Amitay Isaacs [Tue, 9 Apr 2019 04:44:04 +0000 (14:44 +1000)]
ctdb-common: Avoid race between fd and signal events
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13895
In run_proc, there was an implicit assumption that when a process exits,
fd event (pipe between parent and child) would be processed first and
signal event (SIGCHLD for the child) would be processed later.
However, that is not the case. SIGCHLD can be received asynchronously
any time even when the pipe data has not fully been read. This causes
run_proc to miss some of the output from child process in tests.
When SIGCHLD is being processed, if the pipe between parent and child is
still open, then do an explict read from the pipe to ensure we read any
data still in the pipe before closing the pipe.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Apr 12 08:19:29 UTC 2019 on sn-devel-144
(cherry picked from commit
289201277cd983b27cdfd5376c607eab112b4082)
Martin Schwenke [Fri, 5 Apr 2019 05:17:35 +0000 (16:17 +1100)]
ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake"
We also can not assume that nodes can be marked as connected via only
the keepalive mechanism. Keepalives are not sent to disconnected
nodes so, in the absence of other packets (e.g. broadcasts), 2 nodes
may never become marked as connected to each other.
Revert to marking nodes as connected in the TCP transport code. If a
connection is to a non(-operational) ctdbd then it will revert to
disconnected after a short while and may actually flap. This should
be rare.
This reverts commit
66919db3d7ab1e091223faf515b183af8bfddc83.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13888
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
38dc6d11a26c2e9a2cae7927321f2216ceb1c5ec)
Christof Schmitt [Thu, 28 Mar 2019 17:46:43 +0000 (10:46 -0700)]
torture: Add test for talloc size accounting in memcache
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 6 06:08:42 UTC 2019 on sn-devel-144
(cherry picked from commit
b7028c42462c34cf86cb949bfdb16ebc7ed0a6c6)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Thu Apr 11 14:56:59 UTC 2019 on sn-devel-144
Christof Schmitt [Fri, 5 Apr 2019 22:43:21 +0000 (15:43 -0700)]
memcache: Increase size of default memcache to 512k
With the fixed accounting of talloc objects, the default cache size
needs to increase. The exact increase required depends on the workloads,
going form 256k to 512k seems like a reasonable guess.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
9ff5c0bab76c5d3d7bea1fcb79861d0c9a3b9839)
Christof Schmitt [Mon, 1 Apr 2019 23:23:35 +0000 (16:23 -0700)]
memcache: Properly track the size of talloc objects
With memcache_add_talloc, the talloc object becomes part of the pool and
the memcache_element stores a pointer to the talloc object. The
size of the the talloc object was not used when tracking the used space,
allowing the cache to grow larger than defined in the memcache_init
call.
Fix this by adding the size of the talloc object to the used space.
Also record the initial size of the talloc object for proper adjustment
of the used space in the cache later. This is in case the size of the
talloc object is modified while being owned by the cache (e.g.
allocating talloc child objects). This should never happen, but better
be safe than ending up with a broken cache usage counter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
a04ca6f3438595ba7e1a110877f53d1cac0f0402)
Christof Schmitt [Mon, 1 Apr 2019 22:38:59 +0000 (15:38 -0700)]
memcache: Introduce struct for storing talloc pointer
This allows extending the additional data stored for talloced objects
later.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
7c44f2f76eefb9156cb1d170c92b4ff07dd6a3d5)
Martin Schwenke [Wed, 20 Mar 2019 10:22:43 +0000 (21:22 +1100)]
ctdb-scripts: Update statd-callout to try several configuration files
The alternative seems to be to try something via CTDB_NFS_CALLOUT.
That would be complicated and seems like overkill for something this
simple.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
a2bd4085896804ee2da811e17f18c78a5bf4e658)
Martin Schwenke [Wed, 20 Mar 2019 10:19:49 +0000 (21:19 +1100)]
ctdb-scripts: Allow load_system_config() to take multiple alternatives
The situation for NFS config has got more complicated and is probably
broken in statd-callout on Debian-like systems at the moment. Allow
several alternative configuration names to be tried. Stop after the
first that is found and loaded.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
0d67ea5fcca766734ecc73ad6b0139f7c13a15c5)
Martin Schwenke [Tue, 26 Mar 2019 04:07:43 +0000 (15:07 +1100)]
ctdb-tests: Update NFS test infrastructure to support systemd services
The tests are written around the default of sysvinit-redhat. Add
support for systemd-redhat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
2833ddcfcb780497264e0f412a9ad6e26a9bc657)
Martin Schwenke [Wed, 20 Mar 2019 06:45:10 +0000 (17:45 +1100)]
ctdb-scripts: Add systemd services to NFS call-out
At least Red Hat and Debian appear to use (a variant of?) the upstream
systemd units for NFS, so adding support for these services is
relatively easy. Distributions using Sys-V init can patch the
call-out to use the relevant Sys-V init services.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
a8fafd377ff0cb07ab161e437c5fe024704345eb)
Martin Schwenke [Thu, 21 Mar 2019 04:30:00 +0000 (15:30 +1100)]
ctdb-scripts: Start NFS quota service if defined
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
708c04071af8d6ddc3bf2bddbde4d5847f440c0e)
Martin Schwenke [Wed, 20 Mar 2019 06:35:44 +0000 (17:35 +1100)]
ctdb-scripts: Stop/start mount/rquotad/status via NFS call-out
When an NFS check restarts a failed service by hand then systemd will
be unable to stop or start this service again because (at least) the
PID file will be wrong. Do this via the NFS Linux kernel call-out
instead. Allow the call-out to use the services instead of doing
manual restarts. Add variables for mount, status and rquotad services
to support this.
