amitay/samba.git
14 months agoCI: Add new CI job for new build_samba_purepy3-ad-dc job
Noel Power [Fri, 16 Nov 2018 15:05:56 +0000 (15:05 +0000)]
CI: Add new CI job for new build_samba_purepy3-ad-dc job

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agoscript: Add new (temporary) pure python3 ad-dc test
Noel Power [Fri, 16 Nov 2018 14:59:01 +0000 (14:59 +0000)]
script: Add new (temporary) pure python3 ad-dc test

Ideally we want all the tests to run under python3 by default (no
special task for this) and then convert the existing '-py3' tasks
to run the python tests with python3.
However at the moment the convertion process is not ready to do this,
for a while we need to run separate autobuild tasks for this.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agopython/samba/tests: Fix auth_log messaging problems in py3
Noel Power [Fri, 16 Nov 2018 12:46:16 +0000 (12:46 +0000)]
python/samba/tests: Fix auth_log messaging problems in py3

Some tests (especially samba.tests.auth_log_netlogon_bad_creds) are
failing due to not receiving expected messages. There seems to be
some timing issue or race around the messaging bus being set up and
getting the expected events resulting from the failed netlogon.

Specifically the the order of destruction of the messaging.Messaging()
c-py objects is different under python2. Under python2 all of the
messaging.Messaging() objects are destructed *after* all the tests
are run. Note: each instance of the TestCase has it's own Messaging()
instance which is created by TestCaseXYZ.setUp, so it appears the unittest
destroys the test instances when all the tests have run whereas in
python3 we see each messaging.Messaging() instance destroyed after
each test runs.
Ok, what difference does that make ? well it seems in python3 because
each Messaging() instance is destructed after a test runs that the
associated messaging_dgm_destroy() also runs, this destroys the
global_dgm_context context which means when the next test runs the whole
messaging infrastructure needs to be built again when the next Messaging()
object is created. On the server-side this seems to result in attempts
to send messages to the listener failing first with

get_event_server: Failed to find 'auth_event' registered on the message bus to send JSON audit events to: NT_STATUS_CONNECTION_REFUSED

and subsequently with

get_event_server: Failed to find 'auth_event' registered on the message bus to send JSON audit events to: NT_STATUS_UNSUCCESSFUL

client doesn't get any more messages, test fails :-(

So, what's the difference in python2, well because the destructors for the
(4 in the case of netlogon_bad_creds) instances of Messagaging() don't run
till the end of the tests this doesn't happen and the global_dgm_context
never gets destroyed untill all the tests complete. There is some race
condition at play here, a simple sleep at the start of a failing test
fixes the problem. But... ok that isn't a possible solution here, instead
I have adjusted the base auth tests to store the Messaging() objects in a
global list forcing them to remain in scope until the tests are complete.
This ensure the behaviour is consistent across python2 & python3.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agopython/samba/tests: PY3 port failing samba.tests.auth_log_samlogon.py
Noel Power [Thu, 15 Nov 2018 16:11:09 +0000 (16:11 +0000)]
python/samba/tests: PY3 port failing samba.tests.auth_log_samlogon.py

Make sure correctly encode password to utf16 and not use
unicode (which doesn't exist in PY3)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agopython/samba/tests: PY3 port failing samba.tests.auth_log_netlogon
Noel Power [Thu, 15 Nov 2018 16:06:15 +0000 (16:06 +0000)]
python/samba/tests: PY3 port failing samba.tests.auth_log_netlogon

Fix password encoding

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agopython/samba: PY3 fix failing py3 samba.tests.group_audit test
Noel Power [Wed, 14 Nov 2018 16:29:07 +0000 (16:29 +0000)]
python/samba: PY3 fix failing py3 samba.tests.group_audit test

Fix bytes being compared against ldb.bytes

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agopython/samba/kcc: PY3 fix some str versus ldb.bytes comparisons
Noel Power [Thu, 8 Nov 2018 18:47:59 +0000 (18:47 +0000)]
python/samba/kcc: PY3 fix some str versus ldb.bytes comparisons

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agopython/samba: PY3 don't call str for bytes (or str)
Noel Power [Tue, 6 Nov 2018 19:58:48 +0000 (19:58 +0000)]
python/samba: PY3 don't call str for bytes (or str)

Note: Fix needed also for gpo.apply

minPwdAge, maxPwdAge, minPwdLength & set_pwdProperties all
have a line like

value = str(value).encode('utf8')

this is a generic type statement I guess to convert int, float etc
to utf8 encoded bytes representing the string value for those.

