()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: explain that/why we use the raw tevent_context for lease_timeout_handler()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: explain that/why we use the raw tevent_context for update_write_time_handler()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
vfs_glusterfs: explain that/why we use the raw tevent_context in init_gluster_aio()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: add smbd_server_connection->raw_ev_ctx pointer
This will replace smbd_server_connection->ev_ctx in the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: use req->xconn->client->raw_ev_ctx for schedule_deferred_open_message_smb()
process_smb() will redo the impersonation anyway.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
s3:smb2_server: use req->xconn->client->raw_ev_ctx for smbd_smb2_request_dispatch_immediate()
smbd_smb2_request_dispatch() will redo the impersonation anyway,
so we don't use req->ev_ctx.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
s3:smb2_server: use req->xconn->client->raw_ev_ctx for smbd_smb2_request_pending_timer()
There's no need to use req->ev_ctx here just to do some network io.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 24 May 2018 05:18:10 +0000 (07:18 +0200)]
smbd: remove unused tevent_context argument from notify_init
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: replace xconn->msg_ctx with xconn->client->msg_ctx
This is the same pointer and we don't have a lot of callers,
so we can just use one pointer.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: replace xconn->ev_ctx with xconn->client->raw_ev_ctx
This is the same pointer and we don't have a lot of callers,
so we can just use one pointer.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
smbd: rename smbXsrv_client->ev_ctx into smbXsrv_client->raw_ev_ctx
That makes it clearer that no tevent_context wrapper is used here
and the related code should really run without any (active) impersonation
as before.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 22 Mar 2018 09:54:41 +0000 (10:54 +0100)]
vfs_default: maintain vfswrap_offload_write_state->{src_ev,dst_ev}
These get filled with impersonation wrappers in the following commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 23 May 2018 10:03:02 +0000 (12:03 +0200)]
vfs_default: make use of change_to_user_by_fsp() in order to switch between src and dst fsp
This may matter if at least one share uses "force user".
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 23 May 2018 10:03:02 +0000 (12:03 +0200)]
vfs_btrfs: make use of become_user_by_fsp() in order to switch between src and dst fsp
We can use become_user_by_fsp()/unbecome_user() as it spans only parts of
the btrfs_offload_write_send() function and never goes async in between.
This may matter if at least one share uses "force user".
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 23 May 2018 09:54:58 +0000 (11:54 +0200)]
smbd: add {become,change_to}_user_by_fsp() helper functions
This can be used if a request operates on two fsp's,
e.g. the offload_write_send/recv code.
This is important if (at least) one of
the shares uses "force user".
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 23 May 2018 10:40:21 +0000 (12:40 +0200)]
vfs_btrfs: don't keep state->subreq in btrfs_offload_write_send/recv()
This can be a local variable as used in most of our tevent_req based
code.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 23 May 2018 10:40:21 +0000 (12:40 +0200)]
vfs_btrfs: update s/btrfs_cc_state/btrfs_offload_write_state/ s/cc_state/state/
This matches our naming conventions used for tevent_req based functions.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 23 May 2018 09:37:52 +0000 (11:37 +0200)]
vfs_btrfs: remove unused checks which are already caught by vfs_offload_token_check_handles()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 23 May 2018 09:37:52 +0000 (11:37 +0200)]
vfs_default: remove unused checks which are already caught by vfs_offload_token_check_handles()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 25 May 2018 14:30:13 +0000 (16:30 +0200)]
smbd: avoid calling set_current_user_info() twice with .need_tcon (SMB2)
It's already called via change_to_user().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 25 May 2018 14:30:13 +0000 (16:30 +0200)]
smbd: avoid calling set_current_user_info() twice with AS_USER (SMB1)
It will be called via change_to_user().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 14 Jun 2018 09:22:31 +0000 (11:22 +0200)]
smbd: remove unused set_current_service()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 14 Jun 2018 09:18:13 +0000 (11:18 +0200)]
smbd: let switch_message() only call chdir_current_service() for SMBtdis/SMBexit
These are the two opcodes with DO_CHDIR, we don't want the
set_current_case_sensitive() logic for them,
so we don't need the full set_current_service() anymore.
The AS_USER case is already handled before, set_current_case_sensitive()
is called directly before change_to_user(), which already
calls chdir_current_service().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 13 Jun 2018 11:30:33 +0000 (13:30 +0200)]
smbd: call chdir_current_service() in change_to_user_internal() and pop_conn_ctx()
change_to_user() should be the one and only function for the whole
impersonation processing. So we also need to stack the
chdir_current_service() behaviour for become_user/unbecome_user,
so we may need to call vfs_ChDir(ctx_p->conn, ctx_p->conn->cwd_fname);
in pop_conn_ctx().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 14 Jun 2018 06:29:45 +0000 (08:29 +0200)]
smbd: remove set_current_service() from smbd_smb2_request_check_tcon()
The change_to_user() above already called chdir_current_service().
