Andrew Bartlett [Fri, 16 Aug 2019 03:47:49 +0000 (15:47 +1200)]
libcli/smb: Use gnutls_error_to_ntstatus() in smb2_signing_sign_pdu()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 27 Feb 2019 13:40:30 +0000 (14:40 +0100)]
libcli:smb: Use GnuTLS AES128 CMAC in smb2_signing_sign_pdu()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Adapted by Andrew Bartlett to followup from earlier patch to
allow compile without GnuTLS over the whole series.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 27 Feb 2019 13:40:07 +0000 (14:40 +0100)]
waf: Check for AES128 CMAC support in GnuTLS
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 26 Feb 2019 17:11:27 +0000 (18:11 +0100)]
s3:smbd: Use GnuTLS for AES constants
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Adapted to remove Samba AES
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 14 Mar 2019 09:10:34 +0000 (10:10 +0100)]
s3:smbd: Use smb2_signing_key structure for the decryption key
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 14 Mar 2019 09:02:27 +0000 (10:02 +0100)]
s3:smbd: Use smb2_signing_key structure for the encryption key
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 14 Mar 2019 08:48:54 +0000 (09:48 +0100)]
libcli:smb: Use a smb2_signing_key for storing the decryption key
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 14 Mar 2019 08:34:23 +0000 (09:34 +0100)]
libcli:smb: Use a smb2_signing_key for storing the encryption key
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 14 Mar 2019 08:26:04 +0000 (09:26 +0100)]
libcli:smb: Add gnutls_aead_cipher_hd_t to smb2_signing_key structure
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Adapted to remove Samba AES support
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 26 Feb 2019 17:12:57 +0000 (18:12 +0100)]
libcli:smb: Use GnuTLS for AES constants
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Adapted to remove Samba AES support
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 26 Feb 2019 17:06:46 +0000 (18:06 +0100)]
libcli:smb: Define SMB2_AES_128_CCM_NONCE_SIZE
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 15 Aug 2019 05:28:30 +0000 (17:28 +1200)]
build: Remove explicit check for HAVE_GNUTLS_AEAD as we require GnuTLS 3.4.7
We strictly require it and if this were to fail we would want the compile to fail.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 31 Jul 2019 04:37:00 +0000 (16:37 +1200)]
s4-samdb: Remove duplicate encrypted_secrets code using internal Samba AES
We now rely on GnuTLS 3.4.7 or later.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Thu, 15 Aug 2019 02:23:35 +0000 (14:23 +1200)]
lib/crypto: Remove unused RC4 code from Samba
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 04:08:57 +0000 (16:08 +1200)]
s4-rpc_server/backupkey: consistently check error codes from GnuTLS
This uses the new gnutls_error_to_werror()
This should resolve Coverity
1452111 as forwarded by Volker.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 31 Jul 2019 04:13:38 +0000 (16:13 +1200)]
s4-rpc_server: Remove Heimdal-based BackupKey server
We rely on a modern GnuTLS now.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Thu, 15 Aug 2019 02:25:41 +0000 (14:25 +1200)]
build: Set minimum GnuTLS version at 3.4.7
This will soon be required for encrypted_secrets in the AD DC, the BackupKey server
and SMB2 as we remove use of the internal AES code.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Fri, 15 Mar 2019 13:54:13 +0000 (14:54 +0100)]
lib:crypto: Prepare not to build AES or AES-CMAC if we use GnuTLS support it
Samba will soon require GnuTLS >= 3.4.7.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Adjusted by Andrew Bartlett from an earlier more comprehensive patch by Andreas
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 03:45:43 +0000 (15:45 +1200)]
auth/gensec: Use gnutls_error_to_ntstatus() in netsec_do_seal()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Mon, 18 Mar 2019 15:24:54 +0000 (16:24 +0100)]
