Joe Guo [Wed, 3 Oct 2018 11:42:08 +0000 (00:42 +1300)]
uptodateness: migrate get_kcc_and_dsas as a function
We need to reuse it in drs cmd.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658
Joe Guo [Wed, 3 Oct 2018 10:45:12 +0000 (23:45 +1300)]
uptodateness: extract get_utdv_max_distance
To avoid returning 2 values from get_utdv_distances.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658
Joe Guo [Wed, 3 Oct 2018 10:21:11 +0000 (23:21 +1300)]
uptodateness: extract function get_utdv_distances
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658
Joe Guo [Wed, 3 Oct 2018 10:09:56 +0000 (23:09 +1300)]
uptodateness: extract function get_utdv_edges
Extract function to reuse later.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658
Joe Guo [Wed, 3 Oct 2018 09:49:46 +0000 (22:49 +1300)]
netcmd/visualize: rm unused code line
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658
Joe Guo [Wed, 3 Oct 2018 09:39:04 +0000 (22:39 +1300)]
uptodateness: migrate more methods from visualize
Move methods from cmd_uptodateness to new module.
Will reuse in drs cmd later.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658
Joe Guo [Wed, 3 Oct 2018 09:21:54 +0000 (22:21 +1300)]
uptodateness: add new module and migrate functions from visualize
Both visualize and drs cmd will have uptodateness functions.
Create a new module to reuse code.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658
Tim Beale [Thu, 18 Oct 2018 00:07:20 +0000 (13:07 +1300)]
join: Sanity-check LDB connection before failed join cleanup
Joining a large DB can take so long that the LDAP connection times out.
The previous patch fixed the 'happy case' where the join succeeds.
However, if the commit or replication fails (throwing an exception),
then the cleanup code can also fail when it tries to delete objects from
the remote DC. This then gives you an error pointing to
cleanup_old_accounts() rather than what actually went wrong.
This patch adds a sanity-check that if the join fails, that the LDB
connection to the remote DC is still alive, before we start deleting
objects.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13612
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 18 Oct 2018 03:50:19 +0000 (16:50 +1300)]
join: Avoid searching for more than strictly required during sanity check
We check for the default base DN as this does require authentication, but
we do not need to search for more than just that (so use SCOPE_BASE) and
we need no attributes, so ask for none
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Tim Beale [Wed, 17 Oct 2018 01:41:12 +0000 (14:41 +1300)]
join: LDAP connection to remote DC can timeout in large join
When joining a very large domain (e.g. 100K users), the replication can
take so long that the LDAP connection to the remote DC times out.
This patch avoids the problem by adding in a sanity-check after the
replication finishes that the LDB connection is still alive. If not,
then we reconnect.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13612
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Tue, 9 Oct 2018 19:41:52 +0000 (21:41 +0200)]
gencache: Remove a redundant check
tdb_storev itself is robust against overflow due to multiple buffers
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 17 22:22:51 CEST 2018 on sn-devel-144
Volker Lendecke [Tue, 9 Oct 2018 12:04:50 +0000 (14:04 +0200)]
gencache: Remove a redundant check
gencache_pull_timeout checks for NULL ptr already
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 9 Oct 2018 11:58:43 +0000 (13:58 +0200)]
gencache: Make gencache_pull_timeout return a payload DATA_BLOB
Both relevant callers created one anyway.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 9 Oct 2018 11:51:46 +0000 (13:51 +0200)]
gencache: Make gencache_pull_timeout a bit more robust
The previous version assumed a well-formed "val", we just handed it to
strtol without properly checking that it contains the delimiter. So
strtol could well run off the end of "val" in case of data corruption.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 9 Oct 2018 11:17:53 +0000 (13:17 +0200)]
gencache: Call string_term_tdb_data() only once
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 9 Oct 2018 11:15:22 +0000 (13:15 +0200)]
gencache: Swap tests: Do cheapest first
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 8 Oct 2018 07:07:59 +0000 (09:07 +0200)]
gencache: Avoid counting characters manually
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Oct 2018 08:41:22 +0000 (10:41 +0200)]
auth3: Avoid an explicit ZERO_STRUCT
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Oct 2018 08:58:32 +0000 (10:58 +0200)]
netsamlogon_cache: Improve a DBG message
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Oct 2018 08:57:13 +0000 (10:57 +0200)]
netsamlogon_cache: Add some error checks
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Oct 2018 08:55:00 +0000 (10:55 +0200)]
netsamlogon_cache: Use "goto fail", save some lines
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Oct 2018 08:10:52 +0000 (10:10 +0200)]
netsamlogon_cache: Fix talloc_stackframe error return leaks
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Tim Beale [Fri, 12 Oct 2018 00:54:34 +0000 (13:54 +1300)]
drs_util: Improve memory usage when joining large DB
drs_Replicate.replicate() could consume a large amount of memory when
replicating a large DB. This is not a leak - the memory gets freed when
the function returns (i.e. once the partition is fully replicated).