Adding systemd NFS services to the call-out will follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
42103b568698d8087d27f0848b402ccb7cfac86b)
Martin Schwenke [Wed, 20 Mar 2019 05:11:32 +0000 (16:11 +1100)]
ctdb-scripts: Factor out nfs_load_config()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
8de0a339b550e7363d265af04ad69f2179af75c6)
Martin Schwenke [Tue, 26 Mar 2019 03:49:49 +0000 (14:49 +1100)]
ctdb-scripts: Add test variable CTDB_NFS_DISTRO_STYLE
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
e72c3c800a50fe746164e319e21180c44d041619)
Martin Schwenke [Wed, 20 Mar 2019 03:50:59 +0000 (14:50 +1100)]
ctdb-scripts: Rename variable nfslock_service to nfs_lock_service
There will be more of these variable for other services so, for
readability, it makes sense for them to start with "nfs_".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
9981353ab79dce81b698c535977be4a681119d1e)
Martin Schwenke [Mon, 18 Mar 2019 03:42:36 +0000 (14:42 +1100)]
ctdb-scripts: Reindent some functions prior to making changes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
d7e187c1a7046196ec96637bdc14cc6b042eafcc)
Douglas Bagnall [Wed, 3 Apr 2019 21:43:30 +0000 (10:43 +1300)]
py/provision: fix for Python 2.6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13882
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Wed Apr 10 14:21:16 UTC 2019 on sn-devel-144
Günther Deschner [Tue, 2 Apr 2019 11:16:55 +0000 (13:16 +0200)]
s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join
When a non-DNS and non-default admin domain is provided during the join
sometimes we might not be able to kinit with 'user@SHORTDOMAINNAME'
(e.g. when the winbind krb5 locator is not installed). In that case lets
fallback to NTLMSSP, like we do in winbind.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 3 18:57:31 UTC 2019 on sn-devel-144
(cherry picked from commit
377d27359ccdb8f2680fda36ca388f44456590e5)
Günther Deschner [Tue, 2 Apr 2019 11:16:11 +0000 (13:16 +0200)]
s3-libnet_join: setup libnet join error string when AD connect fails
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
68121f46c74df9cef7a377040d01ba75cdcf5a26)
Günther Deschner [Tue, 2 Apr 2019 11:14:06 +0000 (13:14 +0200)]
s3-libnet_join: always pass down admin domain to ads layer
Otherwise we could loose the information that a non-default domain name
has been used for admin creds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
ea29aa27cbac4253ee1701fed99a3e0811f7475d)
Guenther Deschner [Mon, 1 Apr 2019 15:40:03 +0000 (17:40 +0200)]
s3:ldap: Leave add machine code early for pre-existing accounts
This avoids numerous LDAP constraint violation errors when we try to
re-precreate an already existing machine account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
2044ca0e20bd3180720a82506b3af041d14b5c68)
Andreas Schneider [Mon, 1 Apr 2019 14:47:26 +0000 (16:47 +0200)]
s3:libads: Make sure we can lookup KDCs which are not configured
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
c016afc832543514ebf7ecda1fbe6b272ea533d6)
Andreas Schneider [Mon, 1 Apr 2019 14:39:45 +0000 (16:39 +0200)]
s3:libnet: Use more secure name for the JOIN krb5.conf
Currently we create krb5.conf..JOIN, use krb5.conf._JOIN_ instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
b7f0c64514a28cfb5d2cdee683c18943b97ea753)
Andreas Schneider [Mon, 1 Apr 2019 13:59:10 +0000 (15:59 +0200)]
auth:creds: Prefer the principal over DOMAIN/username when using NTLM
If we want to authenticate using -Wadmin@otherdomain the DC should do
take care of the authentication with the right DC for us.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5c7f0a6902cfdd698e5f4159d37537bb4c9c1cc3)
Guenther Deschner [Wed, 27 Mar 2019 16:51:04 +0000 (17:51 +0100)]
auth:ntlmssp: Add back CRAP ndr debug output
This got lost somehow during refactoring. This is still viable
information when trying to figure out what is going wrong when
authenticating a user over NTLMSSP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
9e92654899db3c951bee0203415a15737402e7b7)
Guenther Deschner [Mon, 1 Apr 2019 15:46:39 +0000 (17:46 +0200)]
s3:libnet: Fix debug message in libnet_DomainJoin()
A newline is missing but also use DBG_INFO macro and cleanup spelling.
