Volker Lendecke [Fri, 4 Sep 2015 14:40:25 +0000 (16:40 +0200)]
libsmbclient: Fix 32-bit problems
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Sep 7 15:13:08 CEST 2015 on sn-devel-104
Martin Schwenke [Sun, 16 Aug 2015 03:26:21 +0000 (13:26 +1000)]
ctdb-tools: Add dbstatistics to ctdb_diagnostics
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 7 10:00:54 CEST 2015 on sn-devel-104
Martin Schwenke [Mon, 23 Mar 2015 05:10:51 +0000 (16:10 +1100)]
ctdb-daemon: Drop struct ctdb_control_killtcp
Just use ctdb_tcp_connection. It is the same. There are no external
users.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Wed, 2 Sep 2015 11:20:08 +0000 (13:20 +0200)]
vfs_gpfs: Avoid calling gpfs_is_offline on every i/o
Asks gpfs as long as a file is offline. Once it was reported online once,
we'll not ask anymore. This assumes that while we have a file open it
won't be migrated away. This might not *always* be true, but probably
close enough. And as long as we don't have a proper notification mechanism
and as long as polling is too expensive, this seems like a good strategy.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Sat Sep 5 01:50:09 CEST 2015 on sn-devel-104
Volker Lendecke [Thu, 3 Sep 2015 10:10:35 +0000 (12:10 +0200)]
vfs_gpfs: Introduce vfs_gpfs_fsp_is_offline
This consolidates a few common calls
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Jeremy Allison [Thu, 3 Sep 2015 00:12:33 +0000 (17:12 -0700)]
winbind: Don't delete an existing krb5 ticket on cached logon.
Cached logon doesn't mean the ticket is bad, wait until we go
online again to determine that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11198
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 4 01:35:16 CEST 2015 on sn-devel-104
Volker Lendecke [Thu, 3 Sep 2015 14:25:02 +0000 (16:25 +0200)]
ctdb: Fix a 32-bit problem
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Sep 3 22:12:02 CEST 2015 on sn-devel-104
Har Gagan Sahai [Wed, 2 Sep 2015 17:54:24 +0000 (10:54 -0700)]
Fix memory leak in dns resolution during spnego authentication using kerberos.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11471
Signed-off-by: Har Gagan Sahai <SHarGagan@novell.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Sep 3 19:11:22 CEST 2015 on sn-devel-104
Björn Jacke [Wed, 2 Sep 2015 10:37:12 +0000 (12:37 +0200)]
tls: increase Diffie-Hellman group size to 2048 bits
1024 bits is already the minimum accepted size of current TLS libraries. 2048
is recommended for servers, see https://weakdh.org/
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 3 03:47:48 CEST 2015 on sn-devel-104
Björn Jacke [Wed, 2 Sep 2015 10:37:11 +0000 (12:37 +0200)]
doc: fix description of tls dh params file parameter
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Fri, 7 Aug 2015 13:48:33 +0000 (15:48 +0200)]
s4:torture:vfs_fruit: created empty resourceforks
Check for opens and creates, created empty resourceforks result in
ENOENT in subsequent opens.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 2 06:50:16 CEST 2015 on sn-devel-104
Ralph Boehme [Thu, 6 Aug 2015 09:32:29 +0000 (11:32 +0200)]
s4:torture:vfs_fruit: add a resource fork truncation test
Truncating a resource fork to 0 bytes should make it inaccessible for
subsequent creates and return NT_STATUS_OBJECT_NAME_NOT_FOUND.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 25 Aug 2015 15:06:52 +0000 (17:06 +0200)]
vfs_fruit: delete ._ file when deleting the basefile
0 byte resource fork streams are not listed by vfs_streaminfo, as a
result stream cleanup/deletion of file deletion doesn't remove the
resourcefork stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 12 Aug 2015 05:34:53 +0000 (07:34 +0200)]
vfs_fruit: split and simplify fruit_ftruncate
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 8 Aug 2015 18:21:39 +0000 (20:21 +0200)]
vfs_fruit: handling of empty resource fork
Opening the resource fork stream with O_CREAT mustn't create a visible
node in the filesystem, only create a file handle. As long as the
creator didn't write into the stream, other openers withour O_CREAT
MUST get an ENOENT error. This is way OS X SMB server implements it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Thomas Nagy [Fri, 26 Jun 2015 20:32:43 +0000 (22:32 +0200)]
build:wafsamba: Use the Waf 1.8 API get_tgen_by_name instead of name_to_obj
Signed-off-by: Thomas Nagy <tnagy@waf.io>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 2 03:49:51 CEST 2015 on sn-devel-104
Thomas Nagy [Fri, 26 Jun 2015 18:48:43 +0000 (20:48 +0200)]
build:wafsamba: Close file handles in the build scripts too
Signed-off-by: Thomas Nagy <tnagy@waf.io>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Thomas Nagy [Fri, 26 Jun 2015 18:17:06 +0000 (20:17 +0200)]
third_party:waf: fix a mis-merge - Utils.check_dir issue
Signed-off-by: Thomas Nagy <tnagy@waf.io>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Thomas Nagy [Fri, 26 Jun 2015 18:13:09 +0000 (20:13 +0200)]
third_party:waf: Backport parts of the waf 1.8 API
This modifies our waf 1.5 wafadmin copy to resemble the waf 1.8
waflib API. It is a preparation to change to waf 1.8, decoupling
this change from changes in wafsamba.
