Ralph Boehme [Wed, 12 Aug 2015 09:35:27 +0000 (11:35 +0200)]
selftest: add change notify = no to simpleserver env
A subsequent patch will use this env in a torture test.
The aren't any existing tests that make use of change notify, so
disabling change notify in this test environment doesn't impact existing
tests.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11444
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 11 Aug 2015 14:49:46 +0000 (16:49 +0200)]
notify: check for valid notify_ctx in notify_remove
notify_ctx will be NULL when "change notify = no" is set in smb.conf.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11444
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 30 Aug 2015 23:08:45 +0000 (11:08 +1200)]
web_server: Fix server not to segfault on startup
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Aug 31 04:11:55 CEST 2015 on sn-devel-104
Andrew Bartlett [Sun, 30 Aug 2015 22:59:58 +0000 (10:59 +1200)]
web_server: Use talloc_get_type_abort()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Sun, 30 Aug 2015 22:48:08 +0000 (10:48 +1200)]
lib/tls: Ensure SSLv3 is disabled in the web server by default
By calling gnutls_priority_set_direct() the behaviour should now match the LDAP server
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Sun, 30 Aug 2015 22:33:34 +0000 (10:33 +1200)]
lib/tls: Remove unused tls_init_client code
This is unused as the callers have now been migrated to tls_tstream
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Martin Schwenke [Tue, 18 Aug 2015 05:22:23 +0000 (15:22 +1000)]
ctdb-scripts: Add default filesystem usage warnings
Always check filesystem usage for the database directories.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sat Aug 29 20:08:48 CEST 2015 on sn-devel-104
Martin Schwenke [Fri, 14 Aug 2015 07:08:45 +0000 (17:08 +1000)]
ctdb-scripts: Add default system memory usage warnings
CTDB should warn by default if too much system memory or swap is used.
The tests have also been tweaked. In particular, the filesystem-only
tests need to initialise the memory information to avoid errors where
meminfo isn't set.
Document the defaults, warning against disabling them.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 6 Aug 2015 05:59:06 +0000 (15:59 +1000)]
ctdb-scripts: Enable system monitoring eventscript by default
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 5 Aug 2015 10:42:16 +0000 (20:42 +1000)]
ctdb-scripts: Throttle system resource monitoring warnings
They are only printed when the percentage usage changes. This should
stop the logs from being filled with warnings.
Add a test for the throttling.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 3 Aug 2015 09:55:27 +0000 (19:55 +1000)]
ctdb-scripts: Don't shutdown CTDB when memory monitoring fails
Marking the node unhealthy should cause Samba processes to close,
possible freeing a stack of memory. If not, then it is somebody
else's problem.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 3 Aug 2015 07:22:08 +0000 (17:22 +1000)]
ctdb-scripts: New consistent system memory and swap monitoring
New variables CTDB_MONITOR_MEMORY_USAGE and CTDB_MONITOR_SWAP_USAGE.
Both take a pair of <warn_threshold>:<unhealthy_threshold> where each
theshold is specified as a percentage.
This adds a callout to check_thresholds() that is run when the
unhealthy threshold is reached.
Add some combination tests.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 3 Aug 2015 06:20:40 +0000 (16:20 +1000)]
ctdb-scripts: Factor out new function check_thresholds()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 3 Aug 2015 05:59:50 +0000 (15:59 +1000)]
ctdb-scripts: Memory monitoring uses thresholds expressed as percentages
CTDB_MONITOR_FREE_MEMORY and CTDB_MONITOR_FREE_MEMORY_WARN are now
percentages that specify thresholds of acceptable memory usage.
Memory/swap usage in tests also specified as percentages.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 24 Jul 2015 09:57:42 +0000 (19:57 +1000)]
ctdb-scripts: Use MemAvailable if it is in /proc/meminfo
Otherwise calculate, as before.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 20 Jul 2015 10:50:56 +0000 (20:50 +1000)]
ctdb-scripts: Only use /proc/meminfo for memory checks, not "free"
No need to use 2 different sources of information for similar checks.
