bbaumbach/samba-autobuild/.git
2 months agolibcli:auth: Use 'bool ok' in ntv2_owf_gen()
Andreas Schneider [Tue, 4 Dec 2018 08:49:17 +0000 (09:49 +0100)]
libcli:auth: Use 'bool ok' in ntv2_owf_gen()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agolibcli:auth: Use GnuTLS MD5 HMAC in SMBsesskeygen_ntv2()
Andreas Schneider [Wed, 15 May 2019 06:25:36 +0000 (08:25 +0200)]
libcli:auth: Use GnuTLS MD5 HMAC in SMBsesskeygen_ntv2()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agolibcli:auth: Use GnuTLS MD5 HMAC in SMBOWFencrypt_ntv2()
Andreas Schneider [Wed, 15 May 2019 06:05:38 +0000 (08:05 +0200)]
libcli:auth: Use GnuTLS MD5 HMAC in SMBOWFencrypt_ntv2()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agolibcli:auth: Use GnuTLS MD5 HMAC in ntv2_owf_gen()
Andreas Schneider [Wed, 15 May 2019 06:05:11 +0000 (08:05 +0200)]
libcli:auth: Use GnuTLS MD5 HMAC in ntv2_owf_gen()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agolibcli:auth: Use GnuTLS MD5 in decode_wkssvc_join_password_buffer()
Andreas Schneider [Wed, 15 May 2019 06:04:08 +0000 (08:04 +0200)]
libcli:auth: Use GnuTLS MD5 in decode_wkssvc_join_password_buffer()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agolibcli:auth: Use GnuTLS MD5 in encode_or_decode_arc4_passwd_buffer()
Andreas Schneider [Wed, 15 May 2019 06:02:59 +0000 (08:02 +0200)]
libcli:auth: Use GnuTLS MD5 in encode_or_decode_arc4_passwd_buffer()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agolibcli:auth: Use GnuTLS MD5 in encode_wkssvc_join_password_buffer()
Andreas Schneider [Wed, 15 May 2019 06:03:31 +0000 (08:03 +0200)]
libcli:auth: Use GnuTLS MD5 in encode_wkssvc_join_password_buffer()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agolibcli:auth: Use GnuTLS MD5 in encode_or_decode_arc4_passwd_buffer()
Andreas Schneider [Wed, 15 May 2019 06:02:59 +0000 (08:02 +0200)]
libcli:auth: Use GnuTLS MD5 in encode_or_decode_arc4_passwd_buffer()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agolibcli:auth: Use GnuTLS MD5 for E_md5hash() in smbcrypt
Andreas Schneider [Wed, 15 May 2019 06:02:18 +0000 (08:02 +0200)]
libcli:auth: Use GnuTLS MD5 for E_md5hash() in smbcrypt

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agotorture: Address flapping samba4.rpc.altercontext test
Andrew Bartlett [Wed, 15 May 2019 04:07:16 +0000 (16:07 +1200)]
torture: Address flapping samba4.rpc.altercontext test

NT_STATUS_CONNECTION_DISCONNECTED and NT_STATUS_CONNECTION_RESET are
equivilent for the purposes of this test, both come from the server
shutting down the connection, the difference comes from two different
unix error numbers that can come from this.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon May 20 05:17:42 UTC 2019 on sn-devel-184

2 months agoldap_server: Run ldapsrv_queue_reply() in the ldb callback, rather than waiting for...
Andrew Bartlett [Wed, 3 Apr 2019 04:11:01 +0000 (17:11 +1300)]
ldap_server: Run ldapsrv_queue_reply() in the ldb callback, rather than waiting for the full result

Based on earlier work by Garming Sam.

This allows the server to stop working on a reply that will never
be sent to the client as it is too large.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agoldap_server: chunk the writev() calls at 25MB
Andrew Bartlett [Tue, 14 May 2019 00:08:03 +0000 (12:08 +1200)]
ldap_server: chunk the writev() calls at 25MB

This should limit the amount we send to GENSEC at a
time where it may help avoid large realloc or memcpy calls.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agoldap_server: Add explict repsonse size limit of 256MB
Andrew Bartlett [Wed, 8 May 2019 02:03:50 +0000 (14:03 +1200)]
ldap_server: Add explict repsonse size limit of 256MB

This allows us to replace the implicit limit via data_blob_append()
removed in the previous commit.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agoldap_server: Use an array of struct iovec to avoid data_blob_append()
Andrew Bartlett [Thu, 4 Apr 2019 04:25:30 +0000 (17:25 +1300)]
ldap_server: Use an array of struct iovec to avoid data_blob_append()

This avoids a the implicit 256MB limit on LDAP replies (allowing this
to be increased in the future) and means we copy less memory around.

However because we can only have 1024 entries in a struct iovec (on Linux)
we will need to call tstream_writev_queue_send() multiple times.