auth:gensec: Use GnuTLS AES CFB8 in netsec_do_seal()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 03:43:01 +0000 (15:43 +1200)]
auth/gensec: Use gnutls_error_to_ntstatus() consistently in schannel
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Fri, 1 Mar 2019 16:55:02 +0000 (17:55 +0100)]
auth:gensec: Use GnuTLS AES128 CFB8 in netsec_do_seq_num()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 02:29:45 +0000 (14:29 +1200)]
auth/credentials: Check NTSTATUS return from netlogon_creds_aes_encrypt()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 02:22:42 +0000 (14:22 +1200)]
s3-librpc: Remove unused init_netr_CryptPassword()
Unused since
38d4dba37406515181e4d6f1a1faffc18e652e27 in 2013
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 02:15:45 +0000 (14:15 +1200)]
s4-rpc_server: Check NTSTATUS return value from netlogon_creds_aes_decrypt()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 02:05:38 +0000 (14:05 +1200)]
s3-rpc_server: Check NTSTATUS return value from netlogon_creds_aes_decrypt()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 01:55:49 +0000 (13:55 +1200)]
libcli:auth Check NTSTATUS from netlogon_creds_aes_{en,de}crypt()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 01:52:36 +0000 (13:52 +1200)]
crypto: Update REQUIREMENTS file with new minimum version
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Fri, 16 Aug 2019 00:34:28 +0000 (12:34 +1200)]
libcli:auth Return NTSTATUS from netlogon_creds_aes_decrypt()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Mon, 18 Mar 2019 14:13:08 +0000 (15:13 +0100)]
libcli:auth: Use GnuTLS AES128 CFB for netlogon_creds_aes_decrypt()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 29 May 2019 14:38:09 +0000 (16:38 +0200)]
libcli:auth: Return NTSTATUS for netlogon_creds_aes_encrypt()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Adapted by Andrew Bartlett to use gnutls_error_to_ntstatus()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 1 Mar 2019 16:41:11 +0000 (17:41 +0100)]
libcli:auth: Use GnuTLS AES128 CFB for netlogon_creds_aes_encrypt()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 1 Mar 2019 16:33:01 +0000 (17:33 +0100)]
libcli:auth: Use netlogon_creds_aes_encrypt() in netlogon_creds_step_crypt()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 1 Mar 2019 16:35:02 +0000 (17:35 +0100)]
waf: Check for GNUTLS AES CFB support
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 26 Feb 2019 17:33:09 +0000 (18:33 +0100)]
s4:samdb: Only include necessary header files in encrypted_secrets
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 26 Feb 2019 17:32:34 +0000 (18:32 +0100)]
s4:samdb: Remove dual-stack mode from (test_)encrypted_secrets
Now we either build with GnuTLS or Samba crypto. If a modern GnuTLS
version is detected that will be used and Samba crypto wont be
available.
This removes the dual-stack mode that encrypted with one and decrypted
with the other in the testsuite.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Commit message clarified by Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 15 Aug 2019 03:27:30 +0000 (15:27 +1200)]
encrypted_secrets: Add known and expected value test
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Mon, 29 Jul 2019 07:21:11 +0000 (09:21 +0200)]
s4:samdb: Add test_gnutls_value_decryption()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Marco Wang [Wed, 14 Aug 2019 06:05:05 +0000 (14:05 +0800)]
s3: net: net_ads: fix a typo in comment
Signed-off-by: Marco Wang <m.aesophor@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 21 08:39:43 UTC 2019 on sn-devel-184
Swen Schillig [Thu, 15 Aug 2019 12:43:22 +0000 (14:43 +0200)]
talloc: ASAN fix for test_magic_protection
Direct leak of 1152 byte(s) in 1 object(s) allocated from:
#0 0x7f06393dfc08 in __interceptor_malloc (/lib64/libasan.so.5+0xefc08)
#1 0x7f06392cfd59 in __talloc_with_prefix ../../talloc.c:782