Also, output of free has been changed, whereas /proc/meminfo is a
kernel API, which will not change.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 20 Jul 2015 06:08:13 +0000 (16:08 +1000)]
ctdb-scripts: Move system memory checking to 05.system
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 20 Aug 2015 01:47:19 +0000 (11:47 +1000)]
ctdb-tests: Remove unwanted trailing whitespace
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 17 Jul 2015 11:32:01 +0000 (21:32 +1000)]
ctdb-tests: Add tests for filesystem usage monitoring
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 3 Aug 2015 04:56:40 +0000 (14:56 +1000)]
ctdb-scripts: New configuration variable CTDB_MONITOR_FILESYSTEM_USAGE
This allows both errors (i.e. unhealthy) and warnings for different
thresholds. It replaces CTDB_CHECK_FS_USE.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 24 Jul 2015 09:56:06 +0000 (19:56 +1000)]
ctdb-scripts: Don't fail monitoring if sanity checks fail
Just log some warnings.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 17 Jul 2015 10:04:44 +0000 (20:04 +1000)]
ctdb-scripts: Move filesystem monitoring into a function, clean it up
Drop obvious comments. Use die() for less lines of code. Use a case
statement to avoid forking unnecessary processes for each filesystem
being checked. Drop parentheses around percentages in messages.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 17 Jul 2015 01:59:56 +0000 (11:59 +1000)]
ctdb-scripts: Rename 40.fs_use to 05.system
Will put all the system monitoring in here, simplifying 00.ctdb.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Ralph Wuerthner [Fri, 28 Aug 2015 12:42:32 +0000 (14:42 +0200)]
s3: add suport for SMB3_10 and SMB3_11 protocols in smbstatus
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11472
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 29 07:05:10 CEST 2015 on sn-devel-104
Petr Viktorin [Tue, 14 Jul 2015 09:02:36 +0000 (11:02 +0200)]
python: Remove uuid module
The uuid module was only built for Python 2.4 and lower, which Samba
no longer supports.
Python 2.5+ includes uuid in its standard library.
Signed-off-by: Petr Viktorin <pviktori@redhat.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Aug 29 04:03:49 CEST 2015 on sn-devel-104
Volker Lendecke [Fri, 28 Aug 2015 10:33:13 +0000 (12:33 +0200)]
winbind: Fix 100% loop
Thanks to "L.P.H. van Belle" <belle@bazuin.nl>
for help in reproducing the issue.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11038
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 28 22:03:31 CEST 2015 on sn-devel-104
Stefan Metzmacher [Fri, 28 Aug 2015 12:16:14 +0000 (14:16 +0200)]
s3:smb2_create: #if 0 unused variable
This fixes the build on ubuntu 14.04, which failed like this:
[2852/3952] Compiling source3/smbd/smb2_create.c
../source3/smbd/smb2_create.c: In function ‘smbd_smb2_create_send’:
../source3/smbd/smb2_create.c:678:28: error: variable ‘svhdx’ set but not used [-Werror=unused-but-set-variable]
struct smb2_create_blob *svhdx = NULL;
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Richard Sharpe [Wed, 29 Jul 2015 02:08:02 +0000 (19:08 -0700)]
Move the error handling for svhdx to vfswrap_create to give VFS module writers a chance to handle RSVD opens if they want to.