Signed-off-by: Thomas Nagy <tnagy@waf.io>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Tue, 1 Sep 2015 06:41:04 +0000 (08:41 +0200)]
samr4: Use <SID=%s> in GetGroupsForUser
This way we avoid quoting problems in user's DNs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 1 23:49:14 CEST 2015 on sn-devel-104
Volker Lendecke [Tue, 1 Sep 2015 15:13:36 +0000 (17:13 +0200)]
Revert "winbind: Fix 100% loop"
This reverts commit
e551cdb37d3e8cfb155bc33f9b162761c8d60889.
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Sep 1 20:47:50 CEST 2015 on sn-devel-104
Andrew Bartlett [Tue, 1 Sep 2015 03:00:30 +0000 (15:00 +1200)]
python/tests: Add more assertions that we get back the value we expect
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 1 17:00:53 CEST 2015 on sn-devel-104
Andrew Bartlett [Tue, 1 Sep 2015 02:58:20 +0000 (14:58 +1200)]
python/tests: Add tests for 64 bit signed integers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 1 Sep 2015 08:30:49 +0000 (10:30 +0200)]
pidl/python: also add a ndr_PyLong_FromLongLong() for symnetric reasons
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 1 Sep 2015 02:33:35 +0000 (14:33 +1200)]
pidl/python: Provide static inline helper function ndr_PyLong_FromUnsignedLongLong
This should isolate any coverity warnings on 64-bit platforms
(where LONG_MAX is larger than any possible 32 bit value) to
a single spot, or possibly eliminate it.
This is needed for the unsigned 64 bit case, and on 32 bit
systems, as PyInt_FromLong is limited to a signed "long" int.
The compiler should be able to eliminate many of these calls
with the embedded type knowlege.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 27 Aug 2015 23:46:56 +0000 (11:46 +1200)]
pidl/python: Calculate maximum integer values using a lookup table
This avoids a << of 64 bits in the unused end of the conditional expression.
This was flagged by Coverity and the fix was suggested by metze.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Garming Sam [Mon, 17 Nov 2014 23:41:30 +0000 (12:41 +1300)]
spoolss: handle SetPrinter for info level 4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10770
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 1 03:33:13 CEST 2015 on sn-devel-104
Stefan Metzmacher [Thu, 27 Aug 2015 09:14:51 +0000 (11:14 +0200)]
ldb:wscript: make it possible to build samba with a system ldb again
This fixes a regression in commit
fcf4a891945b22dc6eccdc71fd441f1a879f556a.
If we check for 'ldb' later the 'pyldb-util' can't depend on the 'ldb' check.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11458
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Aug 31 18:53:16 CEST 2015 on sn-devel-104
Ralph Boehme [Wed, 12 Aug 2015 09:06:15 +0000 (11:06 +0200)]
selftest: add a check for disabled change notify
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11444
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Aug 31 15:50:49 CEST 2015 on sn-devel-104
Ralph Boehme [Wed, 12 Aug 2015 09:35:27 +0000 (11:35 +0200)]
selftest: add change notify = no to simpleserver env
A subsequent patch will use this env in a torture test.