#2 0x7f06392cfd59 in _talloc_pool ../../talloc.c:837
#3 0x7f06392cfd59 in talloc_pool ../../talloc.c:859
#4 0x40b83c in test_magic_protection ../../testsuite.c:1960
#5 0x40b83c in torture_local_talloc ../../testsuite.c:2164
#6 0x402603 in main ../../testsuite_main.c:32
#7 0x7f063908a412 in __libc_start_main (/lib64/libc.so.6+0x24412)
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Swen Schillig [Thu, 15 Aug 2019 12:39:58 +0000 (14:39 +0200)]
talloc: ASAN fix for test_rusty
Direct leak of 100 byte(s) in 1 object(s) allocated from:
#0 0x7f06393dfc08 in __interceptor_malloc (/lib64/libasan.so.5+0xefc08)
#1 0x7f06392d1af3 in __talloc_with_prefix ../../talloc.c:782
#2 0x7f06392d1af3 in __talloc ../../talloc.c:824
#3 0x7f06392d1af3 in __talloc_strlendup ../../talloc.c:2455
#4 0x7f06392d1af3 in talloc_strdup ../../talloc.c:2471
#5 0x40b4f0 in test_rusty ../../testsuite.c:1543
#6 0x40b4f0 in torture_local_talloc ../../testsuite.c:2146
#7 0x402603 in main ../../testsuite_main.c:32
#8 0x7f063908a412 in __libc_start_main (/lib64/libc.so.6+0x24412)
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Swen Schillig [Thu, 15 Aug 2019 12:36:59 +0000 (14:36 +0200)]
talloc: ASAN fix for test_pool_nest
Direct leak of 96 byte(s) in 1 object(s) allocated from:
#0 0x7f06393dfc08 in __interceptor_malloc (/lib64/libasan.so.5+0xefc08)
#1 0x7f06392d0c45 in __talloc_with_prefix ../../talloc.c:782
#2 0x7f06392d0c45 in __talloc ../../talloc.c:824
#3 0x7f06392d0c45 in _talloc_named_const ../../talloc.c:981
#4 0x7f06392d0c45 in talloc_named_const ../../talloc.c:1748
#5 0x40901e in test_pool_nest ../../testsuite.c:1451
#6 0x40901e in torture_local_talloc ../../testsuite.c:2096
#7 0x402603 in main ../../testsuite_main.c:32
#8 0x7f063908a412 in __libc_start_main (/lib64/libc.so.6+0x24412)
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Swen Schillig [Thu, 15 Aug 2019 12:33:32 +0000 (14:33 +0200)]
talloc: ASAN fix for test_talloc_free_in_destructor
Indirect leak of 104 byte(s) in 1 object(s) allocated from:
#0 0x7f06393dfc08 in __interceptor_malloc (/lib64/libasan.so.5+0xefc08)
#1 0x7f06392d0c45 in __talloc_with_prefix ../../talloc.c:782
#2 0x7f06392d0c45 in __talloc ../../talloc.c:824
#3 0x7f06392d0c45 in _talloc_named_const ../../talloc.c:981
#4 0x7f06392d0c45 in talloc_named_const ../../talloc.c:1748
#5 0x409edd in test_talloc_free_in_destructor ../../testsuite.c:1256
#6 0x409edd in torture_local_talloc ../../testsuite.c:2138
#7 0x402603 in main ../../testsuite_main.c:32
#8 0x7f063908a412 in __libc_start_main (/lib64/libc.so.6+0x24412)
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Swen Schillig [Thu, 15 Aug 2019 12:22:46 +0000 (14:22 +0200)]
talloc: ASAN fix for test_realloc_on_destructor_parent
Direct leak of 96 byte(s) in 1 object(s) allocated from:
#0 0x7fd52c00dc08 in __interceptor_malloc (/lib64/libasan.so.5+0xefc08)
#1 0x7fd52befec45 in __talloc_with_prefix ../../talloc.c:782
#2 0x7fd52befec45 in __talloc ../../talloc.c:824
#3 0x7fd52befec45 in _talloc_named_const ../../talloc.c:981
#4 0x7fd52befec45 in talloc_named_const ../../talloc.c:1748
#5 0x4099bd in test_realloc_on_destructor_parent ../../testsuite.c:1000
#6 0x4099bd in torture_local_talloc ../../testsuite.c:2129
#7 0x402603 in main ../../testsuite_main.c:32
#8 0x7fd52bcb8412 in __libc_start_main (/lib64/libc.so.6+0x24412)
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:40:37 +0000 (16:40 -0700)]
s3: VFS: Complete the replacement of SMB_VFS_LINK() -> SMB_VFS_LINKAT().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 20 22:26:17 UTC 2019 on sn-devel-184
Jeremy Allison [Fri, 16 Aug 2019 23:29:11 +0000 (16:29 -0700)]
s3: VFS: vfs_time_audit. Remove link_fn(). No longer used.
NB, this will now fail smb_vfs_assert_all_fns()
until we remove the rename_fn() from the VFS definitions.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:21:42 +0000 (16:21 -0700)]
s3: VFS: vfs_full_audit. Remove link_fn(). No longer used.