Calling it in chunks of 1024 seems a reasonable compromise, the
gensec layer will chunk it out smaller if required.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agoldap_server: Run the ldap_encode() step in ldapsrv_queue_reply()
Andrew Bartlett [Thu, 4 Apr 2019 03:52:17 +0000 (16:52 +1300)]
ldap_server: Run the ldap_encode() step in ldapsrv_queue_reply()

This avoids holding the memory for the response twice,
by the time the result is queued it is only ASN.1 encoded.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agoldap_server: Remove success_limit
Andrew Bartlett [Wed, 3 Apr 2019 03:48:33 +0000 (16:48 +1300)]
ldap_server: Remove success_limit

This was always set to 0 so was poinless.  Any LDAP scope can return 0 entries,
even a SCOPE_BASE if the filter does not match.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agoselftest: Remove gensec.FEATURE_SEAL from samba4.ldap.notification
Andrew Bartlett [Mon, 8 Apr 2019 02:54:04 +0000 (14:54 +1200)]
selftest: Remove gensec.FEATURE_SEAL from samba4.ldap.notification

This made it much harder to watch under wireshark and is not required (no password setting).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agodsdb: lock metadata.tdb during lock_read in partitions module
Andrew Bartlett [Wed, 15 May 2019 22:44:42 +0000 (10:44 +1200)]
dsdb: lock metadata.tdb during lock_read in partitions module

metadata.tdb was being locked during transactions, but not during read, and
we should ensure we take all our locks in order for consistency

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13950

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agodsdb/partition: Remove teardown of data->metadata on partition_metadata_set_sequence_...
Andrew Bartlett [Thu, 16 May 2019 04:15:39 +0000 (16:15 +1200)]
dsdb/partition: Remove teardown of data->metadata on partition_metadata_set_sequence_number() failure

This changes variables that are not the responsiblity of this function, the unlock
implied by partition_del_trans() needs to be done carefully in the right spot.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agodsdb/partition: Move in_transaction decrement to end of partition_del_trans()
Andrew Bartlett [Thu, 16 May 2019 03:12:55 +0000 (15:12 +1200)]
dsdb/partition: Move in_transaction decrement to end of partition_del_trans()

It makes no sense for this to be mid-function.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agodsdb/partition: Ensure metadata.tdb is opened early in partition_reload_if_required()
Andrew Bartlett [Thu, 16 May 2019 02:35:00 +0000 (14:35 +1200)]
dsdb/partition: Ensure metadata.tdb is opened early in partition_reload_if_required()

This allows metadata.tdb to be locked in the correct place in
in the lock order, as partition_reload_if_required() implicitly
calls partition_lock_read().

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agodsdb: Add random values to names in tests for large LDAP responses
Andrew Bartlett [Mon, 13 May 2019 03:32:23 +0000 (15:32 +1200)]
dsdb: Add random values to names in tests for large LDAP responses

This test is run agianst multiple DCs in the same domain, so there can
be a race with replication.  Therefore avoid using the same name twice
by adding a random suffix.

This is an improvement to a demonstrator for this bug in TDB:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13952

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agos3: torture: Fix return values
Rikard Falkeborn [Thu, 16 May 2019 19:43:46 +0000 (21:43 +0200)]
s3: torture: Fix return values

Torture tests should return true on success and false on failure.
Returning -1 is the same as returning true and returning 0 is the same
as returning false. Change the return values to true and false to fix
the return values.

Detected by the help of cppcheck.

Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun May 19 18:48:01 UTC 2019 on sn-devel-184

2 months agos3: libsmbclient: Fix return value if cli_open() fails
Rikard Falkeborn [Thu, 16 May 2019 19:03:42 +0000 (21:03 +0200)]
s3: libsmbclient: Fix return value if cli_open() fails

Returning -1 in a function with bool as return value type is the same
as returning true. Change to false to indicate the error.

Detected by the help of cppcheck.

Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agovfs_gpfs: Fix return value if getting data fails
Rikard Falkeborn [Thu, 16 May 2019 19:29:52 +0000 (21:29 +0200)]
vfs_gpfs: Fix return value if getting data fails

Returning -1 in a function with bool as return value type is the same
as returning true. Change to false to indicate the error.

Detected by the help of cppcheck.

Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agovfs_catia: Fix return value in lock functions
Rikard Falkeborn [Thu, 16 May 2019 19:21:11 +0000 (21:21 +0200)]
vfs_catia: Fix return value in lock functions

Returning -1 in a function with bool as return value type is the same
as returning true. Change to false to indicate the error.

Detected by the help of cppcheck.

Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agoFix uClibc build on 64bit platforms by including stdint.h
Fabrice Fontaine [Sat, 18 May 2019 10:42:17 +0000 (12:42 +0200)]
Fix uClibc build on 64bit platforms by including stdint.h

Fixes an error detected by buildroot autobuilders:
http://autobuild.buildroot.net/results/573/573e2268e205e10d1352fa81122d8f225fdb4575/build-end.log

/home/rclinux/rc-buildroot-test/scripts/instance-1/output/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/stdint.h:122:27:
error: conflicting types for 'uintptr_t'
 typedef unsigned long int uintptr_t;
                           ^
In file included from ../lib/ldb/tests/ldb_msg.c:17:0:
../third_party/cmocka/cmocka.h:126:28: note: previous declaration of 'uintptr_t' was here
       typedef unsigned int uintptr_t;

The define __WORDSIZE is missing when cmocka.h decides how to
define uintptr_t, this patch includes stdint.h when needed.