The aren't any existing tests that make use of change notify, so
disabling change notify in this test environment doesn't impact existing
tests.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11444
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 11 Aug 2015 14:49:46 +0000 (16:49 +0200)]
notify: check for valid notify_ctx in notify_remove
notify_ctx will be NULL when "change notify = no" is set in smb.conf.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11444
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 30 Aug 2015 23:08:45 +0000 (11:08 +1200)]
web_server: Fix server not to segfault on startup
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Aug 31 04:11:55 CEST 2015 on sn-devel-104
Andrew Bartlett [Sun, 30 Aug 2015 22:59:58 +0000 (10:59 +1200)]
web_server: Use talloc_get_type_abort()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Sun, 30 Aug 2015 22:48:08 +0000 (10:48 +1200)]
lib/tls: Ensure SSLv3 is disabled in the web server by default
By calling gnutls_priority_set_direct() the behaviour should now match the LDAP server
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Sun, 30 Aug 2015 22:33:34 +0000 (10:33 +1200)]
lib/tls: Remove unused tls_init_client code
This is unused as the callers have now been migrated to tls_tstream
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Martin Schwenke [Tue, 18 Aug 2015 05:22:23 +0000 (15:22 +1000)]
ctdb-scripts: Add default filesystem usage warnings
Always check filesystem usage for the database directories.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sat Aug 29 20:08:48 CEST 2015 on sn-devel-104
Martin Schwenke [Fri, 14 Aug 2015 07:08:45 +0000 (17:08 +1000)]
ctdb-scripts: Add default system memory usage warnings
CTDB should warn by default if too much system memory or swap is used.
The tests have also been tweaked. In particular, the filesystem-only
tests need to initialise the memory information to avoid errors where
meminfo isn't set.
Document the defaults, warning against disabling them.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 6 Aug 2015 05:59:06 +0000 (15:59 +1000)]
ctdb-scripts: Enable system monitoring eventscript by default
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 5 Aug 2015 10:42:16 +0000 (20:42 +1000)]
ctdb-scripts: Throttle system resource monitoring warnings
They are only printed when the percentage usage changes. This should
stop the logs from being filled with warnings.
Add a test for the throttling.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 3 Aug 2015 09:55:27 +0000 (19:55 +1000)]
ctdb-scripts: Don't shutdown CTDB when memory monitoring fails
Marking the node unhealthy should cause Samba processes to close,
possible freeing a stack of memory. If not, then it is somebody
else's problem.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 3 Aug 2015 07:22:08 +0000 (17:22 +1000)]
ctdb-scripts: New consistent system memory and swap monitoring
New variables CTDB_MONITOR_MEMORY_USAGE and CTDB_MONITOR_SWAP_USAGE.
Both take a pair of <warn_threshold>:<unhealthy_threshold> where each
theshold is specified as a percentage.
This adds a callout to check_thresholds() that is run when the
unhealthy threshold is reached.
Add some combination tests.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 3 Aug 2015 06:20:40 +0000 (16:20 +1000)]
ctdb-scripts: Factor out new function check_thresholds()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 3 Aug 2015 05:59:50 +0000 (15:59 +1000)]
ctdb-scripts: Memory monitoring uses thresholds expressed as percentages
CTDB_MONITOR_FREE_MEMORY and CTDB_MONITOR_FREE_MEMORY_WARN are now
percentages that specify thresholds of acceptable memory usage.
Memory/swap usage in tests also specified as percentages.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 24 Jul 2015 09:57:42 +0000 (19:57 +1000)]
ctdb-scripts: Use MemAvailable if it is in /proc/meminfo
Otherwise calculate, as before.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 20 Jul 2015 10:50:56 +0000 (20:50 +1000)]
ctdb-scripts: Only use /proc/meminfo for memory checks, not "free"
No need to use 2 different sources of information for similar checks.