Also handle a review comment by Metze.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 28 03:19:36 CEST 2015 on sn-devel-104
Stefan Metzmacher [Wed, 12 Aug 2015 10:58:49 +0000 (12:58 +0200)]
lib/crypto: make it possible to use only parts of aes.[ch]
This can be used in order to optimize some parts later.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 27 23:23:54 CEST 2015 on sn-devel-104
Stefan Metzmacher [Wed, 12 Aug 2015 10:58:49 +0000 (12:58 +0200)]
lib/crypto: sync AES_cfb8_encrypt() from heimdal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 14 Aug 2015 21:45:07 +0000 (23:45 +0200)]
lib/crypto: make use of aes_test.h in aes_gcm_128_test.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 11 Aug 2015 22:59:58 +0000 (00:59 +0200)]
lib/crypto: optimize aes_gcm_128
- We avoid variables in order to do a lazy cleanup
in aes_ccm_128_digest() via ZERO_STRUCTP(ctx)
- We use the optimized aes_block_{xor,rshift}() functions
- Align AES_BLOCK_SIZE arrays to 8 bytes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 11 Aug 2015 22:59:58 +0000 (00:59 +0200)]
lib/crypto: optimize aes_ccm_128
- We avoid variables in order to do a lazy cleanup
in aes_ccm_128_digest() via ZERO_STRUCTP(ctx)
- We use the optimized aes_block_xor() function
- We reuse A_i instead of rebuilding it everything completely.
- Align AES_BLOCK_SIZE arrays to 8 bytes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 11 Aug 2015 22:59:58 +0000 (00:59 +0200)]
lib/crypto: optimize aes_cmac_128
- We avoid variables in order to do a lazy cleanup
in aes_cmac_128_final() via ZERO_STRUCTP(ctx)
- We avoid unused memcpy() calls
- We use the optimized aes_block_{xor,lshift}() functions
- Align AES_BLOCK_SIZE arrays to 8 bytes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 11 Aug 2015 22:59:58 +0000 (00:59 +0200)]
lib/crypto: add optimized helper functions aes_block_{xor,lshift,rshift}()
These are typical operations on an AES_BLOCK used by different modes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 14 Aug 2015 11:13:21 +0000 (13:13 +0200)]
lib/crypto: add aes_ccm_128 tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 27 Aug 2015 11:44:56 +0000 (13:44 +0200)]
lib/crypto: verify 0 updates in aes_gcm_128 tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 14 Aug 2015 11:12:13 +0000 (13:12 +0200)]
lib/crypto: run all aes_gcm_128 testcases
We should not skip the first one.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 11 Aug 2015 14:31:25 +0000 (16:31 +0200)]
lib/crypto: add aes_cmac_128 chunked tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 12 Aug 2015 10:09:24 +0000 (12:09 +0200)]
s3:vfs_smb_traffic_analyzer: remove samba_ prefix from AES_* function calls
This should be an implementation detail in lib/crypto/aes.h.
In future we may add support for other implementations.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 26 Aug 2015 08:52:44 +0000 (10:52 +0200)]
lib: Make sid_linearize take a uint8_t
We marshall into a binary buffer, uint8_t better reflects that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 27 00:40:58 CEST 2015 on sn-devel-104
Volker Lendecke [Mon, 24 Aug 2015 14:50:44 +0000 (16:50 +0200)]
lib: Remove unused sid_blob_parse
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 24 Aug 2015 14:46:12 +0000 (16:46 +0200)]
lib: Convert callers of sid_blob_parse to sid_parse
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 24 Aug 2015 10:33:28 +0000 (12:33 +0200)]
lib: Make sid_parse take a uint8_t
sid_parse takes a binary blob, uint8_t reflects this a bit
better than char * does
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Richard Sharpe [Tue, 25 Aug 2015 03:26:42 +0000 (20:26 -0700)]
Prevent a crash in Python modules that try to authenticate by ensuring we reject cases where credendials fields are not intialized.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 25 21:45:18 CEST 2015 on sn-devel-104
Roel van Meer [Tue, 4 Aug 2015 14:50:43 +0000 (16:50 +0200)]
s3-util: Compare the maximum allowed length of a NetBIOS name
This fixes a problem where is_myname() returns true if one of our names
is a substring of the specified name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11427
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 3 Aug 2015 01:50:08 +0000 (13:50 +1200)]
selftest: Add assertion that we actually fix the replPropertyMetaData sort order
This ensures that the dbcheck rule fixes the sort order (and only fixes the sort order).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 25 02:45:58 CEST 2015 on sn-devel-104
Andrew Bartlett [Sun, 2 Aug 2015 23:25:02 +0000 (11:25 +1200)]
selftest: Add in steps to re-create this database
This may assist if this needs to be changed again
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 2 Aug 2015 23:24:10 +0000 (11:24 +1200)]
Update release-4-1-0rc3 to include data using schema modifications
This allows us to know that the previous patches are correct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Mon, 25 May 2015 16:17:55 +0000 (09:17 -0700)]
ldb: create a cache of known wellknown objects instead of continously searching in the db
Profiling on dbcheck have shown that we spend 10% of the time looking
for wellknown objects.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Change-Id: I13ed58e8062d1b7b6179d17b0e7e56f943572c6c
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 27 Jul 2015 03:11:56 +0000 (15:11 +1200)]
dbcheck: Use set() operations to make dbcheck more efficient
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 27 Jul 2015 03:44:56 +0000 (15:44 +1200)]
dbcheck: Try to avoid duplicate searches
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 28 Jul 2015 04:11:54 +0000 (16:11 +1200)]
dbcheck: Add additional tests for the attributeID list
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 23 Jul 2015 04:01:14 +0000 (16:01 +1200)]
dbcheck: Add explict tests for unknown and unsorted attributeID values
Unknown attributeID values would cause an exception previously, and
unsorted attributes cause a failure to replicate with Samba 4.2.