NB, this will now fail smb_vfs_assert_all_fns()
until we remove the rename_fn() from the VFS definitions.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:28:16 +0000 (16:28 -0700)]
s3: VFS: vfs_unityed_media. Remove link_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:27:25 +0000 (16:27 -0700)]
s3: VFS: vfs_syncops. Remove link_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:26:34 +0000 (16:26 -0700)]
s3: VFS: vfs_snapper. Remove link_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:25:37 +0000 (16:25 -0700)]
s3: VFS: vfs_shadow_copy2. Remove link_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:24:53 +0000 (16:24 -0700)]
s3: VFS: vfs_media_harmony. Remove link_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:24:38 +0000 (16:24 -0700)]
s3: VFS: vfs_glusterfs. Remove link_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:21:04 +0000 (16:21 -0700)]
s3: VFS: vfs_ceph_snapshots. Remove link_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:19:22 +0000 (16:19 -0700)]
s3: VFS: vfs_ceph. Remove link_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:18:34 +0000 (16:18 -0700)]
s3: VFS: vfs_cap. Remove link_fn(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:16:48 +0000 (16:16 -0700)]
s3: smbd: Make hardlink_internals() call SMB_VFS_LINKAT() instead of SMB_VFS_LINK()
Use conn->cwd_fsp as current src and dst fsp's.
No logic change for now.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:14:03 +0000 (16:14 -0700)]
s3: torture: Change cmd_link to call SMB_VFS_LINKAT().
Use conn->cwd_fsp as current src and dst fsp's.
No logic change for now.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:08:22 +0000 (16:08 -0700)]
s3: VFS: vfs_unityed_media. Implement linkat().
Currently identical to link().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:05:55 +0000 (16:05 -0700)]
s3: VFS: vfs_time_audit. Implement linkat().
Currently identical to link().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:04:02 +0000 (16:04 -0700)]
s3: VFS: vfs_syncops. Implement linkat().
Currently identical to link().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 23:01:22 +0000 (16:01 -0700)]
s3: VFS: vfs_snapper. Implement linkat().
Currently identical to link().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 22:59:27 +0000 (15:59 -0700)]
s3: VFS: vfs_shadow_copy2. Implement linkat().
Currently identical to link().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Fri, 16 Aug 2019 22:57:15 +0000 (15:57 -0700)]
s3: VFS: vfs_media_harmony. Implement linkat().
Currently identical to link().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 14 Aug 2019 20:01:39 +0000 (13:01 -0700)]
s3: VFS: vfs_glusterfs. Implement linkat().
Currently identical to link().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 14 Aug 2019 18:45:35 +0000 (11:45 -0700)]
s3: VFS: vfs_full_audit. Implement linkat().
Currently identical to link().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 14 Aug 2019 18:38:23 +0000 (11:38 -0700)]
s3: VFS: vfs_ceph_snapshots. Implement linkat().
Currently identical to link().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 14 Aug 2019 18:32:30 +0000 (11:32 -0700)]
s3: VFS: vfs_ceph. Implement linkat().
Currently identical to link().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Tue, 13 Aug 2019 21:59:05 +0000 (14:59 -0700)]
s3: VFS: vfs_cap. Implement linkat().
Currently identical to link().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Mon, 12 Aug 2019 23:49:26 +0000 (16:49 -0700)]
s3: VFS: Add SMB_VFS_LINKAT().
Currently identical to SMB_VFS_LINK().
Next, move add to all VFS modules that implement
link and eventually remove link.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Anoop C S [Mon, 5 Aug 2019 05:15:01 +0000 (10:45 +0530)]
vfs_glusterfs: Enable profiling for file system operations
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14093
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 20 19:25:28 UTC 2019 on sn-devel-184
Stefan Metzmacher [Tue, 20 Aug 2019 12:55:27 +0000 (14:55 +0200)]
tdb: Release tdb 1.4.2
* Build fixes
* Improve the performance by inlining the tdb_oob() checks
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 20 14:45:41 UTC 2019 on sn-devel-184
Martin Schwenke [Mon, 19 Aug 2019 11:48:04 +0000 (21:48 +1000)]
ctdb-daemon: Make node inactive in the NODE_STOP control
Currently some of this is supported by a periodic check in the
recovery daemon's main_loop(), which notices the flag change, sets
recovery mode active and freezes databases. If STOP_NODE returns
immediately then the associated recovery can complete and the node can
be continued before databases are actually frozen.