However, while the partition is in the process of being replicated, it
accumulates memory for each replication chunk it receives. This can have
considerable overhead with 1000s of objects/links in the partition.
This was exhausting memory when joining a VM with 1Gb RAM to a DC with
25K users (average ~15 group memberships per user).
It seems that by storing a reference to something that's on the ctr's
talloc tree, it doesn't free up the memory for each ctr message (until
the function actually returns and req is destroyed).
With 10K users (and average 15 group memberships per user), .replicate()
consumed 211Mb of memory, according to talloc.report_full(). With this
patch, it goes down to just the current ctr message (1-2Mb).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 17 08:56:42 CEST 2018 on sn-devel-144
Tim Beale [Fri, 12 Oct 2018 00:29:32 +0000 (13:29 +1300)]
libnet/drs: Update replication debug to report link progress
Update the replication debug (for joins/backups) so that it's easier to
see how far through syncing the links we are. E.g. with 150,000 links,
you just get screeds of debug like this, with no real idea how far
through the replication is.
Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[1500/150024]
Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[1500/150024]
Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[1500/150024]
This patch now applies to links the same debug logic we use for objects,
and changes it to look like:
Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[57024/150024]
Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[58524/150024]
Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720]
linked_values[60024/150024]
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Aaron Haslett [Mon, 15 Oct 2018 03:52:40 +0000 (16:52 +1300)]
dns: dlz_bind9 reference count logging
dlz_bind9 has to count the number of times the plugin is 'created' by bind's
plugin manager so it doesn't repeat setup. Logging doesn't reflect this
reference counting logic properly and so messages like "samba_dlz: shutdown"
can, confusingly, come up when the database connection has not actually been
severed. This patch adds the necessary logging.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13655
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Sat, 13 Oct 2018 11:41:59 +0000 (13:41 +0200)]
lib: Move the "expired" for gencache_parse calculation into gencache.c
Make it more robust
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 16 21:20:19 CEST 2018 on sn-devel-144
Volker Lendecke [Sat, 13 Oct 2018 10:01:41 +0000 (12:01 +0200)]
namemap_cache: Absorb the expired calculation into namemap_cache.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 13 Oct 2018 09:39:03 +0000 (11:39 +0200)]
winbindd_cache: Fix timeout calculation for sid<->name cache
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 10 Oct 2018 14:09:32 +0000 (16:09 +0200)]
s3:lib:popt: Use memset_s() to burn password string
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 16 11:38:40 CEST 2018 on sn-devel-144
Andreas Schneider [Wed, 10 Oct 2018 14:05:46 +0000 (16:05 +0200)]
replace: Add memset_s() if not available
See https://en.cppreference.com/w/c/string/byte/memset
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Wed, 10 Oct 2018 22:59:52 +0000 (11:59 +1300)]
samba-tool drs showrepl: do not crash if no dnsHostName found
This should not happen, but it does sometimes in an autobuild
environment. Rather than reporting this by crashing, we report it by
showing there is no DNS name.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Oct 12 15:27:07 CEST 2018 on sn-devel-144
Tim Beale [Thu, 11 Oct 2018 04:50:52 +0000 (17:50 +1300)]
dsdb: Add dsdb_request_has_control() helper function
Most of the DSDB modules only want to check the existence of a control,
rather than access the control itself. Adding a helper function allows
the code to ask more natural-sounding yes/no questions, and tidies up
an ugly-looking long-line in extended_dn_out.c.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Oct 12 07:23:26 CEST 2018 on sn-devel-144
Tim Beale [Thu, 4 Oct 2018 01:37:44 +0000 (14:37 +1300)]
netcmd: Change Py3 incompatible long() for tombstone expunge
The code to expunge tombstones uses long(), which is not Python3
compatible. Python3 uses int() instead, and works out how big it needs
to be.