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
3a33c360071bb7cada58f1f71ccd8949fda70662)
Andreas Schneider [Wed, 27 Mar 2019 15:45:39 +0000 (16:45 +0100)]
s3:libsmb: Add some useful debug output to cliconnect
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
011a47f04dabe22095a30d284662d8ca50463ee8)
Andreas Schneider [Fri, 29 Mar 2019 10:34:53 +0000 (11:34 +0100)]
s3:libads: Print more information when LDAP fails
Currently we just get an error but don't know what exactly we tried to
do in 'net ads join -d10'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
40669e3739eb5cde135c371e2c8134d3f11a16a5)
Andreas Schneider [Fri, 22 Mar 2019 13:39:11 +0000 (14:39 +0100)]
docs: Update smbclient manpage for --max-protocol
We default to SMB3 now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13857
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
63084375e3c536f22f65e7b7796d114fa8c804c9)
Karolin Seeger [Mon, 8 Apr 2019 10:30:35 +0000 (12:30 +0200)]
VERSION: Bump version up to 4.10.3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Mon, 8 Apr 2019 10:30:18 +0000 (12:30 +0200)]
Merge tag 'samba-4.10.2' into v4-10-test
samba: tag release samba-4.10.2
Karolin Seeger [Fri, 5 Apr 2019 08:35:41 +0000 (10:35 +0200)]
VERSION: Disable GIT_SNAPSHOT for 4.10.2 release.
CVE-2019-3870 (World writable files in Samba AD DC private/ dir)
CVE-2019-3880 (Save registry file outside share as unprivileged user)
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 5 Apr 2019 08:18:41 +0000 (10:18 +0200)]
WHATSNEW: Add release notes for Samba 4.10.2.
CVE-2019-3870 (World writable files in Samba AD DC private/ dir)
CVE-2019-3880 (Save registry file outside share as unprivileged user)
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Jeremy Allison [Thu, 21 Mar 2019 21:51:30 +0000 (14:51 -0700)]
CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.
The were not using VFS backend calls and could only work
locally, and were unsafe against symlink races and other
security issues.
If the incoming handle is valid, return WERR_BAD_PATHNAME.
[MS-RRP] states "The format of the file name is implementation-specific"
so ensure we don't allow this.
As reported by Michael Hanselmann.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 21 Mar 2019 04:24:14 +0000 (17:24 +1300)]
CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir()
mkdir() is the other call that requires a umask of 0 in Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Thu, 14 Mar 2019 05:20:06 +0000 (18:20 +1300)]
CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users
Umask manipulation was added to pysmbd with
e146fe5ef96c1522175a8e81db15d1e8879e5652 in 2012
and init_files_struct was split out in
747c3f1fb379bb68cc7479501b85741493c05812 in 2018 for
Samba 4.9. (It was added to assist the smbd.create_file() routine used in the backup and
restore tools, which needed to write files with full metadata).
This in turn avoids leaving init_files_struct() without resetting the umask to
the original, saved, value.
Per umask(2) this is required before open() and mkdir() system calls (along
side other file-like things such as those for Unix domain socks and FIFOs etc).
Therefore for safety and clarify the additional 'belt and braces' umask
manipuations elsewhere are removed.
mkdir() will be protected by a umask() bracket, for correctness, in the next patch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Thu, 21 Mar 2019 04:21:58 +0000 (17:21 +1300)]
CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Tim Beale [Fri, 15 Mar 2019 00:52:50 +0000 (13:52 +1300)]
CVE-2019-3870 tests: Add test to check file-permissions are correct after provision
This provisions a new DC and checks there are no world-writable
files in the new DC's private directory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Tim Beale [Fri, 15 Mar 2019 02:20:21 +0000 (15:20 +1300)]
CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten
The smbd changes the umask - if the code fails to restore the umask to
what it was, then this is very bad. Add an extra check to every
smbd-related test that the umask at the end of the test is the same as
what it was at the beginning (i.e. if the smbd code changed the umask
then it correctly restored the value afterwards).
As the selftest sets the umask for all tests to zero, it makes it hard
to detect this problem, so the test setUp() needs to set it to something
else first.