Patch sent upstream:
https://lists.samba.org/archive/samba-technical/2018-January/125306.html

[updated for samba-4.8.4, v2 sent upstream
 https://lists.samba.org/archive/samba-technical/2018-August/129732.html,
 updated for samba-4.9.1]

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Retrieved from:
https://git.buildroot.net/buildroot/tree/package/samba4/0003-Fix-uClibc-build-on-64bit-platforms-by-including-std.patch]
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agodocs: Fix typo
Juergen Hoetzel [Sun, 19 May 2019 09:24:28 +0000 (11:24 +0200)]
docs: Fix typo

Signed-off-by: Juergen Hoetzel <juergen@archlinux.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: Send "share_file_id" with the rename msg
Volker Lendecke [Fri, 17 May 2019 08:44:23 +0000 (10:44 +0200)]
smbd: Send "share_file_id" with the rename msg

file_id plus share_file_id remotely specify the fsp. This avoids the
explicit loop in the receiver.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 18 20:18:55 UTC 2019 on sn-devel-184

2 months agosmbd: Add file_rename_message in idl
Volker Lendecke [Fri, 17 May 2019 08:41:25 +0000 (10:41 +0200)]
smbd: Add file_rename_message in idl

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agolib:util: Add a test for byteorder.h
Andreas Schneider [Thu, 16 May 2019 06:31:40 +0000 (08:31 +0200)]
lib:util: Add a test for byteorder.h

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 17 20:44:36 UTC 2019 on sn-devel-184

2 months agolib:util: Move VWV macro to smb_constants.h
Andreas Schneider [Thu, 17 Jan 2019 10:03:14 +0000 (11:03 +0100)]
lib:util: Move VWV macro to smb_constants.h

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agolib:util: Remove PPC big endian asm optimized code in byteorder.h
Andreas Schneider [Fri, 21 Dec 2018 08:43:01 +0000 (09:43 +0100)]
lib:util: Remove PPC big endian asm optimized code in byteorder.h

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agolib:util: Remove unused ALIGN marcos from byteorder.h
Andreas Schneider [Thu, 20 Dec 2018 09:01:03 +0000 (10:01 +0100)]
lib:util: Remove unused ALIGN marcos from byteorder.h

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agotdb: Release tdb 1.4.1
Andrew Bartlett [Fri, 17 May 2019 02:16:43 +0000 (14:16 +1200)]
tdb: Release tdb 1.4.1

* Do not propogate any errors from tdb_repack() to to tdb_transaction_commit()

  The repack may fail due to lock ordering or memory limits, but the original data has
  been written so the call must succeed.  (bug 13952)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 17 08:21:52 UTC 2019 on sn-devel-184

2 months agodsdb: Add tests for large LDAP responses
Andrew Bartlett [Mon, 13 May 2019 03:32:23 +0000 (15:32 +1200)]
dsdb: Add tests for large LDAP responses

This behaviour is Samba-specific, we have not traditionally cut of responses at 1000
or so as Windows does, and we need to change that behaviour carefully.

This triggers this bug in TDB:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13952

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agotdb: Do not return errors from tdb_repack() in the tail of tdb_transaction_commit()
Andrew Bartlett [Thu, 16 May 2019 04:14:13 +0000 (16:14 +1200)]
tdb: Do not return errors from tdb_repack() in the tail of tdb_transaction_commit()

The call to tdb_repack() inside tdb_transaction_commit()
is an optimization, not part of the transaction itself,
so failing due to lock or other errors isn't a fatal error
that should cause the caller to think the transaction was
a failure by returning -1.

The tdb transaction itself has finished and been committed
onto stable storage via fsync and all locks released at the
point tdb_repack() is called.

tdb_repack() is only called here as it's a convenient point
to attempt to reduce tdb fragmentation without having to add
a timer call to repack in all users of tdb.

This causes lock ordering issues in Samba, showing up as:

ldb: ltdb: tdb(../private/sam.ldb.d/DC=SAMBA2008R2,DC=EXAMPLE,DC=COM.ldb): tdb_transaction_prepare_commit: failed to upgrade hash locks: Locking error

This is because Samba has multiple tdb databases open, and the lock order between them
is important.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13952

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: Do oplock break messages in ndr
Volker Lendecke [Thu, 16 May 2019 13:38:26 +0000 (15:38 +0200)]
smbd: Do oplock break messages in ndr

The previous scheme was overloaded, a idl definition is easier to
print, and it clarifies what data is actually needed

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 16 23:48:18 UTC 2019 on sn-devel-184

2 months agosmbd: Use send_break_message() in send_break_to_none()
Volker Lendecke [Thu, 16 May 2019 13:34:37 +0000 (15:34 +0200)]
smbd: Use send_break_message() in send_break_to_none()

Centralize the marshalling code

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: Remove a pointless "continue" statement
Volker Lendecke [Thu, 16 May 2019 10:53:13 +0000 (12:53 +0200)]
smbd: Remove a pointless "continue" statement

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agosmbd: Remove an obsolete comment from share_conflict()
Volker Lendecke [Thu, 16 May 2019 10:23:26 +0000 (12:23 +0200)]
smbd: Remove an obsolete comment from share_conflict()

delay_for_batch_oplocks() is no more. Also, open_mode_check (which
calls into this routine) is called before delay_for_oplock.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agos3: smbd: Don't log at WARNING level when exiting the server on error.
Richard Sharpe [Thu, 16 May 2019 20:51:06 +0000 (13:51 -0700)]
s3: smbd: Don't log at WARNING level when exiting the server on error.

Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agolib:util: Fix tfork return value if sigprocmask fails
Rikard Falkeborn [Thu, 9 May 2019 19:17:24 +0000 (21:17 +0200)]
lib:util: Fix tfork return value if sigprocmask fails

Returning a non-zero value from a function with bool as return value is
the same as returning true. Change the return value to false if
sigprocmask or pthread_sigmask fails to indicate failure.

Detected with the help of cppcheck.

Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu May 16 19:08:29 UTC 2019 on sn-devel-184

2 months agos3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary
Shyamsunder Rathi [Mon, 13 May 2019 06:06:17 +0000 (23:06 -0700)]
s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary

For FS_VOLUME_INFO/FS_INFO operation, a maximum of 32 characters are
sent back. However, since Samba chops off any share name with >32
bytes at 32, it is possible that a multi-byte share name can get chopped
off between a full character. This causes the string decoding for unicode
failure which sends back NT_STATUS_ILLEGAL_CHARACTER (EILSEQ) to the client
applications.

On Windows, Notepad doesn't like it, and refuses to open a file in this
case and fails with the following error:

  Invalid character. For multibyte character sets, only the leading byte is
  included without the trailing byte. For Unicode character sets, include
  the characters 0xFFFF and 0xFFFE.

Proposed fix:
- Find the last starting point of a multibyte codepoint if the character
  at 32nd byte is a subsequent byte of a MB codepoint.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13947

Signed-off-by: Shyamsunder Rathi <shyam.rathi@nutanix.com>
Reviewed-by: Hemanth Thummala <hemanth.thummala@nutanix.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agolib/crypto: squash 'cast between incompatible function types' warning
Noel Power [Thu, 2 May 2019 18:51:56 +0000 (19:51 +0100)]
lib/crypto: squash 'cast between incompatible function types' warning

To avoid warning above produced by using
-Wcast-function-type we;

      + ensure PyCFunctions of type METH_VARARGS do not declare
        unused and problematic kargs param.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agolib/ldb-samba: squash 'cast between incompatible function types' warning
Noel Power [Thu, 2 May 2019 18:51:34 +0000 (19:51 +0100)]
lib/ldb-samba: squash 'cast between incompatible function types' warning

To avoid warning above produced by using
-Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agolib/ldb: Fix incorrect return type for (setter) func type
Noel Power [Wed, 15 May 2019 09:30:29 +0000 (10:30 +0100)]
lib/ldb: Fix incorrect return type for (setter) func type

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13948

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agolib/ldb: squash 'cast between incompatible function types' warning
Noel Power [Thu, 2 May 2019 18:51:05 +0000 (19:51 +0100)]
lib/ldb: squash 'cast between incompatible function types' warning

To avoid warning above produced by using
-Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg
  + ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG
    macro

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agolib/talloc: squash 'cast between incompatible function types' warning
Noel Power [Thu, 2 May 2019 18:49:27 +0000 (19:49 +0100)]
lib/talloc: squash 'cast between incompatible function types' warning

To avoid warning above produced by using
-Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agolib/tevent: squash 'cast between incompatible function types' warning
Noel Power [Thu, 2 May 2019 18:49:09 +0000 (19:49 +0100)]
lib/tevent: squash 'cast between incompatible function types' warning

squash 'cast between incompatible function types' warning

To avoid warning above produced by using
-Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg
  + ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG
    macro

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agolib/tdb: squash 'cast between incompatible function types' warning
Noel Power [Thu, 2 May 2019 18:48:43 +0000 (19:48 +0100)]
lib/tdb: squash 'cast between incompatible function types' warning

squash 'cast between incompatible function types' warning

To avoid warning above produced by using
-Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg
  + ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG
    macro

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agosquash 'cast between incompatible function types' warning
Noel Power [Thu, 2 May 2019 18:47:29 +0000 (19:47 +0100)]
squash 'cast between incompatible function types' warning

To avoid warning above produced by using
-Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg
  + ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG
    macro

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agos4: squash 'cast between incompatible function types' warning
Noel Power [Thu, 2 May 2019 18:45:14 +0000 (19:45 +0100)]
s4: squash 'cast between incompatible function types' warning

To avoid warning above produced by using
 -Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg
  + ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG
    macro
  + ensure PyCFunctions of type METH_KEYWORDS really actually use the
    problematic kargs param, if not remove it

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agos3: squash 'cast between incompatible function types' warning
Noel Power [Thu, 2 May 2019 18:40:23 +0000 (19:40 +0100)]
s3: squash 'cast between incompatible function types' warning