This worked fine in PY2 but in py3 some routine already are passing
bytes into these methods, in these cases e.g. b'200' will get converted
to "b'200'", this change only performs the conversion above for non
bytes (or str) types by replacing the above with

        if not isinstance(value, binary_type):
            value = str(value).encode('utf8')

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agopython/samba: PY3 port gpo.apply smbtorture test
Noel Power [Tue, 6 Nov 2018 19:55:22 +0000 (19:55 +0000)]
python/samba: PY3 port gpo.apply smbtorture test

1) configparser.set requires string values
2) self.gp_db.store() etc. neex to pass str object for
   xml.etree.ElementTree.Element text attribute which needs
   to be text
3) tdb delete method needs bytes key
4) configparser.write needs a file opened in text mode

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agos4/torture/gpo: Use existing code to 'run' external commands
Noel Power [Tue, 6 Nov 2018 19:50:00 +0000 (19:50 +0000)]
s4/torture/gpo: Use existing code to 'run' external commands

Noticed when the smb.conf defined 'gpo update command' contained
the $PYTHON version then the exec_wait function failed to run the
command. Seems there is some issue with the arg handling. Also
there is already existing code (samba_runcmd_send) that works fine
in similar situation (e.g. when running dnsupdate etc.) so replaced
the homebrewed exec_wait functionality with the samba_runcmd util
function.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agopython/samba: fix default params for PY3 ConfigParser
Noel Power [Tue, 6 Nov 2018 19:47:14 +0000 (19:47 +0000)]
python/samba: fix default params for PY3 ConfigParser

The default params for the python3 version of the compat ConfigParser
are not correct. Code like
   foo = ConfigParser()
fails because of this.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agos4/dsdb/tests: PY3 port samba4.ldap.passwordsettings test
Noel Power [Mon, 5 Nov 2018 21:03:39 +0000 (21:03 +0000)]
s4/dsdb/tests: PY3 port samba4.ldap.passwordsettings test

* Fix various assertEquals comparing ldb.bytes with string
  when running with PY3
* Fix a couple of tuple assignments to exception (not supported
  in PY3)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agos4/dsdb/tests/python: PY3 port samba4.sam.python test
Noel Power [Mon, 5 Nov 2018 20:43:42 +0000 (20:43 +0000)]
s4/dsdb/tests/python: PY3 port samba4.sam.python test

Misc changes to ensure samba4.sam.python test will run under
python2/python3

* various objectSID values when formatted need to be treated
as strings for tests.

* DOMAIN_RID_USERS, DOMAIN_RID_DOMAIN_MEMBERS, DOMAIN_RID_DCS,
  DOMAIN_RID_READONLY_DCS are all integers (but attibutes are
  ldb.bytes in PY3, need to adust various assertEquals.
* Make sure password is encoded correctly

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agopython/samba/netcmd: PY3 fix samba4.blackbox.trust_utils test
Noel Power [Mon, 5 Nov 2018 13:56:48 +0000 (13:56 +0000)]
python/samba/netcmd: PY3 fix samba4.blackbox.trust_utils test

In python3 we are using ldb.bytes where we need strings
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agopython/samba/tests: Py3 port for samba.tests.auth_log_netlogon_bad_creds.samba
Noel Power [Mon, 5 Nov 2018 09:38:23 +0000 (09:38 +0000)]
python/samba/tests: Py3 port for samba.tests.auth_log_netlogon_bad_creds.samba

fix unicode doesn't exist error in PY3

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agoPY3: wrap filter calls with list where list is expected
Noel Power [Wed, 28 Nov 2018 14:15:23 +0000 (14:15 +0000)]
PY3: wrap filter calls with list where list is expected

filter in PY2 returns list in PY3 it returns an iterator

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agopython/samba/tests: PY3 port samba.tests.dns
Noel Power [Sun, 4 Nov 2018 17:32:19 +0000 (17:32 +0000)]
python/samba/tests: PY3 port samba.tests.dns

Misc hanges needed to get make test TEST=samba.tests.dns &
samb.tests.dns_fowarder to run and pass under PY3

* socket.send needs bytes not string
* rec.dwTimeStamp expects int not float (in PY3 / operator
  will give float results, for int use '//' instead)
* re.match using bytes needs a bytes search term

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agoPY3: net.change_password & net.set_password take string not bytes
Noel Power [Wed, 28 Nov 2018 14:06:54 +0000 (14:06 +0000)]
PY3: net.change_password & net.set_password take string not bytes

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agopython/samba: PY3 Credential.set_password takes string
Noel Power [Wed, 28 Nov 2018 13:58:49 +0000 (13:58 +0000)]
python/samba: PY3 Credential.set_password takes string

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agoauth/credentials: PY3 set_password should decode from unicode 'utf8'
Noel Power [Thu, 8 Nov 2018 15:03:52 +0000 (15:03 +0000)]
auth/credentials: PY3 set_password should decode from unicode 'utf8'

set_password processes input using ParseTuple with "s" format, this
accepts string or unicode but...

