Ralph Boehme [Mon, 19 Jun 2023 16:28:41 +0000 (18:28 +0200)]
CVE-2023-34968: mdscli: remove response blob allocation
This is handled by the NDR code transparently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Mon, 19 Jun 2023 15:14:38 +0000 (17:14 +0200)]
CVE-2023-34968: mdscli: use correct TALLOC memory context when allocating spotlight_blob
d is talloc_free()d at the end of the functions and the buffer was later used
after beeing freed in the DCERPC layer when sending the packet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Sat, 17 Jun 2023 11:39:55 +0000 (13:39 +0200)]
CVE-2023-34968: mdssvc: add missing "kMDSStoreMetaScopes" dict key in slrpc_fetch_properties()
We were adding the value, but not the key.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 6 Jun 2023 13:17:26 +0000 (15:17 +0200)]
CVE-2023-34968: mdssvc: cache and reuse stat info in struct sl_inode_path_map
Prepare for the "path" being a fake path and not the real server-side
path where we won't be able to vfs_stat_fsp() this fake path. Luckily we already
got stat info for the object in mds_add_result() so we can just pass stat info
from there.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15388
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Fri, 26 May 2023 13:06:38 +0000 (15:06 +0200)]
CVE-2023-34967: mdssvc: add type checking to dalloc_value_for_key()
Change the dalloc_value_for_key() function to require an additional final
argument which denotes the expected type of the value associated with a key. If
the types don't match, return NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15341
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Wed, 31 May 2023 14:26:14 +0000 (16:26 +0200)]
CVE-2023-34967: CI: add a test for type checking of dalloc_value_for_key()
Sends a maliciously crafted packet where the value in a key/value style
dictionary for the "scope" key is a simple string object whereas the server
expects an array. As the server doesn't perform type validation on the value, it
crashes when trying to use the "simple" object as a "complex" one.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15341
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Fri, 26 May 2023 11:06:19 +0000 (13:06 +0200)]
CVE-2023-34966: mdssvc: harden sl_unpack_loop()
A malicious client could send a packet where subcount is zero, leading to a busy
loop because
count -= subcount
=> count -= 0
=> while (count > 0)
loops forever.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15340
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Wed, 31 May 2023 13:34:26 +0000 (15:34 +0200)]
CVE-2023-34966: CI: test for sl_unpack_loop()
Send a maliciously crafted packet where a nil type has a subcount of 0. This
triggers an endless loop in mdssvc sl_unpack_loop().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15340
Signed-off-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Fri, 16 Jun 2023 10:28:47 +0000 (12:28 +0200)]
CVE-2022-2127: ntlm_auth: cap lanman response length value
We already copy at most sizeof(request.data.auth_crap.lm_resp) bytes to the
lm_resp buffer, but we don't cap the length indicator.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072
Signed-off-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 20 May 2022 08:55:23 +0000 (10:55 +0200)]
CVE-2022-2127: winbindd: Fix WINBINDD_PAM_AUTH_CRAP length checks
With WBFLAG_BIG_NTLMV2_BLOB being set plus lm_resp_len too large you
can crash winbind. We don't independently check lm_resp_len
sufficiently.