As long as we don't run the samba-tool command on a 32-bit machine
after the year 2038, then we should avoid any integer overflow on
Python 2.x.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Tim Beale [Fri, 28 Sep 2018 02:55:14 +0000 (14:55 +1200)]
dsdb: Remove redundant variable/check
Previously, this code used to live inside the loop, so the
checked_reveal_control was needed to save ourselves unnecessary work.
However, now that the code has been moved outside the loop, the
checked_reveal_control variable is just unnecessary complication.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Wed, 12 Sep 2018 19:48:04 +0000 (14:48 -0500)]
dsdb: Ensure that a DN (now) pointing at a deleted object counts for objectclass-based MUST
Add the 'reveal_internals' controls when performing objectclass-based
checks of mandatory attributes. This prevents the extended_dn DSDB
module from suppressing attributes that point to deleted (i.e.
non-existent/expunged) objects.
This ensures that, when modifying an object (and often not even
touching the mandatory attribute) that the fact that an attribute is a
DN, and the DN target is deleted, that the schema check will still pass.
Otherwise a fromServer pointing at a dead server can cause failures,
i.e. you can't modify the affected object at all, because the DSDB
thinks a mandatory attribute is missing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13621
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Tim Beale [Fri, 28 Sep 2018 00:35:35 +0000 (12:35 +1200)]
tests: Add corner-case test: fromServer points to dead server
The fromServer attribute is slightly unique, in that it's a DN (similar
to a one-way link), but it is also a mandatory attribute.
Currently, if fromServer gets a bad value (i.e. a dead server that has
been expunged), the DSDB rejects any attempts to modify the associated
nTDSConnection object (regardless of whether or not you're actually
changing the fromServer attribute).
This patch adds a test-case that demonstrates how the DB can get into
such a state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13621
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Wed, 10 Oct 2018 04:51:54 +0000 (17:51 +1300)]
s4/script/samba_upgradeprovision: set global dnNotToRecalculateFound var
as probably intended. Without this the local variable shadows the
global one and is never used while the global one is never changed.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
Douglas Bagnall [Wed, 10 Oct 2018 04:50:24 +0000 (17:50 +1300)]
s4/script/samba_upgradeprovision: remove unused variable
A similarly named variable is always set two lines down, so we don't need this
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
Douglas Bagnall [Wed, 10 Oct 2018 04:40:25 +0000 (17:40 +1300)]
s4/script/samba_upgradeprovision: remove duplicate (contradictory) dict key
The second, winning, entry says '"defaultSecurityDescriptor": replace + add'
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
Douglas Bagnall [Wed, 10 Oct 2018 04:36:50 +0000 (17:36 +1300)]
s4/script/samba_upgradeprovision: use int not long for Python 3
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
Björn Baumbach [Thu, 27 Sep 2018 08:32:37 +0000 (10:32 +0200)]
vfs_full_audit: ntimes: log a-, m-, c- and creation-time
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Thu Oct 11 13:40:27 CEST 2018 on sn-devel-144
Björn Baumbach [Fri, 31 Aug 2018 14:12:34 +0000 (16:12 +0200)]
dns update: add missing newline in error debug message
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Wed, 19 Sep 2018 14:36:45 +0000 (16:36 +0200)]
selftest: test samba-tool ntacl get/set on AD member server
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 4 Sep 2018 14:32:50 +0000 (16:32 +0200)]
samba-tool ntacl: allow to run get/set-ntacl command in non-AD-DC role
Can be used to get and apply NT-ACLs on Samba member servers.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 4 Sep 2018 14:30:53 +0000 (16:30 +0200)]
s3/py_passdb: add get_domain_sid() to get domain sid from secrets database
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 4 Sep 2018 14:20:49 +0000 (16:20 +0200)]
samba-tool ntacl: pass system session to get/set-ntacl functions
The filled session is needed in different vfs modules.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Wed, 19 Sep 2018 14:52:54 +0000 (16:52 +0200)]
pysmbd: handle file not found error
Avoid PANIC: internal error
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 4 Sep 2018 13:29:58 +0000 (15:29 +0200)]
pysmbd: add option to pass a session info to set_nt_acl() function
A filled session info is needed by some vfs modules, e.g. full_audit.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 25 Sep 2018 11:16:15 +0000 (13:16 +0200)]
s4-auth: allow to pass original_user_name=NULL to auth_session_info_fill_unix()
With this patch the auth_session_info_fill_unix() uses the "unix_name"
from the session_info->unix_info if no original_user_name was specified.