Some py2 code is incorrectly using code like

   credentials.set_password(pass.encode('utf8'))

however that won't work in PY3. We should just make sure the string
retrieved from unicode passed in is encoded with 'utf8'
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agopython/samba: Py3 Use new compat.sockerserver symbol
Noel Power [Wed, 28 Nov 2018 15:35:33 +0000 (15:35 +0000)]
python/samba: Py3 Use new compat.sockerserver symbol

SocketServer symbol changed in PY3 to socketserver so
we need to use a compat symbol for PY2/PY3 code.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agopython/samba: PY3 compat py2/p3 symbol for SocketServer/socketserver
Noel Power [Wed, 28 Nov 2018 15:33:28 +0000 (15:33 +0000)]
python/samba: PY3 compat py2/p3 symbol for SocketServer/socketserver

SocketServer was renamed to socketserver in Py3, this patch
create a samba.compat.SocketServer which can be used in py2 or
py3

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agopython/samba: PY3 ord needs 'str' type not int
Noel Power [Fri, 2 Nov 2018 16:16:39 +0000 (16:16 +0000)]
python/samba: PY3 ord needs 'str' type not int

string_to_byte_array returns not a bytearray (as the name suggests)
but a list of byte values (int). Some code expects the list so even
using a 'real' bytearray wont work.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agos4/setup/tests: make sure samba-tool is called with correct py version
Noel Power [Tue, 20 Nov 2018 15:33:32 +0000 (15:33 +0000)]
s4/setup/tests: make sure samba-tool is called with correct py version

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agos4/utils/test: PY3 make sure we call correct python version for samba-tool
Noel Power [Fri, 16 Nov 2018 19:32:31 +0000 (19:32 +0000)]
s4/utils/test: PY3 make sure we call correct python version for samba-tool

fixes samba4.blackbox.samba_tool blackbox test

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agonsswitch/tests: PY3 samba_tool call correct python
Noel Power [Fri, 16 Nov 2018 19:44:08 +0000 (19:44 +0000)]
nsswitch/tests: PY3 samba_tool call correct python

fix samba4.blackbox.rfc2307_mapping

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agotestprogs/blackbox: make sure samba-tool is called with correct python
Noel Power [Mon, 5 Nov 2018 14:12:24 +0000 (14:12 +0000)]
testprogs/blackbox: make sure samba-tool is called with correct python

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agopython/samba.tests: Ensure samba-tool is called with correct python ver.
Noel Power [Fri, 2 Nov 2018 15:42:11 +0000 (15:42 +0000)]
python/samba.tests: Ensure samba-tool is called with correct python ver.

* remove unnecessary 'bin/' part of path as base BlackBox class
  will do this anyway and also ensure correct detection that
  command needs to have 'PYTHON=blah' addeded
* modify shell script so PYTHON variable if set is prepended

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agoctdb: Remove <file> parameter from pfetch usage info
Christof Schmitt [Mon, 22 May 2017 23:28:40 +0000 (16:28 -0700)]
ctdb: Remove <file> parameter from pfetch usage info

The code does not implement saving the record data to a file, so update
the usage info accordingly.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Dec 10 05:02:13 CET 2018 on sn-devel-144

14 months agoctdb: Fix hex to int conversion in h2i
Christof Schmitt [Mon, 22 May 2017 19:31:35 +0000 (12:31 -0700)]
ctdb: Fix hex to int conversion in h2i

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
14 months agorpcclient: Use dom_sid_str_buf
Volker Lendecke [Fri, 7 Dec 2018 09:32:08 +0000 (10:32 +0100)]
rpcclient: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Dec  8 02:43:48 CET 2018 on sn-devel-144

14 months agolibnet: Use dom_sid_str_buf
Volker Lendecke [Fri, 7 Dec 2018 09:25:09 +0000 (10:25 +0100)]
libnet: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agonet: Use dom_sid_str_buf
Volker Lendecke [Fri, 7 Dec 2018 09:20:38 +0000 (10:20 +0100)]
net: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agopdb_ldap: Use dom_sid_str_buf
Volker Lendecke [Thu, 6 Dec 2018 19:36:09 +0000 (20:36 +0100)]
pdb_ldap: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agowinbindd: Use dom_sid_str_buf
Volker Lendecke [Thu, 6 Dec 2018 18:14:20 +0000 (19:14 +0100)]
winbindd: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agoidmap_tdb: Use dom_sid_str_buf
Volker Lendecke [Thu, 6 Dec 2018 18:12:07 +0000 (19:12 +0100)]
idmap_tdb: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agowinbindd_cache: Use dom_sid_str_buf
Volker Lendecke [Thu, 6 Dec 2018 17:25:02 +0000 (18:25 +0100)]
winbindd_cache: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agonet_usershare: Use dom_sid_str_buf
Volker Lendecke [Thu, 6 Dec 2018 17:20:06 +0000 (18:20 +0100)]
net_usershare: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agonet_rpc: Use dom_sid_str_buf
Volker Lendecke [Thu, 6 Dec 2018 16:53:24 +0000 (17:53 +0100)]
net_rpc: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agonet_rpc: Use dom_sid_equal where appropriate
Volker Lendecke [Thu, 6 Dec 2018 16:43:05 +0000 (17:43 +0100)]
net_rpc: Use dom_sid_equal where appropriate