Discovered via Coverity ID
1504444 Out-of-bounds access
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15072
Signed-off-by: Volker Lendecke <vl@samba.org>
Andrew Bartlett [Fri, 21 Jul 2023 03:39:28 +0000 (15:39 +1200)]
lib/cmdline: Also redact --newpassword in samba_cmdline_burn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 21 06:16:30 UTC 2023 on atb-devel-224
Andrew Bartlett [Fri, 21 Jul 2023 02:35:20 +0000 (14:35 +1200)]
lib/cmdline: Also burn the --password2 parameter if given
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Fri, 21 Jul 2023 01:30:39 +0000 (13:30 +1200)]
samba-tool: Use samba.glue.get_burnt_cmdline rather than regex
This use avoids having two different methods to match on command-line
passwords. We already have a dependency on the setproctitle python
module, and this does not change as the (C) libbsd setproctitle()
can't be run from within a python module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Fri, 21 Jul 2023 01:29:22 +0000 (13:29 +1200)]
python: Add glue.burn_commandline() method
This uses samba_cmdline_burn() to as to have common
command line redaction code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Fri, 21 Jul 2023 02:32:46 +0000 (14:32 +1200)]
python: Remove const from PyList_AsStringList()
The returned strings are not owned by python, so need not be const.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Fri, 21 Jul 2023 02:31:30 +0000 (14:31 +1200)]
python: Move PyList_AsStringList to common code so we can reuse
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Fri, 21 Jul 2023 03:27:00 +0000 (15:27 +1200)]
lib/cmdline: Return if the commandline was redacted in samba_cmdline_burn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Wed, 19 Jul 2023 23:14:23 +0000 (11:14 +1200)]
claims.idl: Fix AD claims encoding
Up to now we have been absorbing the discriminant in the NDR padding,
and setting it to zero in the push. But if the discriminant is not set
correctly, Windows will refuse to regard any of the claims.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 21 02:19:48 UTC 2023 on atb-devel-224
Andrew Bartlett [Thu, 20 Jul 2023 02:10:43 +0000 (14:10 +1200)]
lib/fault: During smb_panic() print process comment and setprocname() title
The purpose of this is to make it clear which part of the AD DC (in particular)
has faulted without having to deduce it from the stacktrace.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Noel Power [Fri, 14 Jul 2023 13:53:29 +0000 (14:53 +0100)]
python/samba: Adjust tarfile extraction filter
The 'data_filter' is far too restrictive, this filter doesn't apply any
mode bits to directories which in turn will result in unexpected
directory permissions of the amongst others msg.[ls]ock directories.
With 'data_filter' and a 'patched' python at best we experience
CI failures with samba-ad-back1 & samba-ad-back2 CI jobs due to server
startup failures, at worst user/admins will need to adjust directory
permissions post backup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15390
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 20 Jul 2023 03:49:08 +0000 (15:49 +1200)]
WHATSNEW: Mention new unicodePwd only over encrypted LDAP restriction
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 20 Jul 2023 03:48:40 +0000 (15:48 +1200)]
WHATSNEW: mention KDC auditing
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 20 Jul 2023 03:36:09 +0000 (15:36 +1200)]
WHATSNEW: FAST support, Claims compression, SID compression
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 20 Jul 2023 03:19:51 +0000 (15:19 +1200)]
WHATSNEW: Mention Heimdal updates
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 20 Jul 2023 03:01:43 +0000 (15:01 +1200)]
WHATSNEW: Expand detail on what of 2012, 2012R2 and 2016 support is implemented
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 20 Jul 2023 03:01:07 +0000 (15:01 +1200)]
WHATSNEW: PKINIT testing
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 20 Jul 2023 02:54:02 +0000 (14:54 +1200)]
WHATSNEW: Include info on new samba-tool features
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Wed, 19 Jul 2023 03:50:43 +0000 (15:50 +1200)]
WHATSNEW: Add text on PKINIT Certificate Revocation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9612
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Dmitry Antipov [Thu, 30 Mar 2023 11:04:37 +0000 (14:04 +0300)]
s4:param: replace calls to deprecated Python methods
Replace calls to (obsolete but still stable)
PyEval_CallObjectWithKeywords() with PyObject_Call()
by using trivial wrapper.
Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org Adjusted to always use the PyObject_Call()
as it is available in all of Samba's supported python versions]
Pavel Filipenský [Wed, 28 Jun 2023 12:59:29 +0000 (14:59 +0200)]
s3:script: Replace --merge by --merge-by-timestamp in samba-log-parser
For --merge-by-timestamp the traces do not need to contain the traceid
header field.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Thu Jul 20 19:14:05 UTC 2023 on atb-devel-224
Pavel Filipenský [Wed, 28 Jun 2023 14:51:35 +0000 (16:51 +0200)]
docs-xml:manpages: Fix tabs in samba-log-parser.1.xml
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 19 Jul 2023 09:33:56 +0000 (11:33 +0200)]
s3:winbindd: Change the TALLOC_CTX to fix the tevent call depth tracking
Call depth is not working for winbindd_list_users_send as expected,
it is visible in the flow traces:
-> process_request_send
-> winbindd_list_users_send
-> wb_query_user_list_send
It should look like:
-> process_request_send
-> winbindd_list_users_send
-> wb_query_user_list_send
Tevent call depth tracking internal implementation relies on the fact
that the talloc memory context has type "struct tevent_req".
Then it can obtain the depth from the parent and increment it by one.
The implementation of winbindd_list_users_send() is passing to
wb_query_user_list_send() context of type
"struct winbindd_list_users_state", and from there the parent
"struct tevent_req" cannot be identified.
So we will pass as TALLOC_CTX 'state' instead of 'state->domains'.
After the call, we can reparent back.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Thu Jul 20 10:38:19 UTC 2023 on atb-devel-224
Andreas Schneider [Wed, 19 Jul 2023 09:19:55 +0000 (11:19 +0200)]
Revert "s3:winbindd: set TEVENT_DEPRECATED as tevent_thread_call_depth_*() api will change soon"
This reverts commit
28ddcaf4d8ebb7a4e3498518580ff71662d3cee0.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 19 10:57:27 UTC 2023 on atb-devel-224
Stefan Metzmacher [Thu, 14 Jul 2022 10:00:51 +0000 (12:00 +0200)]
s4:dns_server: Add some more debugging in order to find problems with level 10 logs
We had customer problems where level 10 logs were not good enough in
order to find the reason for failing dns updates.
With the new debug message there's at least a chance to
find out what the problem could be.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 14 Jul 2022 10:00:51 +0000 (12:00 +0200)]
s4:dns_server: defer calling werr_to_dns_err() in a central place
The WERROR codes are much more verbose and it's better to
keep them until we really need the mapping to DNS error codes.
This will allow us to create much better debug messages in
the next commit.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Tue, 18 Jul 2023 10:29:12 +0000 (12:29 +0200)]
s3:waf: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Tue, 18 Jul 2023 09:45:25 +0000 (11:45 +0200)]
s3:winbindd: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Tue, 18 Jul 2023 09:36:49 +0000 (11:36 +0200)]
s3:utils: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Tue, 18 Jul 2023 09:35:22 +0000 (11:35 +0200)]
s3:torture: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Tue, 18 Jul 2023 09:30:18 +0000 (11:30 +0200)]
s3:smbd: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Tue, 18 Jul 2023 09:30:56 +0000 (11:30 +0200)]
s3:smbd: Fix trailing white spaces in quotas.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Tue, 18 Jul 2023 09:30:37 +0000 (11:30 +0200)]
s3:smbd: Fix trailing white spaces in dmapi.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Mon, 17 Jul 2023 16:25:41 +0000 (18:25 +0200)]
s3:selftest: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Mon, 17 Jul 2023 13:03:58 +0000 (15:03 +0200)]
s3:script: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Mon, 17 Jul 2023 13:01:21 +0000 (15:01 +0200)]
s3:rpc_server: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Mon, 17 Jul 2023 12:59:06 +0000 (14:59 +0200)]
s3:rpc_client: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Thu, 13 Jul 2023 07:27:28 +0000 (09:27 +0200)]
s3:registry: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Thu, 13 Jul 2023 07:25:50 +0000 (09:25 +0200)]
s3:printing: Rename variably to dummy to make codespell happy
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Thu, 13 Jul 2023 07:21:37 +0000 (09:21 +0200)]
s3:printing: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Thu, 13 Jul 2023 07:21:13 +0000 (09:21 +0200)]
s3:printing: Fix trailing white spaces in print_iprint.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Thu, 13 Jul 2023 07:20:05 +0000 (09:20 +0200)]
s3:passdb: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Thu, 13 Jul 2023 07:19:11 +0000 (09:19 +0200)]
s3:param: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Thu, 13 Jul 2023 07:18:42 +0000 (09:18 +0200)]
s3:param: Rename bLoaded global variable
This makes codespell happy.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Martin Schwenke [Sun, 16 Jul 2023 10:55:57 +0000 (20:55 +1000)]
ctdb-tests: Log to stderr in statd-callout tests
Errors logged when testing statd-callout don't currently go anywhere.