Some functions (e.g. py_smb_savefile) have an extra unecessary
*kwargs param in their signatures, these definitions are
causing 'cast between incompatible function types' warnings when
compiled with -Wcast-function-type. Some other functions have
the *kwargs which causes "cast between incompatible function types'
warnings which need to be squashed with use of the
PY_DISCARD_FUNC_SIG macro.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agos4/librpc: squash 'cast between incompatible function types' warning
Noel Power [Thu, 2 May 2019 18:35:56 +0000 (19:35 +0100)]
s4/librpc: squash 'cast between incompatible function types' warning

Where possible make PyCFunction definition signature match. Sometimes
this is not possible (e.g. when the c-function is associated with a
python method definition with 'METH_VARARGS|METH_KEYWORDS' in this
case we use the PY_DISCARD_FUNC_SIG macro.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agos3/ntvfs: squash 'cast between incompatible function types' warning
Noel Power [Thu, 2 May 2019 18:34:06 +0000 (19:34 +0100)]
s3/ntvfs: squash 'cast between incompatible function types' warning

Fix various PyCFunction definitions to avoid
'cast between incompatible function types' warnings when compiled
with -Wcast-function-type

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agos3/smbd: squash 'cast between incompatible function types' warning
Noel Power [Thu, 2 May 2019 18:31:18 +0000 (19:31 +0100)]
s3/smbd: squash 'cast between incompatible function types' warning

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agopidl: Call PY_DISCARD_FUNC_SIG in generated code to avoid ugly warning
Noel Power [Thu, 2 May 2019 11:32:56 +0000 (12:32 +0100)]
pidl: Call PY_DISCARD_FUNC_SIG in generated code to avoid ugly warning

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agopython: Create macro to hide ugly function signature cast
Noel Power [Thu, 2 May 2019 11:32:36 +0000 (12:32 +0100)]
python: Create macro to hide ugly function signature cast

-Wcast-function-type triggers various warnings related to bad api
decisions in python source. To avoid these warnings we hide them
by casting to void first. Macro here is to hide the uglyness and
provide an easy place to either/or
  + fix better in a single place in the future
  + identify the places involved should python api change in a way
    this can be handled better

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agosmbd: Slightly simplify delay_for_oplock()
Volker Lendecke [Wed, 15 May 2019 16:23:27 +0000 (18:23 +0200)]
smbd: Slightly simplify delay_for_oplock()

We don't have to look at the leases.tdb record if it's our own lease.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu May 16 07:59:52 UTC 2019 on sn-devel-184

2 months agosmbd: Fix a typo
Volker Lendecke [Wed, 15 May 2019 16:11:55 +0000 (18:11 +0200)]
smbd: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agosmbd: Use a direct struct assignment in reply_setatr()
Volker Lendecke [Sun, 14 Apr 2019 08:50:10 +0000 (10:50 +0200)]
smbd: Use a direct struct assignment in reply_setatr()

Saves .text bytes with -O3

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agosamba_autoconf: fix undefined behaviour sanitizer compile flags
Gary Lockyer [Wed, 15 May 2019 23:29:34 +0000 (11:29 +1200)]
samba_autoconf: fix undefined behaviour sanitizer compile flags

Added the -g option, -fsaniize=null and -fsanitize=alignment, removed
the -fno-omit-frame-pointer option.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 months agos3: net: Test of fuzzer problems with net rpc registry import.
Jeremy Allison [Thu, 9 May 2019 21:34:37 +0000 (14:34 -0700)]
s3: net: Test of fuzzer problems with net rpc registry import.

Found by Michael Hanselmann using fuzzing tools

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13842

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 15 23:08:58 UTC 2019 on sn-devel-184

2 months agos3: net: Rewrite of reg_parse_fd() to harden against buffer overwrites.
Jeremy Allison [Tue, 7 May 2019 17:42:55 +0000 (10:42 -0700)]
s3: net: Rewrite of reg_parse_fd() to harden against buffer overwrites.

Remove unused handle_iconv_errno(). Fix leaks of iconv handles.

Found by Michael Hanselmann using fuzzing tools

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13842

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agos3: net: Harden srprs_str() against memcmp overread.
Jeremy Allison [Mon, 13 May 2019 20:45:10 +0000 (13:45 -0700)]
s3: net: Harden srprs_str() against memcmp overread.

Found by Michael Hanselmann using fuzzing tools

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13842

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agos3: net: Harden act_val_hex() act_val_sz() against errors.
Jeremy Allison [Mon, 25 Mar 2019 18:13:24 +0000 (11:13 -0700)]
s3: net: Harden act_val_hex() act_val_sz() against errors.

Found by Michael Hanselmann using fuzzing tools

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13842

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agos3: net: Harden guess_charset() against overflow errors.
Jeremy Allison [Mon, 25 Mar 2019 17:32:08 +0000 (10:32 -0700)]
s3: net: Harden guess_charset() against overflow errors.