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agoctdb: Adding memory pool for queue callback
Swen Schillig [Mon, 12 Mar 2018 16:56:21 +0000 (17:56 +0100)]
ctdb: Adding memory pool for queue callback

The received packet is copied into a newly allocated memory chunk for further
processing by the assigned callback. Once this is done, the memory is free'd.
This is repeated for each received packet making the memory allocation / free
an expensive task. To optimize this process, a memory pool is defined which
is sized identically to the queue's buffer.
During tests it could be seen that more than 95% of all messages were sized
below the standard buffer_size of 1k.

Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Fri Dec  7 23:27:16 CET 2018 on sn-devel-144

14 months agoctdb: Introduce buffer.offset to avoid memmove
Swen Schillig [Mon, 12 Mar 2018 10:00:55 +0000 (11:00 +0100)]
ctdb: Introduce buffer.offset to avoid memmove

The memmove operation is quite expensive, therefore,
a new buffer attribute "offset" is introduced to support
an optimized buffer processing.
The optimization is to "walk" through the buffer and process
each packet until the buffer is fully processed (empty)
without requiring any memmove.
Only if a packet is in-complete, the buffer content is moved
and the new data is read from the queue.
This way almost all memmove operations are eliminated.

Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Christof Schmitt <cs@samba.org>
14 months agolibrpc:ndr: Give the optimizer hints for ndr_push_bytes()
Andreas Schneider [Thu, 6 Dec 2018 08:35:15 +0000 (09:35 +0100)]
librpc:ndr: Give the optimizer hints for ndr_push_bytes()

Also remove the redundant check in ndr_push_DATA_BLOB.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec  7 15:33:38 CET 2018 on sn-devel-144

14 months agoRemoved dead groups link from Mail List Etiquette
Daniel Southward-Ellis [Mon, 3 Dec 2018 01:42:14 +0000 (14:42 +1300)]
Removed dead groups link from Mail List Etiquette

Signed-off-by: Daniel Southward-Ellis <danielsouthwardellis@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec  7 10:12:42 CET 2018 on sn-devel-144

14 months agoUpdated "About Samba" Info in README
Daniel Southward-Ellis [Mon, 3 Dec 2018 01:36:15 +0000 (14:36 +1300)]
Updated "About Samba" Info in README

Signed-off-by: Daniel Southward-Ellis <danielsouthwardellis@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agoChanged GitHub info to GitLab
Daniel Southward-Ellis [Sun, 2 Dec 2018 23:43:27 +0000 (12:43 +1300)]
Changed GitHub info to GitLab

Signed-off-by: Daniel Southward-Ellis <danielsouthwardellis@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agoUpdated Website section
Daniel Southward-Ellis [Sun, 2 Dec 2018 22:57:04 +0000 (11:57 +1300)]
Updated Website section

Signed-off-by: Daniel Southward-Ellis <danielsouthwardellis@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agoAdded link to How to do Samba: Nicely
Daniel Southward-Ellis [Sun, 2 Dec 2018 22:55:03 +0000 (11:55 +1300)]
Added link to How to do Samba: Nicely

Signed-off-by: Daniel Southward-Ellis <danielsouthwardellis@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agoChanged web page to webpage
Daniel Southward-Ellis [Sun, 2 Dec 2018 22:52:30 +0000 (11:52 +1300)]
Changed web page to webpage

Signed-off-by: Daniel Southward-Ellis <danielsouthwardellis@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agoldb: complex expression testing
Aaron Haslett [Fri, 21 Sep 2018 05:55:42 +0000 (17:55 +1200)]
ldb: complex expression testing

Tests that prepare complex ldap expressions and equivalent python expressions,
then compare the results of the two.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Fri Dec  7 07:07:08 CET 2018 on sn-devel-144

14 months agowscript_configure_system_mitkrb5: reject a system heimdal krb5-config
Stefan Metzmacher [Wed, 5 Dec 2018 12:30:07 +0000 (13:30 +0100)]
wscript_configure_system_mitkrb5: reject a system heimdal krb5-config

Review with: git show -w

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec  6 16:53:33 CET 2018 on sn-devel-144

14 months agoselftest: Don't run KCC on backup testenvs (to avoid flappiness)
Tim Beale [Wed, 5 Dec 2018 02:14:46 +0000 (15:14 +1300)]
selftest: Don't run KCC on backup testenvs (to avoid flappiness)

KCC onthe backup domain (i.e. backupfromdc, restoredc, offlinebackupdc)
can establish new connections for replication. Depending on timing,
this can cause the join_ldapcmp test to fail, because there's an extra
object under the NTDS Settings, at the point the ldapcmp is done.