This is because arguments to the hacked version of script_log() are
ignored.
Remove the hack and configure logging to stderr.
This could go in the local statd-callout.sh setup script. However,
make it available for other script tests.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jul 19 09:57:37 UTC 2023 on atb-devel-224
Martin Schwenke [Sun, 16 Jul 2023 10:52:54 +0000 (20:52 +1000)]
ctdb-scripts: Support script logging to stderr
Logging in statd-callout tests is currently useless. This will
provide a way of seeing errors in those tests.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sun, 16 Jul 2023 10:49:57 +0000 (20:49 +1000)]
ctdb-scripts: Avoid ShellCheck warning SC2162
SC2162 read without -r will mangle backslashes.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sun, 16 Jul 2023 10:47:09 +0000 (20:47 +1000)]
ctdb-scripts: Reformat with "shfmt -w -p -i 0 -fn"
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 11 Oct 2022 22:05:25 +0000 (09:05 +1100)]
ctdb-recoverd: CID
1509028 - Use of 32-bit time_t (Y2K38_SAFETY)
usecs is going to be passed as a uint32_t. There is no need to
calculate it as a time_t.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 10 Jul 2023 22:03:22 +0000 (08:03 +1000)]
ctdb: Do not use egrep
On some platforms, egrep prints a deprecation warning to stderr:
egrep: warning: egrep is obsolescent; using grep -E
Use grep -E instead.
This is nice and simple, so no use splitting this commit into 2
separate commits for each of tools and test.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 16 Jun 2023 03:29:22 +0000 (13:29 +1000)]
ctdb-doc: Correct bit-rotted documenation
Loading tunables is now done in ctdbd, so find another example for the
"setup" event.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 22 Mar 2023 23:24:49 +0000 (10:24 +1100)]
ctdb-utils: Drop unused scsi_io.c source file
It will be in the git history if we ever decide to use SCSI persistent
reservations as a cluster lock.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Pavel Filipenský [Wed, 3 May 2023 09:21:11 +0000 (11:21 +0200)]
s3:winbind: Set/unset the winbind_call_flow callback if log level changes
Done only for the parent process. Works with 'smbcontrol reload-config'
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 19 09:00:50 UTC 2023 on atb-devel-224
Pavel Filipenský [Tue, 2 May 2023 19:59:53 +0000 (21:59 +0200)]
s3:winbind: Update winbind to tevent 0.15.0 API
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pavel Filipenský [Wed, 3 May 2023 09:19:45 +0000 (11:19 +0200)]
s3:winbind: Add callback winbind_call_flow()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 31 Jan 2023 15:25:40 +0000 (16:25 +0100)]
ldb: call tevent_set_max_debug_level(TEVENT_DEBUG_TRACE) together with ldb_tevent_debug()
This means ldb_tevent_debug() is only called for TEVENT_DEBUG_TRACE.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 31 Jan 2023 15:25:40 +0000 (16:25 +0100)]
lib/util: call tevent_set_max_debug_level() in samba_tevent_set_debug()
This means samba_tevent_debug() is only called when needed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 18 Jan 2023 14:41:37 +0000 (15:41 +0100)]
tevent: version 0.15.0
- remove py2 ifdefs
- python: Safely clear structure members
- the tevent_thread_call_depth API is updated
in order to allow better tracing.