Found by Michael Hanselmann using fuzzing tools

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13842

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agos4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value
Gary Lockyer [Tue, 14 May 2019 03:53:22 +0000 (15:53 +1200)]
s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value

Fix use after free detected by AddressSanitizer

AddressSanitizer: heap-use-after-free on address 0x61400026a4a0
                  at pc 0x7fd555c52f12 bp 0x7ffed7231180 sp 0x7ffed7231170
                  READ of size 1 at 0x61400026a4a0 thread T0
    #0 0x7fd555c52f11 in ldb_should_b64_encode
       ../../lib/ldb/common/ldb_ldif.c:197
    #1 0x7fd539dc9417 in dsdb_audit_add_ldb_value
       ../../source4/dsdb/samdb/ldb_modules/audit_util.c:491
    #2 0x7fd539dc9417 in dsdb_audit_attributes_json
       ../../source4/dsdb/samdb/ldb_modules/audit_util.c:651
    #3 0x7fd539dc6a7e in operation_json
       ../../source4/dsdb/samdb/ldb_modules/audit_log.c:305

The problem is that at the successful end of these functions
el->values is overwritten with new_values.  However get_parsed_dns()
points p->v at the supplied el and it effectively gets used
as a working area by replmd_build_la_val().  So we must duplicate it
because our caller only called ldb_msg_copy_shallow().

The reason this matters is that the audit_log module is
above repl_meta_data in the stack, and tries to log the
ldb_message it saw after the reply (to include the error code).
If that ldb_message is changed it is not only misleading,
it can point to memory that has since gone away.

In this case the memory for the full extended DN in the
member attribute ended up on 'ac', a context lost by
the time repl_meta_data has finished processing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13941

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 15 05:35:47 UTC 2019 on sn-devel-184

2 months agos4 dsdb/repl_meta_data: allocate new extended DNs during ADD on a better context
Andrew Bartlett [Wed, 15 May 2019 02:47:53 +0000 (14:47 +1200)]
s4 dsdb/repl_meta_data: allocate new extended DNs during ADD on a better context

Lower down in this function new_values is assigned over el->values and is
filled in with the values of all the parsed DNs.  Therefore it is the natural
talloc parent.

This will allow el->values to be allocated on tmp_ctx in the next commit for
a working area during the function call.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 months agoldap: Add a database open after fork to speed-up prefork binds
Garming Sam [Wed, 8 May 2019 00:40:48 +0000 (12:40 +1200)]
ldap: Add a database open after fork to speed-up prefork binds

Removing this (system) database open from the later auth stack results
in a 15-30% improvement in different types of binds and on different
hardware (presumably better with slower disk speeds).

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agoutil/charset/torture: ensure each cp850 high bytes is 3 utf8 bytes
Douglas Bagnall [Fri, 10 May 2019 11:04:02 +0000 (23:04 +1200)]
util/charset/torture: ensure each cp850 high bytes is 3 utf8 bytes

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agoutil/charset/convert: do not pretend to realloc
Douglas Bagnall [Fri, 10 May 2019 07:37:54 +0000 (19:37 +1200)]
util/charset/convert: do not pretend to realloc

It seems very likely that our clever attempts to dynamically realloc
the output buffer were never triggered. Two lines of reasoning lead to
this conclusion:

1. We allocate 3 * srclen to start with, but no conversion we use will
   more than that. To be precise, from 8-bit charsets we will only deal
   with codepoints in the Unicode basic multilingual plane (up to 0xFFFF).

   These can all be expressed as 3 or fewer utf-8 bytes. In UTF16 they
   are naturally 2 bytes, while in the DOS codes they are 1 byte.

   We have checked the code tables, and can not find a plausible
   (e.g. not EBCDIC) DOS code page or unix charset that is outside
   this range.  Clients cannot chose the code page, the only code
   pages we will use come from 'unix charset' and 'dos charset'
   smb.conf parameters.

   Therefore the worst that can possibly happen is we expand 1 byte into 3
   (specifically, when converting some e.g. CP850 codepoints to UTF-8).

2. If the reallocation was ever used, the results would have been
   catastrophically wrong, as the input pointer was not reset.

Therefore we skip the complication of the goto loop and let E2BIG be
just another impossible error to report.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agoutil/charset/convert: when retrying, retry from the start
Douglas Bagnall [Fri, 10 May 2019 07:32:39 +0000 (19:32 +1200)]
util/charset/convert: when retrying, retry from the start

iconv() advances the inbuf pointer; if we decide to realloc and re-iconv,
we need to reset inbuf to the source string

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agoutil/charset/convert: do not overflow dest len in corner case
Douglas Bagnall [Fri, 10 May 2019 05:10:28 +0000 (17:10 +1200)]
util/charset/convert: do not overflow dest len in corner case

Now, if destlen were SIZE_MAX - 1, destlen * 2 would wrap to SIZE_MAX - 3,
which makes (destlen * 2 + 2) == SIZE_MAX - 1, the same number again.
So we need the <= comparison in this case.

As things stand, it is not actually possible for destlen to be
SIZE_MAX (because it is always an even number after the first round,
and the first round is constrained to be < SIZE_MAX / 2, but *if*
destlen was SIZE_MAX, destlen * 2 + 2 would be 0, so that case is OK.
Similarly the SIZE_MAX - 2 and smaller cases were covered by the
original formula.