We don't need any replication to happen on the backup domain. The
backup/restore workflow in the real world should mean that the restored DC
is never run in the same network as the original DC.

This patch updates the default KCC command for the backup testenvs to be
a no-op, so the DCs won't create new connection objects.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Dec  6 12:03:53 CET 2018 on sn-devel-144

14 months agolibrpc:ndr: Fix undefined behavior in ndr_basic
Andreas Schneider [Thu, 22 Nov 2018 14:15:03 +0000 (15:15 +0100)]
librpc:ndr: Fix undefined behavior in ndr_basic

librpc/ndr/ndr_basic.c:723:2: runtime error: null pointer passed as
argument 2, which is declared to never be null

The following triggered the undefined behavior:

(gdb) bt
    at librpc/gen_ndr/ndr_drsuapi.c:2318
    fn=0x7ffff6e72983 <ndr_push_drsuapi_DsReplicaObjectIdentifier3Binary>) at ../../librpc/ndr/ndr.c:1337
    at ../../source4/dsdb/schema/schema_syntax.c:2136
    drs_str=<optimized out>) at ../../source4/dsdb/schema/tests/schema_syntax.c:122
    already_setup=<optimized out>, restricted=restricted@entry=0x0) at ../../lib/torture/torture.c:442
    at ../../lib/torture/torture.c:507
    suite=0x5555563d9490, matched=0x7fffffffcef7) at ../../source4/torture/smbtorture.c:93
    matched=0x7fffffffcef7) at ../../source4/torture/smbtorture.c:95
    at ../../source4/torture/smbtorture.c:143
(gdb) f 1
1335            NDR_CHECK(ndr_push_bytes(ndr, blob.data, blob.length));
(gdb) p blob
$2 = {data = 0x0, length = 0}

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Thu Dec  6 08:48:28 CET 2018 on sn-devel-144

14 months agoWHATSNEW: document changes in SMB server parametric options
Ralph Boehme [Mon, 3 Dec 2018 10:23:28 +0000 (11:23 +0100)]
WHATSNEW: document changes in SMB server parametric options

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Dec  6 05:14:03 CET 2018 on sn-devel-144

14 months agosmbd: use lp_smbd_getinfo_ask_sharemode()
Ralph Boehme [Mon, 3 Dec 2018 10:30:51 +0000 (11:30 +0100)]
smbd: use lp_smbd_getinfo_ask_sharemode()

Counterpart for "smbd:search ask sharemode" for getinfo.

Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agodocs-xml: add "smbd getinfo ask sharemode"
Ralph Boehme [Sun, 2 Dec 2018 09:07:59 +0000 (10:07 +0100)]
docs-xml: add "smbd getinfo ask sharemode"

Counterpart for "smbd search ask sharemode" for getinfo.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agos3:smbd: use lp_smbd_max_async_dosmode()
Ralph Boehme [Sun, 2 Dec 2018 08:23:29 +0000 (09:23 +0100)]
s3:smbd: use lp_smbd_max_async_dosmode()

Parametric options have a performance impact, use the normal options
added in the previous commit.

"aio max threads" can only be calculated at run time and requires a
handle to a pthreadpool_tevent which loadparm will never have.

Because of that lp_smbd_max_async_dosmode() will always return 0 as
default and it's up to us to calculate "aio max threads * 2" if
lp_smbd_max_async_dosmode() returns 0.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agodocs-xml: add "smbd max async dosmode"
Ralph Boehme [Sun, 2 Dec 2018 08:22:56 +0000 (09:22 +0100)]
docs-xml: add "smbd max async dosmode"

The parameter is added to the lists of ignored-paremteres in the
samba.docs tests, as the given default "aio max threads * 2" works only
as manpage string.

"aio max threads" can only be calculated at run time and requires a
handle to a pthreadpool_tevent which loadparm will never have.

Because of that lp_smbd_max_async_dosmode() will always return 0 as
default and it's up to the caller to calculate "aio max threads * 2" if
lp_smbd_max_async_dosmode() returns 0. Cf the next commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agos3:smbd: use lp_smbd_async_dosmode()
Ralph Boehme [Sun, 2 Dec 2018 08:21:46 +0000 (09:21 +0100)]
s3:smbd: use lp_smbd_async_dosmode()

Parametric options have a performance impact, use the normal options
added in the previous commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agodocs-xml: add "smbd async dosmode"
Ralph Boehme [Sun, 2 Dec 2018 08:21:26 +0000 (09:21 +0100)]
docs-xml: add "smbd async dosmode"

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agos3:smbd: use lp_smbd_search_ask_sharemode()
Ralph Boehme [Fri, 30 Nov 2018 23:10:41 +0000 (00:10 +0100)]
s3:smbd: use lp_smbd_search_ask_sharemode()