- add tevent_set_max_debug_level() only and don't
pass TEVENT_DEBUG_TRACE to tevent_debug() callbacks by default.
- Spelling fixes
- Make use of epoll_create1() for epoll backend
- Optimize overhead in the epoll backend
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 11 Nov 2022 21:25:34 +0000 (22:25 +0100)]
tevent: add tevent_common_fd_str() helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 11 Jan 2023 07:21:47 +0000 (08:21 +0100)]
tevent: avoid calling epoll_update_event() again if epoll_check_reopen() already did it
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Wed, 11 Jan 2023 07:21:47 +0000 (08:21 +0100)]
tevent: let epoll_check_reopen() clear all events before reopening them
This is clearer for multiplexed fdes as it means both sides are
already cleared before we call epoll_update_event() again.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 20 Apr 2023 12:59:33 +0000 (12:59 +0000)]
tevent: avoid epoll_check_reopen() overhead unless required
The preparation, function call and cleanup for epoll_check_reopen()
is quite some overhead and not needed most of the time!
So check the pid in the caller avoids most of it.
Review with: git show -w
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 11 Nov 2022 21:25:34 +0000 (22:25 +0100)]
tevent: make use of TEVENT_DEBUG() when using TEVENT_DEBUG_TRACE
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 11 Nov 2022 14:05:53 +0000 (15:05 +0100)]
tevent: add TEVENT_DEBUG() avoid argument overhead when log is not active...
It can be very costly to calculate the arguments passed to
tevent_debug(), just to drop the message within tevent_debug()
or the callback function.
So we add a way to avoid the overhead, it will be used in the
next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 11 Nov 2022 14:05:53 +0000 (15:05 +0100)]
tevent: introduce tevent_set_max_debug_level() (default TEVENT_DEBUG_WARNING)
Allow an application to decide which log levels it wants to get
in the callback function passed to tevent_set_debug().
By default TEVENT_DEBUG_WARNING is the maximal reported level
and TEVENT_DEBUG_TRACE message no longer reach the callback function
by default.
It seems Samba is the only consumer of tevent_set_debug(), so it
should not be a huge problem, as Samba only reports TEVENT_DEBUG_TRACE
message with log level 50 anyway. And future Samba versions will
call tevent_set_max_debug_level() if needed.
Note the change to tevent-0.14.1.sigs will be reverted
with the release of tevent 0.15.0.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 27 Jan 2023 11:12:45 +0000 (12:12 +0100)]
tevent: add fd_speed test
This is similar to the "context" test, but without signal handlers.