This extra checking is added to the setUp()/tearDown() so that it
applies to all test-cases. However, any failure that occur with this
approach will not be able to be known-failed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Karolin Seeger [Wed, 3 Apr 2019 08:33:17 +0000 (10:33 +0200)]
VERSION: Bump version up to 4.10.2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit
61c4d715a7382047a9a97165256866fe39ebad26)
Karolin Seeger [Wed, 3 Apr 2019 08:33:17 +0000 (10:33 +0200)]
VERSION: Bump version up to 4.10.2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 3 Apr 2019 08:32:27 +0000 (10:32 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.10.1 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 3 Apr 2019 08:31:06 +0000 (10:31 +0200)]
WHATSNEW: Add release notes for Samba 4.10.1.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Philipp Gesang [Thu, 14 Feb 2019 09:17:28 +0000 (10:17 +0100)]
libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response
Certain Netapp versions are sending SMB2_ENCRYPTION_CAPABILITIES
structures containing DataLength field that includes the padding
[0]. Microsoft has since clarified that only values smaller than
the size are considered invalid [1].
While parsing the NegotiateContext it is ensured that DataLength
does not exceed the message bounds. Also, the value is not
actually used anywhere outside the validation. Thus values
greater than the actual data size are safe to use. This patch
makes Samba fail only on values that are too small for the (fixed
size) payload.
[0] https://lists.samba.org/archive/samba/2019-February/221139.html
[1] https://lists.samba.org/archive/cifs-protocol/2019-March/003210.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13869
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Mar 31 01:11:09 UTC 2019 on sn-devel-144
(cherry picked from commit
865b7b0c7d2ba7fa0a045586d1e83a72028a0864)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Tue Apr 2 13:52:02 UTC 2019 on sn-devel-144
Volker Lendecke [Thu, 21 Feb 2019 17:37:08 +0000 (18:37 +0100)]
lib: Make fd_load work for non-regular files
Follow-up to
https://lists.samba.org/archive/samba/2018-September/217992.html
and following. This also fixes a small and very theoretical race: Between the
fstat and the read call the file size might change. This would make us fail on
potentially legitimate files.
This is more complex and probably slower, but looking at the use cases I don't
think the speed matters.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13859
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 26 04:43:40 UTC 2019 on sn-devel-144
(cherry picked from commit
ac487bf4d04c9771ada1ca7eeb9dac4e5fe34185)
Anoop C S [Thu, 27 Dec 2018 12:49:42 +0000 (18:19 +0530)]
s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so
Early check for DEVELOPER or ENABLE_SELFTEST configure options inside
messaging_handlers.c leaves us with the following undefined reference
linkage error:
[1315/3712] Linking bin/default/source4/lib/messaging/libMESSAGING-samba4.so
/usr/bin/ld: source4/lib/messaging/messaging.c.4.o: in function
`imessaging_init_internal':
/root/samba.git/bin/default/../../source4/lib/messaging/messaging.c:472:
undefined reference to `imessaging_register_extra_handlers'
collect2: error: ld returned 1 exit status
This happened due to failure in including "includes.h" before checking
the above mentioned configure options.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13854
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
08ba013a2b8b2cf9fc17fdcb3d107e1434709036)
Michael Saxl [Thu, 21 Mar 2019 17:22:38 +0000 (18:22 +0100)]
s4:dlz make b9_has_soa check dc=@ node
the zone node does not hold the dnsRecord values, so for the zone level
the node dc=@,dc=zonename has to be queried
regression introduced with
28e2a518ff32, BUG: https://bugzilla.samba.org/show_bug.cgi?id=13466
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13841
Signed-off-by: Michael Saxl <mike@mwsys.mine.bz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
526c6d0be53d97beb38f82a3619d8710fefb4091)
Garming Sam [Thu, 21 Mar 2019 03:12:26 +0000 (16:12 +1300)]
dlz: Add test to ensure there are writable zones
This is currently broken since
28e2a518ff32
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13841
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
6c62e05466917d9454d67eb2dd77e303e612c8a9)
Andrew Bartlett [Wed, 20 Mar 2019 04:33:46 +0000 (17:33 +1300)]
regfio tests: Update comment style to match README.Coding
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
68c0fc4335d0c3c526a38481538a33290be6d58a)
Andrew Bartlett [Wed, 20 Mar 2019 04:32:39 +0000 (17:32 +1300)]
regfio: Update code near recent changes to match README.Coding
This file long predates our current code conventions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
acbf103fcaa4150a57bfbab2450e36b5b39e399b)
Michael Hanselmann [Sun, 17 Mar 2019 12:49:20 +0000 (13:49 +0100)]
regfio: Improve handling of malformed registry hive files
* next_record: A malformed file can lead to an endless loop.
* regfio_rootkey: Supplying a malformed registry hive file to the
registry hive I/O code can lead to out-of-bounds reads.