Also, output of free has been changed, whereas /proc/meminfo is a
kernel API, which will not change.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 20 Jul 2015 06:08:13 +0000 (16:08 +1000)]
ctdb-scripts: Move system memory checking to 05.system
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 20 Aug 2015 01:47:19 +0000 (11:47 +1000)]
ctdb-tests: Remove unwanted trailing whitespace
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 17 Jul 2015 11:32:01 +0000 (21:32 +1000)]
ctdb-tests: Add tests for filesystem usage monitoring
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 3 Aug 2015 04:56:40 +0000 (14:56 +1000)]
ctdb-scripts: New configuration variable CTDB_MONITOR_FILESYSTEM_USAGE
This allows both errors (i.e. unhealthy) and warnings for different
thresholds. It replaces CTDB_CHECK_FS_USE.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 24 Jul 2015 09:56:06 +0000 (19:56 +1000)]
ctdb-scripts: Don't fail monitoring if sanity checks fail
Just log some warnings.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 17 Jul 2015 10:04:44 +0000 (20:04 +1000)]
ctdb-scripts: Move filesystem monitoring into a function, clean it up
Drop obvious comments. Use die() for less lines of code. Use a case
statement to avoid forking unnecessary processes for each filesystem
being checked. Drop parentheses around percentages in messages.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 17 Jul 2015 01:59:56 +0000 (11:59 +1000)]
ctdb-scripts: Rename 40.fs_use to 05.system
Will put all the system monitoring in here, simplifying 00.ctdb.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Ralph Wuerthner [Fri, 28 Aug 2015 12:42:32 +0000 (14:42 +0200)]
s3: add suport for SMB3_10 and SMB3_11 protocols in smbstatus
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11472
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 29 07:05:10 CEST 2015 on sn-devel-104
Petr Viktorin [Tue, 14 Jul 2015 09:02:36 +0000 (11:02 +0200)]
python: Remove uuid module
The uuid module was only built for Python 2.4 and lower, which Samba
no longer supports.
Python 2.5+ includes uuid in its standard library.
Signed-off-by: Petr Viktorin <pviktori@redhat.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Aug 29 04:03:49 CEST 2015 on sn-devel-104
Volker Lendecke [Fri, 28 Aug 2015 10:33:13 +0000 (12:33 +0200)]
winbind: Fix 100% loop
Thanks to "L.P.H. van Belle" <belle@bazuin.nl>
for help in reproducing the issue.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11038
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 28 22:03:31 CEST 2015 on sn-devel-104
Stefan Metzmacher [Fri, 28 Aug 2015 12:16:14 +0000 (14:16 +0200)]
s3:smb2_create: #if 0 unused variable
This fixes the build on ubuntu 14.04, which failed like this:
[2852/3952] Compiling source3/smbd/smb2_create.c
../source3/smbd/smb2_create.c: In function ‘smbd_smb2_create_send’:
../source3/smbd/smb2_create.c:678:28: error: variable ‘svhdx’ set but not used [-Werror=unused-but-set-variable]
struct smb2_create_blob *svhdx = NULL;
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Richard Sharpe [Wed, 29 Jul 2015 02:08:02 +0000 (19:08 -0700)]
Move the error handling for svhdx to vfswrap_create to give VFS module writers a chance to handle RSVD opens if they want to.
Also handle a review comment by Metze.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 28 03:19:36 CEST 2015 on sn-devel-104
Stefan Metzmacher [Wed, 12 Aug 2015 10:58:49 +0000 (12:58 +0200)]
lib/crypto: make it possible to use only parts of aes.[ch]
This can be used in order to optimize some parts later.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 27 23:23:54 CEST 2015 on sn-devel-104
Stefan Metzmacher [Wed, 12 Aug 2015 10:58:49 +0000 (12:58 +0200)]
lib/crypto: sync AES_cfb8_encrypt() from heimdal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 14 Aug 2015 21:45:07 +0000 (23:45 +0200)]
lib/crypto: make use of aes_test.h in aes_gcm_128_test.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 11 Aug 2015 22:59:58 +0000 (00:59 +0200)]
lib/crypto: optimize aes_gcm_128
- We avoid variables in order to do a lazy cleanup
in aes_ccm_128_digest() via ZERO_STRUCTP(ctx)
- We use the optimized aes_block_{xor,rshift}() functions
- Align AES_BLOCK_SIZE arrays to 8 bytes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 11 Aug 2015 22:59:58 +0000 (00:59 +0200)]
lib/crypto: optimize aes_ccm_128
- We avoid variables in order to do a lazy cleanup
in aes_ccm_128_digest() via ZERO_STRUCTP(ctx)
- We use the optimized aes_block_xor() function
- We reuse A_i instead of rebuilding it everything completely.