Instead, immediately do all of the things that make a node inactive.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14087
RN: Stop "ctdb stop" from completing before freezing databases
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Aug 20 08:32:27 UTC 2019 on sn-devel-184
Martin Schwenke [Tue, 20 Aug 2019 01:29:42 +0000 (11:29 +1000)]
ctdb-daemon: Drop unused function ctdb_local_node_got_banned()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14087
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 19 Aug 2019 11:52:57 +0000 (21:52 +1000)]
ctdb-daemon: Switch banning code to use ctdb_node_become_inactive()
There's no reason to avoid immediately setting recovery mode to active
and initiating freeze of databases.
This effectively reverts the following commits:
d8f3b490bbb691c9916eed0df5b980c1aef23c85
b4357a79d916b1f8ade8fa78563fbef0ce670aa9
The latter is now implemented using a control, resulting in looser
coupling.
See also the following commit:
f8141e91a693912ea1107a49320e83702a80757a
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14087
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 19 Aug 2019 11:47:03 +0000 (21:47 +1000)]
ctdb-daemon: Factor out new function ctdb_node_become_inactive()
This is a superset of ctdb_local_node_got_banned() so will replace
that function, and will also be used in the NODE_STOP control.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14087
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
David Disseldorp [Sun, 18 Aug 2019 09:24:37 +0000 (11:24 +0200)]
build: fix mandatory typo in zlib configure check
This ensures that waf correctly fails during configure if zlib is
missing.
msg can also be dropped as it matches the waf validate_cfg() default
(ignoring the quotes).
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 20 06:58:12 UTC 2019 on sn-devel-184
Tim Beale [Tue, 30 Jul 2019 22:54:29 +0000 (10:54 +1200)]
ldb: Free memory when repacking database
The msg for each database record is allocated on the module context, but
never freed. The module seems like it could be a long-running context (as
the database would normally get repacked by the samba executable).
Even if it's not a proper leak, it shouldn't hurt to cleanup the memory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Aug 20 04:57:10 UTC 2019 on sn-devel-184
Tim Beale [Tue, 30 Jul 2019 22:33:49 +0000 (10:33 +1200)]
ldb: Log the partition we're repacking
Firstly, with Samba AD this looks a little weird because we log the same
message 5 times (once for every partition). If we log that we're doing
this to records in different partitions, hopefully someone with a little
Samba knowledge can figure out what's going on.
Secondly, the info about what partitions are actually changing might be
useful. E.g. if we hit a fatal error repacking the 3rd partition, and
the transaction doesn't abort properly, then it would be useful to know
what partitions were repacked and which ones weren't.
There doesn't appear to be a useful name for the partition
(ldb_kv->kv_ops->name() doesn't seem any more intelligible to a user),
so just log the first record that we update. We can use that to infer
the partition database).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Tue, 30 Jul 2019 04:40:55 +0000 (16:40 +1200)]
ldb: Log pack format in user-friendly way
The "format 0x26011968" log confused me (and I'm a developer).
We can subtract the base offset from the pack format to get a more
user-friendly number, e.g. v0 (not actually used), v1, v2, etc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Tue, 30 Jul 2019 03:15:40 +0000 (15:15 +1200)]
ldb: Change pack format defines to enum
The main reason is so that any future pack formats will continue
incrementing this number in a sequential fashion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Tue, 30 Jul 2019 03:02:25 +0000 (15:02 +1200)]
ldb: Move where we update the pack format version
Store it on the repack context so that we can log a more informative
message "Repacking from format x to format y".
While this is not really a big deal currently, it could be worth
recording for potential future scenarios (i.e. supporting three or more
pack versions), where upgrades could potentially skip an intermediary
pack format version.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Tue, 30 Jul 2019 04:40:55 +0000 (16:40 +1200)]
ldb: Always log when the database pack format changes
LDB_DEBUG_WARNING gets logged by Samba as level 2, whereas the default
log level for Samba is 0. It's not really fair to the user to change the
format of their database on disk and potentially not tell them.
This patch adds a log with level zero (using a alias define, as this
technically isn't a fatal problem).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Aaron Haslett [Mon, 22 Jul 2019 01:35:21 +0000 (13:35 +1200)]
downgradedatabase: installing script
Installing downgrade script so people don't need the source tree for it.