Test cases are included. Both issues resolved have been identified using
AddressSanitizer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
601afd690346087fbd53819dba9b1afa81560064)
Michael Hanselmann [Mon, 18 Mar 2019 23:47:52 +0000 (00:47 +0100)]
regfio: Add trivial unit test
An upcoming commit will resolve two cases of insufficient handling of
mangled registry hive files and will include unit tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
9b2cb845b23cd1c91ab3b5ea8ad791b18b3ab733)
Michael Hanselmann [Sun, 17 Mar 2019 15:20:47 +0000 (16:20 +0100)]
regfio: Use correct function names in debug information
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
aa6b355858a0d8b77bf49384e5329642add1a5ff)
Michael Hanselmann [Sun, 17 Mar 2019 12:04:52 +0000 (13:04 +0100)]
Fix typos in "valid"
s/vald/valid/
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
305346d360d3c13fd315c1af27b037f46fd10650)
Douglas Bagnall [Tue, 26 Mar 2019 20:47:56 +0000 (09:47 +1300)]
py/logger: use python 2.6 compatible arguments
In 2.6 stream is a positional argument; 2.7+ it is also a keyword
argument.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13837
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Tue, 19 Mar 2019 23:12:34 +0000 (12:12 +1300)]
py/uptodateness: use 2.6 compatible dictionary construction
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13837
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Fri, 22 Mar 2019 02:24:47 +0000 (15:24 +1300)]
py/kcc_utils: py2.6 compatibility
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13837
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Tue, 19 Mar 2019 23:02:09 +0000 (12:02 +1300)]
py/graph: use 2.6 compatible check for set membership
It is better this way anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13837
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 20 06:36:05 UTC 2019 on sn-devel-144
(cherry picked from commit
c0aca17a4c9ec06f0127d5c972f3fa979a87a77f)
Garming Sam [Tue, 12 Mar 2019 21:52:19 +0000 (10:52 +1300)]
acl_read: Fix regression caused by
db15fcfa899e1fe4d6994f68ceb299921b8aa6f1 for empty lists
The original code never dereferenced attrs and only added "*" if attrs
was NULL (not if attrs[0] was NULL).
This causes significant performance issues with the new paged_results
module introduced for 4.10 as the initial GUID search requests no
attributes. This GUID search turns into a search for "*" and ends up
allocating memory for the entire database.
This never appears to cause changes in the final result set, only
intermediate processing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13836
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 29 18:37:29 UTC 2019 on sn-devel-144
(cherry picked from commit
a2b1970a37836e46d6c9eb6bda9bd20185de96ce)
Aaron Haslett [Mon, 25 Mar 2019 00:13:33 +0000 (13:13 +1300)]
ldb: cmocka test for empty attributes bug
Cmocka test exposing LDB bug where a request with an empty attributes
list returns a response containing all attributes. The bug is in the
ACL module and will be fixed in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13836
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
24efa3ca5399d5cf538c3be504014a954685f1ed)
Stefan Metzmacher [Tue, 19 Mar 2019 12:05:16 +0000 (13:05 +0100)]
dbcheck: use the str() value of the "name" attribute
We do the same with the rdn attribute value
and we need the same logic on both in order to
check they are the same.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit
dd6f0dad218ec1d5aa38ea8aa6848ec81035cb3f)
Stefan Metzmacher [Tue, 12 Mar 2019 10:41:01 +0000 (11:41 +0100)]
dbcheck: don't check expired tombstone objects by default anymore
These will be removed anyway and any change on them risks to
be an originating update that causes replication problems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 14 03:12:27 UTC 2019 on sn-devel-144
(cherry picked from commit
a2c5f8cf41c2dfdc4f122e8427d1dfeabb6ba311)
Stefan Metzmacher [Tue, 12 Mar 2019 10:38:22 +0000 (11:38 +0100)]
blackbox/dbcheck-links.sh: prepare regression test for skipping expired tombstones
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
b096a3117ed9249fd6f65f3221a26c88efbba3b8)
Stefan Metzmacher [Tue, 12 Mar 2019 10:04:33 +0000 (11:04 +0100)]
blackbox/dbcheck*.sh: pass --selftest-check-expired-tombstones to dbcheck
These tests operate on provision dumps created long ago, they still
want to run tests on deleted objects, when the next commits remove
processing expired tombstone objects in dbcheck.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5fccc4e9044d2e57be33471f5e6b9be7cc37ac3a)
Stefan Metzmacher [Tue, 12 Mar 2019 10:02:18 +0000 (11:02 +0100)]
dbcheck: add --selftest-check-expired-tombstones cmdline option
This will be used by dbcheck tests which operate on static/old provision
dumps in the following commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
6f9c5ed8de47bb98e21e8064d8e90f963f2f71ca)
Stefan Metzmacher [Tue, 12 Mar 2019 09:25:40 +0000 (10:25 +0100)]
python/samba/netcmd: provide SUPPRESS_HELP via Option class
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
b61d580fb7dba8ff94e9e98c958e324865cd2f1d)
Stefan Metzmacher [Thu, 28 Feb 2019 17:22:18 +0000 (18:22 +0100)]
dbcheck: detect the change after deletion bug
Old versions of 'samba-tool dbcheck' could reanimate
deleted objects, when running at the same time as the
tombstone garbage collection.