This is used to process a system session info where no original_user_name
is given.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 25 Sep 2018 11:11:09 +0000 (13:11 +0200)]
s4-auth: allow to create unix token from system session info
Without this patch security_token_to_unix_token() fails with
NT_STATUS_ACCESS_DENIED, because the system session does only
have one SID.
For a typical token are at least two or more SIDs expected.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 4 Sep 2018 12:46:03 +0000 (14:46 +0200)]
s4-auth: fetch possible out of memory error
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 4 Sep 2018 12:45:05 +0000 (14:45 +0200)]
s4-auth: use TALLOC_FREE() shortcut
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 4 Sep 2018 12:43:33 +0000 (14:43 +0200)]
s4-auth: fix a typo in a comment
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 4 Sep 2018 12:37:41 +0000 (14:37 +0200)]
python: Add samba.auth.copy_session_info()
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Thu, 30 Aug 2018 14:33:25 +0000 (16:33 +0200)]
auth: move copy_session_info() from source3 into the global auth context
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Tue, 9 Oct 2018 08:15:37 +0000 (10:15 +0200)]
vfs_fruit: move check in ad_convert() to ad_convert_*() subfunctions
Currently the whole conversion is skipped if the FinderInfo entry in the
AppleDouble file is of the default size (ie not containing xattrs).
That also means we never converted FinderInfo from the AppleDouble file
to stream format. This change finally fixes this.
Note that this keeps failing with streams_depot, much like the existing
known-fail of "samba3.vfs.fruit streams_depot.OS X AppleDouble file
conversion". Fixing the conversion to work with vfs_streams_depot is a
task for another day.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 11 01:30:13 CEST 2018 on sn-devel-144
Ralph Boehme [Mon, 8 Oct 2018 16:47:32 +0000 (18:47 +0200)]
vfs_fruit: make call to ad_convert_truncate() optional
Call ad_convert_truncate() based on whether the previous call
ad_convert_xattr() returned converted_xattr=true.
Upcoming fixes for a different Samba bug (#13642) will hook into calling
ad_convert_truncate() in other cases, this also prepares for that.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 8 Oct 2018 16:43:51 +0000 (18:43 +0200)]
vfs_fruit: add out arg "converted_xattr" to ad_convert_xattr
Used to let the caller know if a conversion has been done. Currently not
used in the caller, that comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 8 Oct 2018 10:51:37 +0000 (12:51 +0200)]
vfs_fruit: add check for OS X filler in FinderInfo conversion
This ensures that the function only acts on AppleDouble files created by
macOS and not AppleDouble files created by us that are already in the
correct format (only using the Resource Fork).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 20:05:43 +0000 (22:05 +0200)]
vfs_fruit: call ad_convert_move_reso() from ad_convert_xattr()
ad_convert_xattr() is the place that triggers the need to move the
resource fork, so it should also call ad_convert_move_reso().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 15:07:45 +0000 (17:07 +0200)]
vfs_fruit: let the ad_convert_*() subfunction update the on-disk AppleDoube header as needed
Another step in simplifying ad_convert() itself. It means that we may
write to disk twice, but is only ever done once per AppleDouble file.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 14:59:18 +0000 (16:59 +0200)]
vfs_fruit: let the ad_convert_*() subfunctions mmap as needed
This may mean that we mmap twice when we convert an AppleDouble file,
but this is the only sane way to cleanly modularize ad_convert().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 14:52:32 +0000 (16:52 +0200)]
vfs_fruit: fix error returns in ad_convert_xattr()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 17:15:04 +0000 (19:15 +0200)]
vfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_move_reso()