In commit
61b978872fe86906611f64430b2608f5e7ea7ad8 we started
to sort these values correctly, but previous versions of Samba
did not sort them correctly (we sorted high-bit-set values as
negative), and then after
9c9df40220234cba973e84b4985d90da1334a1d1
we stoped accepting these.
To ensure we are allowed to make this unusual change to the
replPropertyMetaData, a new OID is allocated and checked
for in repl_meta_data.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 30 Jul 2015 02:28:48 +0000 (14:28 +1200)]
pidl: Assert that python arrays will not overflow the C array
We do not write network services in Python, so this is not a security issue, but would cause
a crash or other odd behaviour if the length was changed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11430
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 28 Jul 2015 02:29:25 +0000 (14:29 +1200)]
pydsdb: Allow the full range of uint32_t values for attributeID
The high bit may be set in these integers, so we need an unsigned int to store it in
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 30 Jul 2015 02:29:54 +0000 (14:29 +1200)]
python/tests: Add tests for integer overflow handling
This also documents an issue with our python bindings and lists, as changes to integers in a list
of integers are not preserved
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 26 Jul 2015 22:57:43 +0000 (10:57 +1200)]
pidl: Change PIDL to correctly use and validate python integer types
In particular, it is critical that we use unsigned integers of
sufficient size in python for unsigned C integers, and it is
critical that we check for overflow at both the python and C
level.
Otherwise, we may both represent and sort these incorrectly,
in particular when sorting attributeID values from DRSUAPI
which are represented as an signed enum in C and a uint32_t in IDL,
but which often has the high bit set (in schema extensions).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 29 Jul 2015 03:25:09 +0000 (15:25 +1200)]
python: Use an unsigned integer for buf_size, not -1
This will fail once our python bindings correctly check value ranges
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 3 Aug 2015 01:33:40 +0000 (13:33 +1200)]
dnsserver: Remove incorrect and not required include of ldb_private.h
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Fri, 21 Aug 2015 09:25:33 +0000 (11:25 +0200)]
winbind: Remove "have_idmap_config" from winbindd_domain
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug 24 19:19:31 CEST 2015 on sn-devel-104
Volker Lendecke [Wed, 19 Aug 2015 11:48:17 +0000 (13:48 +0200)]
winbind: Do not look for the domain in wb_gid2sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Wed, 19 Aug 2015 11:48:17 +0000 (13:48 +0200)]
winbind: Do not look for the domain in wb_uid2sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Wed, 19 Aug 2015 11:44:02 +0000 (13:44 +0200)]
idmap: Remove dom_name from wbint_Gid2Sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Wed, 19 Aug 2015 11:44:02 +0000 (13:44 +0200)]
idmap: Remove dom_name from wbint_Uid2Sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Wed, 19 Aug 2015 11:34:58 +0000 (13:34 +0200)]
idmap: Remove "domname" from idmap_gid_to_sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Wed, 19 Aug 2015 11:34:58 +0000 (13:34 +0200)]
idmap: Remove "domname" from idmap_uid_to_sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Tue, 18 Aug 2015 15:34:29 +0000 (17:34 +0200)]
idmap: Remove "domname" from idmap_backends_unixid_to_sid
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Tue, 18 Aug 2015 15:30:27 +0000 (17:30 +0200)]
idmap: Use a range search in idmap_backends_unixid_to_sid
This obsoletes the domain name in the xid2sid calls
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Wed, 19 Aug 2015 15:00:46 +0000 (17:00 +0200)]
idmap: Initialize all idmap domains at startup
So far we have initialized idmap domains on demand indexed by name.