We add the comment for people who are wondering WTF is going on with
all this destlen manipulation.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agoutil/charset/convert: do not overflow dest len
Douglas Bagnall [Fri, 10 May 2019 05:07:43 +0000 (17:07 +1200)]
util/charset/convert: do not overflow dest len

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agoutil/charset/convert_string: always set length
Douglas Bagnall [Fri, 10 May 2019 03:35:32 +0000 (15:35 +1200)]
util/charset/convert_string: always set length

In failure cases the destination string pointer is set to NULL, but
the size is not changed. Some callers have not been checking the
return value and passing the destination pointer and uninitialised
length onto other functions. We can curse and blame those callers, but
let's also keep them safe.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agotest_regfio.c: include stdint.h before cmoka.h
Fabrice Fontaine [Fri, 10 May 2019 22:07:50 +0000 (00:07 +0200)]
test_regfio.c: include stdint.h before cmoka.h

This fix the following build failure on mips64el:
/usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/stdint.h:122:27: error: conflicting types for 'uintptr_t'
 typedef unsigned long int uintptr_t;
                           ^
In file included from ../source3/registry/tests/test_regfio.c:23:0:
../third_party/cmocka/cmocka.h:126:28: note: previous declaration of 'uintptr_t' was here
       typedef unsigned int uintptr_t;

Fixes:
 - http://autobuild.buildroot.org/results/bae0508e84c905dc23ad7cf1153cd1e9d8e4d734

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 months agoldb: Release ldb 2.0.1
Andrew Bartlett [Tue, 14 May 2019 01:14:50 +0000 (13:14 +1200)]
ldb: Release ldb 2.0.1

* Rework pack routines to remove unused features:
  - ldb_unpack_data_only_attr_list_flags() is removed
  - LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC is now always implied

  This improves the unpack performace significantly.

* Improve search performance via new internal flag
  LDB_UNPACK_DATA_FLAG_READ_LOCKED which removes a memdup

* Improve search performance during full scan by ignoring
  index records early.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agoldb: remove unpack only attr list functionality
Aaron Haslett [Wed, 1 May 2019 22:46:29 +0000 (10:46 +1200)]
ldb: remove unpack only attr list functionality

Unpack functions currently take an attribute list to restrict the set of
attributes to be returned in the constructed message. This
functionality is never used and complicates implementation of
forthcoming new pack format. This patch removes that functionality.
Using the unpack function then filtering the result turns
out not to be any slower.

NOTE: Configure with --abi-check-disable to build this commit. This
patch is part of a set of LDB ABI changes, and the version update is
done on the last commit.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agoldb: move ldb_kv's filter into pack code
Andrew Bartlett [Tue, 14 May 2019 23:04:42 +0000 (11:04 +1200)]
ldb: move ldb_kv's filter into pack code

This patch moves ldb_kv's filter code into the pack code to replace
'only attr list' functionality which will be removed in forthcoming
commit. Unpacking data then filtering the result is not any slower
than the removed 'only attr list' approach.
'only attr list' test repurposed to test unpack -> filter flow.

NOTE: Configure with --abi-check-disable to build this commit. This
patch is part of a set of LDB ABI changes, and the version update is
done on the last commit.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agoldb: removing msg and dn copying from filter attrs
Aaron Haslett [Tue, 14 May 2019 04:59:13 +0000 (16:59 +1200)]
ldb: removing msg and dn copying from filter attrs

Optimising filter_attrs by removing msg and dn allocation/copying. The
caller can construct the msg and possibly steal the dn.
Also giving the function an ldb for future use.

NOTE: Configure with --abi-check-disable to build this commit. This
patch is part of a set of LDB ABI changes, and the version update is
done on the last commit.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agoldb: perf test for pack format
Aaron Haslett [Tue, 30 Apr 2019 04:10:26 +0000 (16:10 +1200)]
ldb: perf test for pack format

Performance test for pack function and unpack function run with flag
LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC. Run this test before and after
forthcoming pack format changes to test throughput improvement. On my
machine, the unpack improvement is around 50%.
The test doesn't really belong in LDB torture but it's the only place
where all the required functions are available.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agoldb: removing alloc from unpack_data
Aaron Haslett [Thu, 9 May 2019 00:12:14 +0000 (12:12 +1200)]
ldb: removing alloc from unpack_data

Making unpack flag LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC required
behaviour, since allocating data during unpack is slow and unnecessary
in all current usages. In any future unpack usage, if editing of
returned memory is required, some function that duplicates the message
should be used, such as one of the filter_attrs functions, or msg_copy.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agoldb_kv: Use ldb_msg_add_steal_value() in msg_add_distinguished_name()
Andrew Bartlett [Fri, 5 Apr 2019 01:42:09 +0000 (14:42 +1300)]
ldb_kv: Use ldb_msg_add_steal_value() in msg_add_distinguished_name()

This more modern routine allocates a nice talloc tree.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agoldb_kv: Remove incorrect reference to LDB_UNPACK_DATA_FLAG_NO_DN
Andrew Bartlett [Thu, 4 Apr 2019 22:12:13 +0000 (11:12 +1300)]
ldb_kv: Remove incorrect reference to LDB_UNPACK_DATA_FLAG_NO_DN

The DN is now exploded so as to improve other aspects of the search handling.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 months agos3:libsmb: Add missing OOM check in fill_quota_buffer()
Andreas Schneider [Tue, 14 May 2019 10:48:14 +0000 (12:48 +0200)]
s3:libsmb: Add missing OOM check in fill_quota_buffer()

Found by covscan (csbuild).