Exception added in usage test because running the script without arguments
is valid. (This avoids the need to knownfail it).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Aaron Haslett [Mon, 22 Jul 2019 01:35:21 +0000 (13:35 +1200)]
downgradedatabase: Add man-page documentation
A man-page is needed so that we can install this tool as part of the
Samba package.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Mon, 29 Jul 2019 01:39:04 +0000 (13:39 +1200)]
downgradedatabase: rename to samba_downgrade_db
Just so that it's slightly less of a mouthful for users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Mon, 29 Jul 2019 01:35:08 +0000 (13:35 +1200)]
tests: Avoid hardcoding relative filepath
If we move the test file, the test will break.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Aaron Haslett [Mon, 22 Jul 2019 03:29:03 +0000 (15:29 +1200)]
downgradedatabase: comply with samba.tests.source
In next commit we'll install the script, samba.tests.source picked up the
lack of a copyright message and some whitespace errors, so this patch
fixes that stuff first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Volker Lendecke [Tue, 13 Aug 2019 14:56:58 +0000 (16:56 +0200)]
smbd: Move lease type detection in delay_for_oplock()
Walk the share_modes array only once.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 20 00:33:12 UTC 2019 on sn-devel-184
Volker Lendecke [Sat, 10 Aug 2019 19:23:24 +0000 (21:23 +0200)]
smbd: Merge grant_fsp_oplock_type() into delay_for_oplock()
This is a preparation for the next commit: Only walk the share_modes[]
array once when handling oplocks and leases.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 10 Aug 2019 19:17:05 +0000 (21:17 +0200)]
smbd: Move delay_for_oplock() down
We'll merge grant_fsp_oplock_type() into this function. This makes the next
commit smaller, and the newly extended delay_for_oplocks will for example
reference static file_has_brlocks() above. Make forward declarations
unnecessary.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 10 Aug 2019 19:15:22 +0000 (21:15 +0200)]
smbd: Make delay_for_oplock() return NTSTATUS
A further commit will merge grant_fsp_oplock_type (returning NTSTATUS)
into delay_for_oplock(). Make that commit smaller.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 9 Aug 2019 11:39:34 +0000 (13:39 +0200)]
smbd: Slightly simplify grant_fsp_oplock_type()
This is never called with INTERNAL_OPENs anymore
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 9 Aug 2019 11:38:40 +0000 (13:38 +0200)]
smbd: Slightly simplify delay_for_oplock()
This is never called for INTERNAL_OPENs anymore, see
handle_share_mode_lease()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 7 Aug 2019 10:15:45 +0000 (12:15 +0200)]
smbd: Introduce handle_share_mode_lease()
This consolidates the core share_mode_lock access of open_file_ntcreate
into one routine.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 6 Aug 2019 14:28:29 +0000 (16:28 +0200)]
smbd: Move set_share_mode() out of grant_fsp_oplock_type()
This shows that "req", "share_access" and "access_mask" are not needed
for the core logic of grant_fsp_oplock_type() and it separates
concerns a bit: open_directory() also does the set_share_mode() in the
main open routine, not in a helper like grant_fsp_oplock_type()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 25 Jul 2019 14:31:17 +0000 (16:31 +0200)]
smbd: Move grant_fsp_oplock_type() close to delay_for_oplock()
Note that this is not a cut&paste: Instead of fsp->access_mask we use
the access_mask the client requested. At the new code location
fsp->access_mask (a.k.a. open_access_mask) might have FILE_WRITE_DATA
from O_TRUNC (a.k.a. FILE_OVERWRITE).
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 2 Aug 2019 13:24:16 +0000 (15:24 +0200)]
smbd: Slightly simplify open_file_ntcreate()
There is no reference to "file_existed" after this point anymore
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 2 Aug 2019 13:21:49 +0000 (15:21 +0200)]
smbd: Remove a late ref to "file_existed" in open_file_ntcreate()
If you follow "existing_dos_attributes" through the routine, this can
only ever be !=0 if SMB_VFS_GET_DOS_ATTRIBUTES() was successful. This
can only have been successful if the file existed.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 25 Jul 2019 09:52:21 +0000 (11:52 +0200)]
smbd: Move resetting "oplock_request" to before delay_for_oplock()
It seems to make little sense to me to do the oplock break with one
setting and then later on grant_fsp_oplock_type with another
one. Survives tests, I can't think of any scenario where this (to me)
simplification would break anything
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>