When the (deleted) parent of a deleted object
(with the DISALLOW_MOVE_ON_DELETE bit in systemFlags),
is removed before the object itself, dbcheck moved
it in the LostAndFound[Config] subtree of the partition
as an originating change. That means that the object
will be in tombstone state again for 180 days on the local
DC. And other DCs fail to replicate the object as
it's already removed completely there and the replication
only gives the name and lastKnownParent attributes, because
all other attributes should already be known to the other DC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
a1658b306d85452407388b91a745078c9c1f7dc7)
Stefan Metzmacher [Mon, 11 Mar 2019 22:14:02 +0000 (23:14 +0100)]
blackbox/dbcheck-links.sh: add regression test for lost deleted object repair
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
1ccc21a34d295be3bb2ab481a5918003eae88bf4)
Stefan Metzmacher [Thu, 28 Feb 2019 17:16:27 +0000 (18:16 +0100)]
dbcheck: add find_repl_attid() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
598e38d2a5e0832429ba65b4e55bf7127618f894)
Stefan Metzmacher [Mon, 25 Feb 2019 14:35:22 +0000 (15:35 +0100)]
dbcheck: don't remove dangling one-way links on already deleted objects
This would typically happen when the garbage collection
removed a parent object before a child object (both with
the DISALLOW_MOVE_ON_DELETE bit set in systemFlags),
while dbcheck is running at the same time as the garbage collection.
In this case the lastKnownParent attributes points a non existing
object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
e388e599495b6d7c38b8b6966332e27f8b958783)
Stefan Metzmacher [Mon, 25 Feb 2019 14:35:22 +0000 (15:35 +0100)]
dbcheck: don't move already deleted objects to LostAndFound
This would typically happen when the garbage collection
removed a parent object before a child object (both with
the DISALLOW_MOVE_ON_DELETE bit set in systemFlags),
while dbcheck is running at the same time as the garbage collection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
6d50ee74920c39cdb18b427bfaaf200775bf2d73)
Stefan Metzmacher [Mon, 25 Feb 2019 14:09:36 +0000 (15:09 +0100)]
dbcheck: do isDeleted, systemFlags and replPropertyMetaData detection first
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
9afcd5331ce567bd80d35175f8e4e21c506e9347)
Stefan Metzmacher [Mon, 11 Mar 2019 21:45:46 +0000 (22:45 +0100)]
dbcheck: use DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME when renaming deleted objects
We should never do originating updates on deleted objects.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
07a8326746f0c444eedf3860b178fc29d84e8d16)
Stefan Metzmacher [Mon, 11 Mar 2019 21:38:38 +0000 (22:38 +0100)]
dsdb:repl_meta_data: allow CONTROL_DBCHECK_FIX_LINK_DN_NAME to by pass rename
We need a way to rename an object without updating the replication meta
data.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
3e8a435d27da899d0e3dab7cbc0a1c738067eba3)
Stefan Metzmacher [Mon, 11 Mar 2019 13:52:57 +0000 (14:52 +0100)]
blackbox/dbcheck-links.sh: reproduce lost deleted object problem
When a parent object is removed during the tombstone garbage collection
before a child object and samba-tool dbcheck runs at the same time, the
following can happen:
- If the object child had DISALLOW_MOVE_ON_DELETE in systemFlags,
samba-tool dbcheck moves the object under the LostAndFound[Config]
object (as an originating update!)
- The lastKnownParent attribute is removed (as an originating update!)
These originating updates cause the object to have an extended time
as tombstone. And these changes are replicated to other DCs,
which very likely already removed the object completely!
This means the destination DC of replication has no chance to handle
the object it gets from the source DC with just 2 attributes (name, lastKnownParent).