We really want the fixed size offset here, not a calculated one. Note
that "ad_getentryoff(ad, ADEID_FINDERI) + ADEDLEN_FINDERI" is equal to
ADEDOFF_RFORK_DOT_UND.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 14:44:53 +0000 (16:44 +0200)]
vfs_fruit: split out moving of the resource fork
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 17:15:04 +0000 (19:15 +0200)]
vfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_truncate()
We really want the fixed size offset here, not a calculated one. Note
that "ad_getentryoff(ad, ADEID_RFORK)" is equal to ADEDOFF_RFORK_DOT_UND
in this case.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 17:13:16 +0000 (19:13 +0200)]
vfs_fruit: split out truncating from ad_convert()
This may look a little ill-advised as this increases line count, but
the goal here is modularizing ad_convert() itself and making it as slick
as possible helps achieving that goal.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 14:26:46 +0000 (16:26 +0200)]
vfs_fruit: move FinderInfo lenght check to ad_convert()
The final step in consolidating all conversion related work in
ad_convert(). No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 14:25:27 +0000 (16:25 +0200)]
vfs_fruit: move FinderInfo conversion to helper function and call it from ad_convert()
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 14:14:40 +0000 (16:14 +0200)]
vfs_fruit: move storing of modified struct adouble to ad_convert()
ad_convert() modified it, so let ad_convert() also save it to disk. No
change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 4 Oct 2018 06:51:28 +0000 (08:51 +0200)]
vfs_fruit: remove unneeded fd argument from ad_convert()
Use the struct adouble member ad_fd instead of passing it as an
argument. Who did that in the first place? :)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 4 Oct 2018 06:23:59 +0000 (08:23 +0200)]
vfs_fruit: do direct return from error checks in ad_convert()
Subsequent commits will move the mmap() into the subfunctions. This
change just prepares for that.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 2 Oct 2018 12:51:05 +0000 (14:51 +0200)]
vfs_fruit: move setting ADEID_FINDERI length to ad_convert_xattr()
ad_convert_xattr() does the conversion of the xattr data in the
AppleDouble file, so we should update it's size there and should not
defer it to the caller.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 13:12:44 +0000 (15:12 +0200)]
vfs_fruit: store filler bytes from AppleDouble file header in struct adouble
This can later be used to distinguish between macOS created AppleDouble
files and AppleDouble files created by Samba or Netatalk.
macOS: "Mac OS X "
Samba: "Netatalk "
Netatalk: "Netatalk "
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 11 Sep 2018 12:05:43 +0000 (14:05 +0200)]
vfs_fruit: fix two comments
Thanks to the recent addition of ad_convert_xattr() we now correctly
handle this case.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sun, 7 Oct 2018 16:26:47 +0000 (18:26 +0200)]
s4:torture: FinderInfo conversion test with AppleDouble without xattr data
This testcase demonstrates that the AppleDouble conversion in vfs_fruit
doesn't correctly convert the FinderInfo data from the AppleDouble file
to a stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Thu, 4 Oct 2018 02:30:21 +0000 (15:30 +1300)]
tests/python/ldap: use int instead of long for time_t
Python int is at least a C long; Python long disappears in Py3.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <nopower@suse.com>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Oct 10 09:28:20 CEST 2018 on sn-devel-144
Douglas Bagnall [Thu, 4 Oct 2018 02:29:02 +0000 (15:29 +1300)]
python/upgradehelpers: use int not long for PY3
int works OK for py2 also.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <nopower@suse.com>
Gary Lockyer [Sun, 30 Sep 2018 23:20:44 +0000 (12:20 +1300)]
pyauth: Remove imessaging_ctx parameter to new
The pyauth code assumes the messaging context code is a py_talloc
object. But the code in pymessaging returns a wrapped talloc object.