It also creates a constant load instead of being time limited,
which makes it useful to analyse using callgrind and other tools.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Pavel Filipenský [Tue, 2 May 2023 19:57:16 +0000 (21:57 +0200)]
tevent: Flow: add tevent_thread_call_depth_set_callback()
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 23 May 2023 04:39:06 +0000 (06:39 +0200)]
tevent: Flow: store cleanup function name in tevent_req
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Stefan Metzmacher [Tue, 23 May 2023 04:38:27 +0000 (06:38 +0200)]
tevent: Flow: store cancel function name in tevent_req
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Pavel Filipenský [Mon, 15 May 2023 10:57:09 +0000 (12:57 +0200)]
tevent: Flow: store trigger function name in tevent_queue_entry
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pavel Filipenský [Mon, 24 Apr 2023 13:04:06 +0000 (15:04 +0200)]
tevent: Flow: store callback function name in tevent_req
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pavel Filipenský [Sat, 18 Jun 2022 08:57:11 +0000 (10:57 +0200)]
tevent: Flow: pass function name to tevent_req_create()
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pavel Filipenský [Fri, 28 Apr 2023 18:45:20 +0000 (20:45 +0200)]
tevent: Deprecate some tevent_thread_call_depth_*() functions
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pavel Filipenský [Fri, 28 Apr 2023 18:13:29 +0000 (20:13 +0200)]
tevent: Move definition of _DEPRECATED_ to the top of tevent.h
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 19 May 2023 09:16:49 +0000 (11:16 +0200)]
s3:winbindd: set TEVENT_DEPRECATED as tevent_thread_call_depth_*() api will change soon
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Stefan Metzmacher [Mon, 24 Apr 2023 10:39:17 +0000 (12:39 +0200)]
tevent: add tevent_dlinklist.h as copy from lib/util/dlinklist.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 20 Apr 2023 14:35:25 +0000 (14:35 +0000)]
lib/util: dlinklist.h sync with LGPL copy from lib/ldb/include/dlinklist.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 30 Jan 2023 15:10:07 +0000 (16:10 +0100)]
ldb: clarify LGPL scope of include/dlinklist.h
Removing the explicit notice about ldb in order to
have the same content in all copies of dlinklist.h
in the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Mon, 30 Jan 2023 15:10:07 +0000 (16:10 +0100)]
ldb: remove trailing whitespaces from include/dlinklist.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Dmitry Antipov [Fri, 7 Apr 2023 11:47:15 +0000 (14:47 +0300)]
tevent: rely on epoll_create1() for epoll interface
Prefer epoll_create1(2) over epoll_create(2) and
always require the former to use epoll(7) interface,
thus saving extra fcntl(2) call to set FD_CLOEXEC.
Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Dmitry Antipov [Fri, 7 Apr 2023 11:42:10 +0000 (14:42 +0300)]
lib:replace: rely on epoll_create1() for epoll interface
Prefer epoll_create1(2) over epoll_create(2) and
always require the former to use epoll(7) interface.
Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 18 Jul 2023 09:39:38 +0000 (11:39 +0200)]
tdb: release 1.4.9
* Remove remaining, but broken python2 support
* Spelling fixes
* python: Safely clear structure members
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 18 Jul 2023 09:39:38 +0000 (11:39 +0200)]
talloc: release 2.4.1
* Remove remaining, but broken python2 support
* Spelling fixes
* Remove unneeded va_copy()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Rob van der Linde [Wed, 12 Jul 2023 12:42:56 +0000 (00:42 +1200)]
netcmd: sites: add sites and subnet list and view commands to manpage
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 19 04:29:15 UTC 2023 on atb-devel-224
Rob van der Linde [Wed, 12 Jul 2023 12:42:03 +0000 (00:42 +1200)]
netcmd: sites: add missing subnet commands to samba-tool manpage
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 5 Jul 2023 05:40:48 +0000 (17:40 +1200)]
netcmd: sites: tests for list and view sites and subnet
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Tue, 4 Jul 2023 10:02:01 +0000 (22:02 +1200)]
netcmd: sites: make use of ldb_connect from base class
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Tue, 4 Jul 2023 09:47:46 +0000 (21:47 +1200)]
netcmd: add list and view commands for sites and subnets
* samba-tool sites list
* samba-tool sites view
* samba-tool sites subnet list
* samba-tool sites subnet view
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Tue, 4 Jul 2023 09:34:38 +0000 (21:34 +1200)]
netcmd: add Subnet and Site models
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 17 Jul 2023 22:29:50 +0000 (10:29 +1200)]
WHATSNEW: Update minimum GnuTLS version
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Tue, 18 Jul 2023 00:54:40 +0000 (12:54 +1200)]
lib/fuzzing: patch for collecting fuzz_security_token_vs_descriptor seeds
If this patch is applied, and an environment variable is set, all
access_check calls will be recorded as seeds for
fuzz_security_token_vs_descriptor. See the patch for details.
You probably will never want to apply this patch, but it is here just
in case.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>