- Align AES_BLOCK_SIZE arrays to 8 bytes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 11 Aug 2015 22:59:58 +0000 (00:59 +0200)]
lib/crypto: optimize aes_cmac_128
- We avoid variables in order to do a lazy cleanup
in aes_cmac_128_final() via ZERO_STRUCTP(ctx)
- We avoid unused memcpy() calls
- We use the optimized aes_block_{xor,lshift}() functions
- Align AES_BLOCK_SIZE arrays to 8 bytes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 11 Aug 2015 22:59:58 +0000 (00:59 +0200)]
lib/crypto: add optimized helper functions aes_block_{xor,lshift,rshift}()
These are typical operations on an AES_BLOCK used by different modes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 14 Aug 2015 11:13:21 +0000 (13:13 +0200)]
lib/crypto: add aes_ccm_128 tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 27 Aug 2015 11:44:56 +0000 (13:44 +0200)]
lib/crypto: verify 0 updates in aes_gcm_128 tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 14 Aug 2015 11:12:13 +0000 (13:12 +0200)]
lib/crypto: run all aes_gcm_128 testcases
We should not skip the first one.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 11 Aug 2015 14:31:25 +0000 (16:31 +0200)]
lib/crypto: add aes_cmac_128 chunked tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 12 Aug 2015 10:09:24 +0000 (12:09 +0200)]
s3:vfs_smb_traffic_analyzer: remove samba_ prefix from AES_* function calls
This should be an implementation detail in lib/crypto/aes.h.
In future we may add support for other implementations.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 26 Aug 2015 08:52:44 +0000 (10:52 +0200)]
lib: Make sid_linearize take a uint8_t
We marshall into a binary buffer, uint8_t better reflects that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 27 00:40:58 CEST 2015 on sn-devel-104
Volker Lendecke [Mon, 24 Aug 2015 14:50:44 +0000 (16:50 +0200)]
lib: Remove unused sid_blob_parse
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 24 Aug 2015 14:46:12 +0000 (16:46 +0200)]
lib: Convert callers of sid_blob_parse to sid_parse
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 24 Aug 2015 10:33:28 +0000 (12:33 +0200)]
lib: Make sid_parse take a uint8_t
sid_parse takes a binary blob, uint8_t reflects this a bit
better than char * does
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Richard Sharpe [Tue, 25 Aug 2015 03:26:42 +0000 (20:26 -0700)]
Prevent a crash in Python modules that try to authenticate by ensuring we reject cases where credendials fields are not intialized.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 25 21:45:18 CEST 2015 on sn-devel-104
Roel van Meer [Tue, 4 Aug 2015 14:50:43 +0000 (16:50 +0200)]
s3-util: Compare the maximum allowed length of a NetBIOS name
This fixes a problem where is_myname() returns true if one of our names
is a substring of the specified name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11427
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 3 Aug 2015 01:50:08 +0000 (13:50 +1200)]
selftest: Add assertion that we actually fix the replPropertyMetaData sort order
This ensures that the dbcheck rule fixes the sort order (and only fixes the sort order).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 25 02:45:58 CEST 2015 on sn-devel-104
Andrew Bartlett [Sun, 2 Aug 2015 23:25:02 +0000 (11:25 +1200)]
selftest: Add in steps to re-create this database
This may assist if this needs to be changed again
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 2 Aug 2015 23:24:10 +0000 (11:24 +1200)]
Update release-4-1-0rc3 to include data using schema modifications
This allows us to know that the previous patches are correct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Mon, 25 May 2015 16:17:55 +0000 (09:17 -0700)]
ldb: create a cache of known wellknown objects instead of continously searching in the db
Profiling on dbcheck have shown that we spend 10% of the time looking
for wellknown objects.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Change-Id: I13ed58e8062d1b7b6179d17b0e7e56f943572c6c
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 27 Jul 2015 03:11:56 +0000 (15:11 +1200)]
dbcheck: Use set() operations to make dbcheck more efficient
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 27 Jul 2015 03:44:56 +0000 (15:44 +1200)]
dbcheck: Try to avoid duplicate searches
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 28 Jul 2015 04:11:54 +0000 (16:11 +1200)]
dbcheck: Add additional tests for the attributeID list
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 23 Jul 2015 04:01:14 +0000 (16:01 +1200)]
dbcheck: Add explict tests for unknown and unsorted attributeID values
Unknown attributeID values would cause an exception previously, and
unsorted attributes cause a failure to replicate with Samba 4.2.