Parametric options have a performance impact, use the normal options
added in the previous commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agodocs-xml: add "smbd search ask sharemode"
Ralph Boehme [Fri, 30 Nov 2018 19:24:10 +0000 (20:24 +0100)]
docs-xml: add "smbd search ask sharemode"

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agotests:docs: add a exceptions set
Ralph Boehme [Mon, 3 Dec 2018 14:44:22 +0000 (15:44 +0100)]
tests:docs: add a exceptions set

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agotests:docs: reindent special_cases to one by line
Ralph Boehme [Mon, 3 Dec 2018 13:59:55 +0000 (14:59 +0100)]
tests:docs: reindent special_cases to one by line

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agoAdded redirect from GitHub to GitLab
Daniel Southward-Ellis [Tue, 4 Dec 2018 01:35:47 +0000 (14:35 +1300)]
Added redirect from GitHub to GitLab

Signed-off-by: Daniel Southward-Ellis <danielsouthwardellis@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec  5 16:35:33 CET 2018 on sn-devel-144

14 months agoctdb/wscript: make use of MODE_{644,744,755,777}
Stefan Metzmacher [Tue, 4 Dec 2018 23:05:36 +0000 (00:05 +0100)]
ctdb/wscript: make use of MODE_{644,744,755,777}

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agowafsamba: add MODE_{744,_777}
Stefan Metzmacher [Sat, 17 Nov 2018 12:11:52 +0000 (13:11 +0100)]
wafsamba: add MODE_{744,_777}

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agoctdb/wscript: use python 3.6 compatible functions
Stefan Metzmacher [Mon, 19 Nov 2018 11:05:29 +0000 (12:05 +0100)]
ctdb/wscript: use python 3.6 compatible functions

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agobuildtools: remove unused buildtools/bin/waf-1.9
Stefan Metzmacher [Mon, 19 Nov 2018 11:04:56 +0000 (12:04 +0100)]
buildtools: remove unused buildtools/bin/waf-1.9

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agowinbindd: Route predefined domains through the BUILTIN domain child
Ralph Boehme [Wed, 28 Nov 2018 14:39:21 +0000 (15:39 +0100)]
winbindd: Route predefined domains through the BUILTIN domain child

Without this eg "NT Authority" didn't work:

  $ bin/wbinfo -n "NT Authority/Authenticated Users"
  failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
  Could not lookup name NT Authority/Authenticated Users

  $ bin/wbinfo --group-info="NT Authority/Authenticated Users"
  failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
  Could not get info for group NT Authority/Authenticated Users

With the patch:

  $ bin/wbinfo -n "NT Authority/Authenticated Users"
  S-1-5-11 SID_WKN_GROUP (5)

  $ bin/wbinfo --group-info="NT Authority/Authenticated Users"
  NT AUTHORITY\authenticated users:x:10002:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Dec  5 11:27:22 CET 2018 on sn-devel-144

14 months agowinbindd: fix predefined domains routing in find_lookup_domain_from_sid()
Ralph Boehme [Wed, 28 Nov 2018 16:20:41 +0000 (17:20 +0100)]
winbindd: fix predefined domains routing in find_lookup_domain_from_sid()

Route predefined domains through the BUILTIN domain child, not passdb.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
14 months agowinbindd: add some braces
Ralph Boehme [Tue, 27 Nov 2018 16:32:09 +0000 (17:32 +0100)]
winbindd: add some braces

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
14 months agolibcli/security: add dom_sid_lookup_is_predefined_domain()
Ralph Boehme [Wed, 28 Nov 2018 16:19:39 +0000 (17:19 +0100)]
libcli/security: add dom_sid_lookup_is_predefined_domain()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
14 months agoselftest: test wbinfo -n and --gid-info with "NT Authority"
Ralph Boehme [Tue, 27 Nov 2018 19:32:09 +0000 (20:32 +0100)]
selftest: test wbinfo -n and --gid-info with "NT Authority"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
14 months agos3:tests: Add test for checking that root is not allowed as home dir
Andreas Schneider [Mon, 3 Dec 2018 10:05:46 +0000 (11:05 +0100)]
s3:tests: Add test for checking that root is not allowed as home dir

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13699

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec  5 05:22:43 CET 2018 on sn-devel-144

14 months agos3:smbd: Make sure we do not export "/" (root) as home dir
Andreas Schneider [Thu, 22 Nov 2018 17:23:24 +0000 (18:23 +0100)]
s3:smbd: Make sure we do not export "/" (root) as home dir

If "/" (root) is returned as the home directory, prevent exporting it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13699

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
14 months agos3:tests: Test for users connecting to their 'homes' share
Andreas Schneider [Fri, 16 Nov 2018 14:40:59 +0000 (15:40 +0100)]
s3:tests: Test for users connecting to their 'homes' share

This adds a test for CVE-2009-2813.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13699