The destination logs something like:
No objectClass found in replPropertyMetaData
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5357f591accffbf8c62335c308b985811b66f0b5)
Stefan Metzmacher [Tue, 12 Mar 2019 09:36:49 +0000 (10:36 +0100)]
blackbox/*.sh: pass -u to 'diff'
This is what we work with every day...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
8ba6f1c895ee9b6b592578f21e7f79ed36236bef)
Stefan Metzmacher [Wed, 27 Feb 2019 07:22:09 +0000 (08:22 +0100)]
selftest: force running with TZ=UTC
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 27 11:24:59 UTC 2019 on sn-devel-144
(cherry picked from commit
4f307f2302b0fe8fd0fc6379eb8e6491faf8520c)
Andreas Schneider [Thu, 21 Mar 2019 10:55:46 +0000 (11:55 +0100)]
s3:waf: Fix the detection of makdev() macro on Linux
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13853
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
eace58b539a382c61edd7c2be6fdfab31114719f)
Andreas Schneider [Wed, 13 Mar 2019 11:00:27 +0000 (12:00 +0100)]
s3:tests: Add test for smbstatus and smbstatus --resolve_uids
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13793
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 27 14:33:35 UTC 2019 on sn-devel-144
(cherry picked from commit
2e7f4b1d3701b9da32e03dcee1095711945f22b8)
Andreas Schneider [Wed, 13 Mar 2019 11:00:11 +0000 (12:00 +0100)]
selftest: Add smbstatus to testhelper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13793
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
6106b8a053e06699c332fd1a6d7636f550422cc7)
Andreas Schneider [Mon, 18 Feb 2019 13:11:32 +0000 (14:11 +0100)]
s3:utils: Add 'smbstatus -L --resolve-uids' to show usernames
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13793
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ffad76ae260ac33926db87c61aede5b66d9b09e6)
Andreas Schneider [Tue, 8 Jan 2019 11:21:36 +0000 (12:21 +0100)]
s3:utils: Use C99 initializer for poptOption in smbstatus
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
83d25ca9d90897925a4431dd55e68c78244900b3)
Andreas Schneider [Thu, 17 Jan 2019 12:58:14 +0000 (13:58 +0100)]
s3:lib: Fix the debug message for adding cache entries.
To get correct values, we need to cast 'timeout' to 'long int' first in
order to do calculation in that integer space! Calculations are don in
the space of the lvalue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13848
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit
5822449a7340f53987ce4c04851652427f5b49e8)
Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Fri Mar 22 12:50:24 UTC 2019 on sn-devel-144
Andreas Schneider [Wed, 20 Mar 2019 10:09:21 +0000 (11:09 +0100)]
s4:librpc: Fix installation of Samba
This breaks installation of Samba 4.10 on Fedora.
https://bugzilla.samba.org/show_bug.cgi?id=13847
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit
bf469343f577e2d78df0e38d80e7976b351eaf0d)
Martin Schwenke [Thu, 14 Mar 2019 05:32:02 +0000 (16:32 +1100)]
ctdb-tests: Add some testing for IPv4-mapped IPv6 address parsing
ctdb_sock_addr values are hashed in some contexts. This means that
all of the memory used for the ctdb_sock_addr should be consistent
regardless of how parsing is done. The first 2 cases are just sanity
checks but the 3rd case involving an IPv4-mapped IPv6 address is the
real target of this test addition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13839
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
d9286701cd9253bf3b42cac3d850ae8c23743e6d)
Zhu Shangzhong [Tue, 12 Mar 2019 12:49:48 +0000 (20:49 +0800)]
ctdb: Initialize addr struct to zero before reparsing as IPV4
Failed to kill the tcp connection that using IPv4-mapped IPv6 address
(e.g. ctdb_killtcp eth0 ::ffff:192.168.200.44:2049
::ffff:192.168.200.45:863).
When the ctdb_killtcp is used to kill the tcp connection, the IPs and
ports in the connection will be parsed to conn.client and conn.server
(call stack: main->ctdb_sock_addr_from_string->ip_from_string). In
the ip_from_string, as we are using IPv4-mapped IPv6 addresses, the
ipv6_from_string will be used to parse ip to addr.ip6 first. The next
step the ipv4_from_string will be used to reparse ip to addr.ip.
As a result, the data that dump from conn.server is "2 0 8 1 192 168
200 44 0 0 0 0 0 0 0 0 0 0 255 255 192 168 200 44 0 0 0 0", the data
from conn.client is "2 0 3 95 192 168 200 45 0 0 0 0 0 0 0 0 0 0 255 255
192 168 200 45 0 0 0 0". The connection will be add to conn_list by
ctdb_connection_list_add. Then the reset_connections_send uses conn_list
as parameter to start to reset connections in the conn_list.
In the reset_connections_send, the database "connections" will be
created. The connections from conn_list will be written to the
database(call db_hash_add), and use the data that dump from conn_client
and conn_server as key.
In the reset_connections_capture_tcp_handler, the
ctdb_sys_read_tcp_packet will receive data on the raw socket. And
extract the IPs and ports from the tcp packet. when extracting IP and
port, the tcp4_extract OR tcp6_extract will be used. Then we got the
new conn.client and conn.server. the data that dump from the
conn.server is "2 0 8 1 192 168 200 44 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0", the data from conn.client is "2 0 3 95 192 168 200 45 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0". Finally, we use the data as key to check
if this connection is one being reset(call db_hash_delete). The
db_hash_delete will return ENOENT. Because the two key that being used
by db_hash_delete and db_hash_add are different.