In commit
61b978872fe86906611f64430b2608f5e7ea7ad8 we started
to sort these values correctly, but previous versions of Samba
did not sort them correctly (we sorted high-bit-set values as
negative), and then after
9c9df40220234cba973e84b4985d90da1334a1d1
we stoped accepting these.
To ensure we are allowed to make this unusual change to the
replPropertyMetaData, a new OID is allocated and checked
for in repl_meta_data.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 30 Jul 2015 02:28:48 +0000 (14:28 +1200)]
pidl: Assert that python arrays will not overflow the C array
We do not write network services in Python, so this is not a security issue, but would cause
a crash or other odd behaviour if the length was changed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11430
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 28 Jul 2015 02:29:25 +0000 (14:29 +1200)]
pydsdb: Allow the full range of uint32_t values for attributeID
The high bit may be set in these integers, so we need an unsigned int to store it in
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 30 Jul 2015 02:29:54 +0000 (14:29 +1200)]
python/tests: Add tests for integer overflow handling
This also documents an issue with our python bindings and lists, as changes to integers in a list
of integers are not preserved
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 26 Jul 2015 22:57:43 +0000 (10:57 +1200)]
pidl: Change PIDL to correctly use and validate python integer types
In particular, it is critical that we use unsigned integers of
sufficient size in python for unsigned C integers, and it is
critical that we check for overflow at both the python and C
level.
Otherwise, we may both represent and sort these incorrectly,
in particular when sorting attributeID values from DRSUAPI
which are represented as an signed enum in C and a uint32_t in IDL,
but which often has the high bit set (in schema extensions).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 29 Jul 2015 03:25:09 +0000 (15:25 +1200)]
python: Use an unsigned integer for buf_size, not -1
This will fail once our python bindings correctly check value ranges
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 3 Aug 2015 01:33:40 +0000 (13:33 +1200)]
dnsserver: Remove incorrect and not required include of ldb_private.h
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Fri, 21 Aug 2015 09:25:33 +0000 (11:25 +0200)]
winbind: Remove "have_idmap_config" from winbindd_domain
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug 24 19:19:31 CEST 2015 on sn-devel-104
Volker Lendecke [Wed, 19 Aug 2015 11:48:17 +0000 (13:48 +0200)]
winbind: Do not look for the domain in wb_gid2sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Wed, 19 Aug 2015 11:48:17 +0000 (13:48 +0200)]
winbind: Do not look for the domain in wb_uid2sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Wed, 19 Aug 2015 11:44:02 +0000 (13:44 +0200)]
idmap: Remove dom_name from wbint_Gid2Sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Wed, 19 Aug 2015 11:44:02 +0000 (13:44 +0200)]
idmap: Remove dom_name from wbint_Uid2Sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Wed, 19 Aug 2015 11:34:58 +0000 (13:34 +0200)]
idmap: Remove "domname" from idmap_gid_to_sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Wed, 19 Aug 2015 11:34:58 +0000 (13:34 +0200)]
idmap: Remove "domname" from idmap_uid_to_sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Tue, 18 Aug 2015 15:34:29 +0000 (17:34 +0200)]
idmap: Remove "domname" from idmap_backends_unixid_to_sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Tue, 18 Aug 2015 15:30:27 +0000 (17:30 +0200)]
idmap: Use a range search in idmap_backends_unixid_to_sid
This obsoletes the domain name in the xid2sid calls
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Wed, 19 Aug 2015 15:00:46 +0000 (17:00 +0200)]
idmap: Initialize all idmap domains at startup
So far we have initialized idmap domains on demand indexed by name.
For sid2xid this works okay, because we could do lookupsids before
and thus get the name. For xid2sid this is more problematic. We
have to rely on enumtrustdoms to work completely, and we have to
look at the list of winbind domains in the parent to get the domain
name. Relying on domain->have_idmap_config is not particularly nice.
This patch re-works initialization of idmap domains by scanning all
parametric parameters, scanning for :backend configuration settings.
This way we get a complete list of :range definitions. This means
we can rely on the idmap domain array to be complete. This in turn
means we can live without the domain name to find a domain, we can
do a range search by uid or gid.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Tue, 18 Aug 2015 14:58:02 +0000 (16:58 +0200)]
idmap: Move idmap_init() under the static vars
Just moving code, idmap_init will need to reference the variables
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464