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
14 months agoselftest: Add gooduser and eviluser to Samba3
Andreas Schneider [Thu, 15 Nov 2018 15:06:49 +0000 (16:06 +0100)]
selftest: Add gooduser and eviluser to Samba3

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13699

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
14 months agowaf: Utils package not defined
Swen Schillig [Mon, 26 Nov 2018 19:14:21 +0000 (20:14 +0100)]
waf: Utils package not defined

Fix the package name for the WafError routine.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Dec  4 18:45:38 CET 2018 on sn-devel-144

14 months agotraffic_replay: Add a max-members option to cap group size
Tim Beale [Tue, 27 Nov 2018 00:50:32 +0000 (13:50 +1300)]
traffic_replay: Add a max-members option to cap group size

traffic_replay tries to distribute the users among the groups in a
realistic manner - some groups will have almost all users in them.
However, this becomes a problem when testing a really large database,
e.g. we may want 100K users, but no more than 5K users in each group.

This patch adds a max-member option so we can limit how big the groups
actually get.

If we detect that a group exceeds the max-members, we reset the group's
probability (of getting selected) to zero, and then recalculate the
cumulative distribution. The means that the group should no longer get
selected by generate_random_membership(). (Note we can't completely
remove the group from the list because that changes the
list-index-to-group-ID mapping).

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec  4 12:22:50 CET 2018 on sn-devel-144

14 months agotraffic: Rework how assignments are generated slightly
Tim Beale [Mon, 26 Nov 2018 21:47:48 +0000 (10:47 +1300)]
traffic: Rework how assignments are generated slightly

We want to cap the number of members that can be in a group. But first,
we need to tweak how the assignment dict gets generated, so that we get
rid of the intermediary set.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agotests: Add test-case for 'group list --verbose'
Tim Beale [Mon, 26 Nov 2018 22:51:51 +0000 (11:51 +1300)]
tests: Add test-case for 'group list --verbose'

Check that the number of members reported is correct.
(This change somehow got left off the ca570bd4827aa commit that was
actually delivered).

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agonetcmd: Minor changes to 'group stats' command
Tim Beale [Mon, 26 Nov 2018 22:45:51 +0000 (11:45 +1300)]
netcmd: Minor changes to 'group stats' command

These changes were inadvertently left off 0c910245fca70948a3.
(They were made to the 2nd patch-set iteration posted to the
mailing-list, but for some reason the first patch-set got delivered).

Changes are:
+ rework some variable names for better readability
+ Average members defaulted to int, so lost any floating point
precision.
+ Replace 'Min members' (which was fairly meaningless) with 'Median
members per group'.
+ Fix flake8 long line warnings

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agoCVE-2018-14629 dns: fix CNAME loop prevention using counter regression
Stefan Metzmacher [Wed, 28 Nov 2018 14:21:56 +0000 (15:21 +0100)]
CVE-2018-14629 dns: fix CNAME loop prevention using counter regression

The loop prevention should only be done for CNAME records!

Otherwise we truncate the answer records for A, AAAA or
SRV queries, which is a bad idea if you have more than 20 DCs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec  4 08:52:29 CET 2018 on sn-devel-144

14 months agoCVE-2018-14629: Tests to expose regression from dns cname loop fix
Aaron Haslett [Fri, 30 Nov 2018 05:37:27 +0000 (18:37 +1300)]
CVE-2018-14629: Tests to expose regression from dns cname loop fix

These tests expose the regression described by Stefan Metzmacher in
discussion on the bugzilla paged linked below.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
14 months agos3:lib: Fix undefined behavior in tdb_unpack()
Andreas Schneider [Tue, 27 Nov 2018 07:23:25 +0000 (08:23 +0100)]
s3:lib: Fix undefined behavior in tdb_unpack()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Dec  4 00:23:03 CET 2018 on sn-devel-144

14 months agos3:lib: Fix undefined behavior in tdb_pack()
Andreas Schneider [Thu, 22 Nov 2018 12:33:11 +0000 (13:33 +0100)]
s3:lib: Fix undefined behavior in tdb_pack()

util_tdb.c:98:5: runtime error: null pointer passed as argument 2, which
is declared to never be null

This means the second argument of memcpy() can't be NULL.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
14 months agos3:lib: Fix uninitialized variable
Andreas Schneider [Fri, 23 Nov 2018 11:00:36 +0000 (12:00 +0100)]
s3:lib: Fix uninitialized variable

util_tdb.c:116:7: error: ‘len’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
   buf += len;
       ^~
../../source3/lib/util_tdb.c:44:6: note: ‘len’ was declared here
  int len;
      ^~~

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
14 months agoctdb-daemon: Exit with error if a database directory does not exist
Martin Schwenke [Fri, 30 Nov 2018 01:44:26 +0000 (12:44 +1100)]
ctdb-daemon: Exit with error if a database directory does not exist

Since 4.9.0, the log messages can be confusing if a required database
directory does not exist.  Explicitly check for database directories,
logging a clear error and exiting if one is missing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13696