For sid2xid this works okay, because we could do lookupsids before
and thus get the name. For xid2sid this is more problematic. We
have to rely on enumtrustdoms to work completely, and we have to
look at the list of winbind domains in the parent to get the domain
name. Relying on domain->have_idmap_config is not particularly nice.
This patch re-works initialization of idmap domains by scanning all
parametric parameters, scanning for :backend configuration settings.
This way we get a complete list of :range definitions. This means
we can rely on the idmap domain array to be complete. This in turn
means we can live without the domain name to find a domain, we can
do a range search by uid or gid.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Tue, 18 Aug 2015 14:58:02 +0000 (16:58 +0200)]
idmap: Move idmap_init() under the static vars
Just moving code, idmap_init will need to reference the variables
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Volker Lendecke [Tue, 18 Aug 2015 11:18:33 +0000 (13:18 +0200)]
loadparm3: Add lp_wi_scan_global_parametrics()
This routine takes a regex and goes through all parametric parameters
in [global], matching the regex. It can easily be extended to also
look at shares, but right now it will only be used to list all idmap
config domain names.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
Andreas Schneider [Fri, 21 Aug 2015 09:06:07 +0000 (11:06 +0200)]
uwrap: Bump version to 1.1.1
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 21 17:48:45 CEST 2015 on sn-devel-104
Andreas Schneider [Fri, 21 Aug 2015 09:05:24 +0000 (11:05 +0200)]
uwrap: Removed double newline
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Fri, 21 Aug 2015 09:04:49 +0000 (11:04 +0200)]
uwrap: Fix build if getres(uid|gid) are not available.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Wed, 19 Aug 2015 14:19:30 +0000 (16:19 +0200)]
s3-auth: Fix a memory leak in make_server_info_info3()
We call make_server_info(NULL) and it is possible that we do not free
it, because server_info is not allocated on the memory context we pass
to the function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Wed, 19 Aug 2015 14:24:08 +0000 (16:24 +0200)]
s3-auth: Pass nt_username to check_account()
We set nt_username above but do not use it in this function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Wed, 19 Aug 2015 14:11:47 +0000 (16:11 +0200)]
s3-auth: Fix 'map to guest = Bad Uid' support
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Volker Lendecke [Mon, 17 Aug 2015 19:12:56 +0000 (21:12 +0200)]
param: Use talloc_pooled_object
Reduce memory fragmentation a bit and obsolete NULL checks
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Aug 21 14:45:58 CEST 2015 on sn-devel-104
Volker Lendecke [Mon, 17 Aug 2015 19:07:37 +0000 (21:07 +0200)]
param: Simplify set_param_opt()
"not_added" is not a very good boolean flag concept... An early
return serves the same purpose just as well.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Mon, 17 Aug 2015 15:15:27 +0000 (17:15 +0200)]
lib: Remove unused parmlist code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Robin Hack [Fri, 21 Aug 2015 01:54:03 +0000 (13:54 +1200)]
vfs_scannedonly: Remove vfs_scannedonly from samba source tree.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11459
Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 21 07:17:35 CEST 2015 on sn-devel-104
Stefan Metzmacher [Thu, 13 Aug 2015 08:32:46 +0000 (10:32 +0200)]
script/autobuild.py: make sure --nonshared-binary=smbtorture,smbd/smbd keeps working
- It's very useful to have a static smbtorture binary that can be copied arround.