And for smb2 we don't have per packet conn->case_sensitive anyway.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 14 Jun 2018 06:29:45 +0000 (08:29 +0200)]
smbd: remove set_current_service() from defer_rename_done()
The change_to_user() above already called chdir_current_service().
And for smb2 we don't have per packet conn->case_sensitive anyway.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 14 Jun 2018 06:27:50 +0000 (08:27 +0200)]
smbd: call chdir_current_service() directly in smbXsrv_tcon_disconnect()
There's no need to worry about conn->case_sensitive here.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 14 Jun 2018 06:23:56 +0000 (08:23 +0200)]
smbd: remove useless set_current_service(NULL,0,True) from reload_services()
All this does is 'return false' as conn is NULL...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 14 Jun 2018 06:21:21 +0000 (08:21 +0200)]
smbd: use conn->lastused_count++ directly in process_blocking_lock_queue()
This avoids using set_current_service(), which will be removed shortly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 15 Jun 2018 16:40:11 +0000 (18:40 +0200)]
smbd: let create_conn_struct_as_root() fill in conn->origpath
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 15 Jun 2018 09:49:57 +0000 (11:49 +0200)]
smbd: make it possible to call vfs_ChDir(conn, conn->cwd_fname);
We should only TALLOC_FREE(old_cwd) at the successful end.
This also avoids calling cp_smb_filename() on the old value.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 14 Jun 2018 09:15:10 +0000 (11:15 +0200)]
smbd: call set_current_case_sensitive() before change_to_user() in switch_message()
change_to_user() will soon call chdir_current_service() and we should
make sure conn->case_sensitive is prepared before calling vfs_ChDir().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 14 Jun 2018 05:27:43 +0000 (07:27 +0200)]
smbd: remember that the tcon completely setup connection_struct
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 14 Jun 2018 05:26:14 +0000 (07:26 +0200)]
smbd: make it explicit that make_connection_snum() returns NT_STATUS_OK on success
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 25 May 2018 12:22:43 +0000 (14:22 +0200)]
smbd: call set_current_user_info() in change_to_user_internal() and pop_conn_ctx()
change_to_user() should be the one and only function for the whole
impersonation processing. So we also need to stack the
set_current_user_info() information for become_user/unbecome_user.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 12 Jun 2018 13:39:51 +0000 (15:39 +0200)]
smbd: move current_user caching to change_to_user_internal()
Note that (current_user.vuid == vuid) also works with
UID_FIELD_INVALID.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 12 Jun 2018 13:39:51 +0000 (15:39 +0200)]
smbd: simplify the logic in change_to_user()
We can return early if (vuser == NULL).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 3 May 2018 13:04:30 +0000 (15:04 +0200)]
smbd: let check_user_ok() construct ent->session_info in one coherent block
We should finish manipulating ent->session_info before filling
conn->session_info. And conn->session_info should be not be changed.
Use git show -U15.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 13 Jun 2018 09:23:42 +0000 (11:23 +0200)]
smbd: call set_current_case_sensitive() before chdir_current_service()
I guess we better setup conn->case_sensitive before doing the
vfs_ChDir() calls, so we have a consistent result everytime.
Otherwise vfs_Chdir() would get conn->case_sensitive from
last request.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 13 Jun 2018 09:03:01 +0000 (11:03 +0200)]
smbd: split out set_current_case_sensitive() and chdir_current_service() functions
We'll soon use them independend from set_current_service().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 25 May 2018 11:58:04 +0000 (13:58 +0200)]
smbd: remove xconn->client->last_session_id based set_current_user_info() caching
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 25 May 2018 11:40:12 +0000 (13:40 +0200)]
s3:lib: add caching to set_current_user_info()
Currently we do that in the caller, but we use global
cache anyway, so we can simplify the callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Günther Deschner [Tue, 12 Jun 2018 10:54:15 +0000 (12:54 +0200)]
s4-dsdb: fix the build of audit_util.c
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Jun 16 11:56:53 CEST 2018 on sn-devel-144
Volker Lendecke [Fri, 15 Jun 2018 12:56:57 +0000 (14:56 +0200)]
addns: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 16 04:21:18 CEST 2018 on sn-devel-144
Volker Lendecke [Thu, 14 Jun 2018 14:47:26 +0000 (16:47 +0200)]
dsdb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 19 May 2018 16:40:44 +0000 (18:40 +0200)]
winbindd: Fix winbindd_ping_dc_recv
tevent_req_simple_recv_ntstatus is only for the one-liner without any
additional functionality.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>