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <nopower@suse.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 15 00:45:58 UTC 2019 on sn-devel-184

2 months agodocs: add vfs_ceph_snapshots manpage
David Disseldorp [Wed, 27 Mar 2019 14:57:45 +0000 (15:57 +0100)]
docs: add vfs_ceph_snapshots manpage

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue May 14 23:31:27 UTC 2019 on sn-devel-184

2 months agovfs: add ceph_snapshots module
David Disseldorp [Tue, 26 Mar 2019 15:35:18 +0000 (16:35 +0100)]
vfs: add ceph_snapshots module

vfs_ceph_snapshots is a module for accessing CephFS snapshots as
Previous Versions. The module is separate from vfs_ceph, so that it can
also be used atop a CephFS kernel backed share with vfs_default.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agovfs_ceph: drop fdopendir handler
David Disseldorp [Wed, 27 Mar 2019 12:10:04 +0000 (13:10 +0100)]
vfs_ceph: drop fdopendir handler

libcephfs doesn't currently offer an fdopendir equivalent, so the
existing implementation peeks at fsp->fsp_name->base_name, which can
break if vfs_ceph is used under a separate path-munging VFS module.

Return ENOSYS instead and rely on existing OpenDir_fsp() fallback.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 months agoCVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum
Isaac Boukris [Wed, 30 Jan 2019 21:49:07 +0000 (23:49 +0200)]
CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue May 14 11:45:13 UTC 2019 on sn-devel-184

2 months agoCVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum
Isaac Boukris [Thu, 25 Apr 2019 10:12:10 +0000 (22:12 +1200)]
CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2 months agoctdb-common: Fix memory leak in run_proc
Amitay Isaacs [Mon, 13 May 2019 07:07:59 +0000 (17:07 +1000)]
ctdb-common: Fix memory leak in run_proc

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13943

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue May 14 08:59:03 UTC 2019 on sn-devel-184

2 months agoctdb-common: Fix memory leak
Martin Schwenke [Sat, 11 May 2019 07:33:57 +0000 (17:33 +1000)]
ctdb-common: Fix memory leak

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13943

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 months agoctdb-recoverd: Fix memory leak
Martin Schwenke [Sat, 11 May 2019 04:24:24 +0000 (14:24 +1000)]
ctdb-recoverd: Fix memory leak

state is always freed before exiting this function, so allocate fde
off it instead of long-lived ctdb context.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13943

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 months agoctdb-tests: Fix logic error in simple ctdb reloadips test
Martin Schwenke [Tue, 7 May 2019 05:42:49 +0000 (15:42 +1000)]
ctdb-tests: Fix logic error in simple ctdb reloadips test

There is a chance that restoring IP addresses to the test node will
result in different IP addresses being assigned to that node.
Removing a single IP address may then fail (or be a no-op) if it is
done after the restore.

So, swap the single IP address removal to happen first, then restore,
then remove all IP addresses.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 months agoctdb-tests: Make ctdb reloadips tests more reliable
Martin Schwenke [Tue, 7 May 2019 05:29:19 +0000 (15:29 +1000)]
ctdb-tests: Make ctdb reloadips tests more reliable

ctdb reloadips will fail if it can't disable takover runs.  The most
likely reason for this is that there is already a takeover run in
progress.  We can't predict when this will happen, so retry if this
occurs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 months agoctdb-tests: Capture output in $out on failure as well
Martin Schwenke [Mon, 13 May 2019 07:40:15 +0000 (17:40 +1000)]
ctdb-tests: Capture output in $out on failure as well

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 months agoselftest: enable undefined behaviour sanitizer
Gary Lockyer [Mon, 13 May 2019 23:25:07 +0000 (11:25 +1200)]
selftest: enable undefined behaviour sanitizer

Add a --undefined-sanitizer option to configure, this causes the tests
to be run with the undefined behaviout sanitizer enabled.

Errors can be suppressed by adding entries to selftest/ubsan.supp

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 14 07:20:28 UTC 2019 on sn-devel-184

2 months agos4 dsdb: fix use after free in samldb_rename_search_base_callback
Gary Lockyer [Tue, 14 May 2019 01:10:22 +0000 (13:10 +1200)]
s4 dsdb: fix use after free in samldb_rename_search_base_callback

Fix use after free detected by AddressSanitizer

AddressSanitizer: heap-use-after-free on address 0x60f0002b2738
                  at pc 0x7f89b1a213b5 bp 0x7ffce9528810 sp 0x7ffce9528800
                  READ of size 8 at 0x60f0002b2738 thread T0
    #0 0x7f89b1a213b4 in samldb_rename_search_base_callback
        ../../source4/dsdb/samdb/ldb_modules/samldb.c:4203
    #1 0x7f89d3a0db4a in ldb_module_send_entry
        ../../lib/ldb/common/ldb_modules.c:793
    #2 0x7f89b6f27356 in es_callback
        ../../source4/dsdb/samdb/ldb_modules/encrypted_secrets.c:1418

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13942

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>