So, the TCP RST will be NOT sent for the connection forever. We should
initialize addr struct to zero before reparsing as IPV4 in the
ip_from_string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13839
Signed-off-by: Zhu Shangzhong <zhu.shangzhong@zte.com.cn>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
539b5ff32b32b7c75dfaaa119e41f5af6ff1e6fc)
Martin Schwenke [Wed, 6 Mar 2019 08:16:55 +0000 (19:16 +1100)]
ctdb-packaging: Test package requires tcpdump
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13838
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
957c38b65ca060eabe1e676f8dfb54839d706155)
Martin Schwenke [Wed, 6 Mar 2019 03:36:01 +0000 (14:36 +1100)]
ctdb-packaging: ctdb package should not own system library directory
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13838
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
b2b8dce4fc56c27ef0131104b316346565369dd7)
Andreas Schneider [Tue, 12 Mar 2019 10:40:30 +0000 (11:40 +0100)]
s3:client: Fix smbspool device uri handling
If we are executed as a CUPS backend, argv[0] is set to the device uri.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bryan Mason <bmason@redhat.com>
Signed-off-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
69d7a496d3bf52eaa10e81132bb61430863fdd8a)
Andreas Schneider [Tue, 12 Mar 2019 09:09:14 +0000 (10:09 +0100)]
s3:client: Make sure we work on a copy of the title
We can't be sure we can write to the input buffer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bryan Mason <bmason@redhat.com>
Signed-off-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
129ae27946318a075e99c9e6d1bacf8963f72282)
Andreas Schneider [Fri, 4 Jan 2019 08:21:24 +0000 (09:21 +0100)]
s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cups
This should not switch to username,password if cups has been configured
to use negotiate (Kerberos authentication).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bryan Mason <bmason@redhat.com>
Signed-off-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
5274b09fbaa5e45cc58f3301818d4e9f6a402845)
Andreas Schneider [Tue, 12 Mar 2019 08:40:58 +0000 (09:40 +0100)]
s3:client: Pass DEVICE_URI and AUTH_INFO_REQUIRED env to smbspool
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bryan Mason <bmason@redhat.com>
Signed-off-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
43160184d254a57f87bb2adeba47f48d8539533a)
Andreas Schneider [Tue, 12 Mar 2019 09:15:05 +0000 (10:15 +0100)]
s3:script: Fix jobid check in test_smbspool.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bryan Mason <bmason@redhat.com>
Signed-off-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit
fad5e4eaeb9202c1b63c42ea09254c17c473e33a)
Martin Schwenke [Thu, 7 Mar 2019 04:53:31 +0000 (15:53 +1100)]
ctdb-tests: Build cluster mutex path manually
CTDB_CLUSTER_MUTEX_HELPER can't be depended on because it is only set
when the tests are not installed and setting it unconditionally for
this particular use would be wrong.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
(cherry picked from commit
a215d2017f95974913a7e97c25e5fc613bb79c26)
Stefan Metzmacher [Fri, 1 Mar 2019 14:48:18 +0000 (15:48 +0100)]
ndr_spoolss_buf: fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13818
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit
6da3664f8a11397fd3fb38e89c2432b8bf321e59)
Amitay Isaacs [Fri, 15 Mar 2019 01:14:27 +0000 (12:14 +1100)]
ctdb-version: Simplify version string usage
There is no need to write SAMBA_VERSION_STRING as CTDB_VERSION_STRING.
Wherever required use SAMBA_VERSION_STRING directly.
Avoids the confusion with two version.h files.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13789
Signed-off-by: Amitay Isaacs <amitay@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Mar 15 06:31:50 UTC 2019 on sn-devel-144
(cherry picked from commit
edd4a23d7632af51f4d7b4287917b7fa0dced963)
Martin Schwenke [Thu, 7 Mar 2019 06:53:25 +0000 (17:53 +1100)]
ctdb-build: Drop creation of .distversion in tarball
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13789
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
148306674d0e4706adca3e5dcbb779c51a2c03da)
Stefan Metzmacher [Fri, 16 Jun 2017 10:15:25 +0000 (12:15 +0200)]
ctdb-build: use a fixed ctdb_version.h using SAMBA_VERSION_STRING
This way we don't get constant rebuild as SAMBA_VERSION_STRING
is "4.7.0pre1.DEVELOPERBUILD" for the binaries under bin/
instead of "4.7.0pre1.GIT.
59e51f6".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13789
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
05c28fee21c0cc986cb8301f4199595cdb13faee)
Karolin Seeger [Tue, 19 Mar 2019 09:57:53 +0000 (10:57 +0100)]
VERSION: Bump version up to 4.10.1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Tue, 19 Mar 2019 09:57:00 +0000 (10:57 +0100)]
VERSION: Disable GIT_SNAPSHOT for the 4.10.0 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>