- It's sometimes also useful to have a static smbd binary in order avoid
runtime overhead via do_lookup_x() (in ld*.so), note that
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Aug 20 19:10:19 CEST 2015 on sn-devel-104
Stefan Metzmacher [Thu, 13 Aug 2015 15:38:43 +0000 (17:38 +0200)]
script/autobuild.py: test some --with-{static,shared}-modules combinations
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 14 Aug 2015 06:40:37 +0000 (08:40 +0200)]
script/autobuild.py: use -Wmissing-prototypes and --picky-developer for samba-libs*
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 13 Aug 2015 15:34:42 +0000 (17:34 +0200)]
script/autobuild.py: split out a samba_libs_configure variable
The avoids too long lines.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 13 Aug 2015 12:22:45 +0000 (14:22 +0200)]
s3:wscript: make --with-{static,shared}-modules options more flexible
'!module' disables a non-required module for a static/shared build.
'!DEFAULT' disables all modules defaulting to a static/shared build.
'!FORCED' disables all (non-required) modules forced to a static/shared build.
'ALL' switches the default for all non forced modules from static to shared
or from shared to static.
The most specific specification wins
e.g.
--with-static-modules='!FORCED,!DEFAULT' --with-shared-modules='!FORCED,!DEFAULT' will only
build modules which are required for the compilation. Might be useful
if someone only wants to use client utils.
--with-static-modules=ALL will build all modules statically linked.
--with-static-modules='!DEFAULT,ALL' --with-shared-modules='!DEFAULT,ALL'
might be useful for testing, it reverses the default build for all modules
which can be build shared or static.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 13 Aug 2015 16:57:19 +0000 (18:57 +0200)]
s3:wscript: simplify ABI matching for pdb_*_init()
The init functions of all static modules should be ignored.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 13 Aug 2015 16:16:20 +0000 (18:16 +0200)]
s3:winbindd/idmap_*: make function prototypes available via static_decl_idmap;
This allows the static build of the modules.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 13 Aug 2015 16:16:20 +0000 (18:16 +0200)]
s3:modules/perfcount_*: make function prototypes available via static_decl_perfcount;
This allows the static build of the modules.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 13 Aug 2015 16:16:20 +0000 (18:16 +0200)]
s3:modules/vfs_*: make function prototypes available via static_decl_vfs;
This allows the static build of the modules.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 13 Aug 2015 16:16:20 +0000 (18:16 +0200)]
examples/VFS: make function prototypes available via static_decl_vfs;
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 13 Aug 2015 16:16:20 +0000 (18:16 +0200)]
examples/pdb: fix and validate pdb_test_init() prototype via static_decl_pdb;
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 13 Aug 2015 16:15:36 +0000 (18:15 +0200)]
s4:ntvfs/posix: fix forward declaration of struct pvfs_state
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 13 Aug 2015 16:15:03 +0000 (18:15 +0200)]
s3:wscript: remove leftover from vfs_notify_fam
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 13 Aug 2015 18:07:59 +0000 (20:07 +0200)]
s3:idmap: we need to allow undefined symbols in idmap_tdb
When idmap_tdb is build as shared module we need to allow undefined symbols
which callback into winbindd code.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 13 Aug 2015 13:04:14 +0000 (15:04 +0200)]
s3:wscript: fix the build without any idmap module
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 12 Aug 2015 16:32:54 +0000 (18:32 +0200)]
smbd: Remove an unnecessary else branch
"goto out;" is sufficient before
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Aug 20 15:52:20 CEST 2015 on sn-devel-104
Volker Lendecke [Wed, 12 Aug 2015 15:48:41 +0000 (17:48 +0200)]
vfs: Add some {}
The "mode = " from a very casual view looked as if it was part of the
if-condition
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Volker Lendecke [Fri, 14 Aug 2015 09:40:51 +0000 (11:40 +0200)]
lib: Use dom_sid_equal where appropriate
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>