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Dec  3 06:56:41 CET 2018 on sn-devel-144

14 months agovfs_fruit: avoid dereferencing fsp->base_fsp in fruit_fstat_meta_stream()
Ralph Boehme [Fri, 30 Nov 2018 09:27:19 +0000 (10:27 +0100)]
vfs_fruit: avoid dereferencing fsp->base_fsp in fruit_fstat_meta_stream()

This helps avoiding a NULL dereference on systems where additional
patches modify the following condition in open_file()

  if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
      (!file_existed && (local_flags & O_CREAT)) ||
      ((local_flags & O_TRUNC) == O_TRUNC) ) {

to

  if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE|DELETE_ACCESS)) ||
      (!file_existed && (local_flags & O_CREAT)) ||
      ((local_flags & O_TRUNC) == O_TRUNC) ) {

Ie addtionally check open_access_mask against DELETE_ACCESS. As a result
opens with DELETE_ACCESS go through the code that does an fd_open() plus
a subsequent fstat().

That will trigger a crash in fruit_fstat_meta_stream() when a client
wants to delete a file for deletion. When we open base file for delete,
we call open_streams_for_delete() which internally calls create-file
with NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE which prevents opening of
the base_fsp. Voila, combined with the change described above you get a
NULL deref.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Dec  2 07:52:34 CET 2018 on sn-devel-144

14 months agoWHATSNEW: standard process limits
Gary Lockyer [Wed, 19 Sep 2018 03:52:15 +0000 (15:52 +1200)]
WHATSNEW: standard process limits

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov 30 15:05:04 CET 2018 on sn-devel-144

14 months agos4 smdb standard: Limit processes forked on accept.
Gary Lockyer [Thu, 6 Sep 2018 19:04:48 +0000 (07:04 +1200)]
s4 smdb standard: Limit processes forked on accept.

Limit the number of processes started by the standard model on accept.
For those services that support fork on accept, the standard model forks
a new process for each new connection. This patch limits the number of
processes to the value specified in 'max smbd processes', a value of
zero indicates that there is no limit on the number of processes that
can be forked.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agos4 smbd standard tests: limit forked processes
Gary Lockyer [Mon, 17 Sep 2018 23:21:40 +0000 (11:21 +1200)]
s4 smbd standard tests: limit forked processes

Tests to confirm the standard process model honours the smbd.conf
variable "max smbd processes", when forking a new process on accept.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agoreplace: Correctly check for 'extern char **environ' in unistd.h
Andreas Schneider [Thu, 29 Nov 2018 07:12:06 +0000 (08:12 +0100)]
replace: Correctly check for 'extern char **environ' in unistd.h

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov 30 11:41:44 CET 2018 on sn-devel-144

14 months agoutil: Fix include file order
Martin Schwenke [Fri, 30 Nov 2018 05:58:47 +0000 (16:58 +1100)]
util: Fix include file order

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
14 months agoConverted README to markdown
Daniel Southward-Ellis [Thu, 29 Nov 2018 22:25:42 +0000 (11:25 +1300)]
Converted README to markdown

Signed-off-by: Daniel Southward-Ellis <danielsouthwardellis@catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Nov 30 07:07:36 CET 2018 on sn-devel-144

14 months agoAdd simple tests for net rpc share allowedusers
Olly Betts [Tue, 27 Nov 2018 20:09:51 +0000 (09:09 +1300)]
Add simple tests for net rpc share allowedusers

Signed-off-by: Olly Betts <olly@survex.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agoFix net rpc share allowedusers short description
Olly Betts [Tue, 23 Oct 2018 00:46:38 +0000 (13:46 +1300)]
Fix net rpc share allowedusers short description

This command allows one to list allowed users, not modify them.

Signed-off-by: Olly Betts <olly@survex.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agonet rpc share allowedusers: Allow restricting shares
Olly Betts [Tue, 1 May 2018 02:37:08 +0000 (14:37 +1200)]
net rpc share allowedusers: Allow restricting shares

The help already implies that you can specify "targets" for net rpc
share allowedusers, but actually the tail end of the command line
is just ignored.

This patch allows a list of shares to be specified, and only those
shares are checked, which can be much faster if you're only interested
in a few shares on a server which exports lots.

This subcommand already accepts an optional filename for the output
of net usersidlist, with a default of stdin.  Typically you'd just pipe
one command to the other so stdin is most likely what you want.  This
patch adds support for a filename of "-" to mean stdin so that you can
specify stdin explicitly when you provide a list of shares, since in
this case the filename can't be omitted.

Signed-off-by: Olly Betts <olly@survex.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
14 months agoFix spelling mistakes
Olly Betts [Tue, 27 Nov 2018 22:10:17 +0000 (11:10 +1300)]
Fix spelling mistakes

Signed-off-by: Olly Betts <olly@survex.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>