Removing the parameter as it's not currently used by any code.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Noel Power <nopower@suse.com>
Douglas Bagnall [Tue, 2 Oct 2018 22:42:22 +0000 (11:42 +1300)]
popt_common_creds: actually use the ignore_missing_conf flag
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Olly Betts <olly@survex.com>
Reviewed-by: Noel Power <nopower@suse.com>
Joe Guo [Tue, 21 Aug 2018 00:45:15 +0000 (12:45 +1200)]
netcmd: apply the new get_logger to cmds
This is an example of how to use the new logger.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Tue, 21 Aug 2018 00:08:59 +0000 (12:08 +1200)]
netcmd: modify Command.get_logger to use get_samba_logger
By doing this, we don't need to repeat the log level convert code any more.
Also, logs have colors now.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Mon, 20 Aug 2018 02:13:33 +0000 (14:13 +1200)]
script/traffic_replay: apply new logger to replace print
Use logger to replace print
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Mon, 20 Aug 2018 04:18:45 +0000 (16:18 +1200)]
script/traffic_replay: get debug level via api
The -d option will set samba global debug level automatically.
We should not parse and use the passed in value.
Use samba.get_debug_level instead.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Mon, 20 Aug 2018 04:31:32 +0000 (16:31 +1200)]
script/traffic_replay: print packets data to stderr
This is debug info, should print to stderr.
Otherwise it will flood stdout.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Wed, 22 Aug 2018 04:42:12 +0000 (16:42 +1200)]
emulate/traffic: apply new logger to replace print
These print are actually progress infomation, should use logger to
print to stderr, other than stdout.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Mon, 20 Aug 2018 22:48:04 +0000 (10:48 +1200)]
samba/logger: add logger module for python
We need a consitent way for logging in Samba Python code.
This module provides a factory method `get_samba_logger` to create logger,
with a reasonable default format and optional color.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Thu, 9 Aug 2018 03:49:17 +0000 (15:49 +1200)]
emulate/traffic: allow traffic_replay to run users and groups generate multiple times
When we run `traffic_replay --generate-users-only`, if we cancel it or
it breaks in middle, it won't do anything when we try to run it again.
This is because the code will check the first user/group to create. If
it's already there, then it thought task already done, and break the loop.
This commit change the behavior:
We search existing users/groups first, skip existing ones, and
create non-existing ones. So we can run it multi-times to make sure the
expected users and groups are actually created.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Tue, 9 Oct 2018 09:41:49 +0000 (11:41 +0200)]
lib: Remove lib/crypto/crc32.[ch]
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 10 01:41:52 CEST 2018 on sn-devel-144
Volker Lendecke [Tue, 9 Oct 2018 09:40:17 +0000 (11:40 +0200)]
drsuapi: Use the zlib version of crc32
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 9 Oct 2018 09:39:39 +0000 (11:39 +0200)]
auth: Use the zlib version of crc32
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 9 Oct 2018 09:04:43 +0000 (11:04 +0200)]
build: Multi-line deps
We'll add one in the next commit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 5 Oct 2018 12:49:17 +0000 (14:49 +0200)]
pdb: Reduce code duplication in make_user_info()
10 lines less and a few hundred (-O0) bytes .text less
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 9 01:22:53 CEST 2018 on sn-devel-144
Volker Lendecke [Fri, 5 Oct 2018 09:34:41 +0000 (11:34 +0200)]
pdb: Fix some "(ret == true)" to just "(ret)"
"ret" is a boolean, so this should not change semantics
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 5 Oct 2018 10:12:39 +0000 (12:12 +0200)]
pdb: Use "sid_compose" where appropriate
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 7 Oct 2018 12:47:26 +0000 (14:47 +0200)]
lib: Avoid the use of open_memstream in tevent_req_profile_string
Solaris does not have it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13629
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Oct 2018 15:42:09 +0000 (17:42 +0200)]
tdb: Basic test for circular freelist fix
Try to store a record for which the (circular) freelist does not have
any entry.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Oct 2018 19:41:27 +0000 (21:41 +0200)]
tdb: Basic test for circular hash chain fix
This just walks tdb_find by searching for a nonexistent record
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Oct 2018 15:12:42 +0000 (17:12 +0200)]
tdb: Make the freelist walk circular-safe
We can't really do the full check while the freelist is modified on the
fly. As long as we don't merge any freelist entries, we should be good
to apply this check.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Oct 2018 15:12:25 +0000 (17:12 +0200)]
tdb: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>