Andrew Bartlett [Mon, 9 Apr 2018 02:52:47 +0000 (14:52 +1200)]
dsdb: Ensure to cancel the transaction if we fail to save the prefixMap
This rare error case forgot to call ldb_transaction_cancel()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 15 Mar 2018 00:42:17 +0000 (13:42 +1300)]
ldb_wrap: Remove ldb_transaction_cancel_noerr from ldb_wrap_fork_hook()
Writing to a TDB, without locks (these are per-process) in a forked child is never going to
end well, if a transaction is open at this point we have bigger problems.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Wed, 11 Apr 2018 10:47:03 +0000 (22:47 +1200)]
dsdb: check for dSHeuristics more carefully
This check would pass if the dSHeuristics was treated as always being
000000000 for searches which is not enough, we must check for a value
of
000000001 (userPassword enabled).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13378
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Wed, 11 Apr 2018 10:49:31 +0000 (22:49 +1200)]
dsdb: Check for userPassword support after loading the databases
The net result of this is only that userPassword values (which were
world readable when set) would still be visible after userPassword
started setting the main DB password.
In AD, those values become hidden once the dSHeuristics bit is set,
but Samba lost that when fixing a performance issue with
f26a2845bd42e580ddeaf0eecc9b46b823a0c6bc
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13378
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Jeremy Allison [Wed, 11 Apr 2018 17:33:22 +0000 (10:33 -0700)]
s3: tests: Regression test to ensure we can never return a DIRECTORY attribute on a stream.
Tests streams_xattr and also streams_depot.
Inspired from a real-world test case by Andrew Walker <awalker@ixsystems.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 12 02:04:28 CEST 2018 on sn-devel-144
Jeremy Allison [Wed, 11 Apr 2018 18:05:14 +0000 (11:05 -0700)]
s3: smbd. Generic fix for incorrect reporting of stream dos attributes on a directory
According to MS-FSA a stream name does not have
separate DOS attribute metadata, so we must return
the DOS attribute from the base filename. With one caveat,
a non-default stream name can never be a directory.
As this is common to all streams data stores, we handle
it here instead of inside all stream VFS modules.
Otherwise identical logic would have to be added to
all streams modules in their [f]get_dos_attribute_fn()
VFS calls.
Found in real-world use case by Andrew Walker <awalker@ixsystems.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Jeremy Allison [Wed, 11 Apr 2018 15:41:00 +0000 (08:41 -0700)]
s3: vfs: vfs_streams_xattr: Don't blindly re-use the base file mode bits.
When returning the stat struct for an xattr stream,
we originally base the st_ex_mode field on the value
from the base file containing the xattr. If the base
file is a directory, it will have S_IFDIR set in st_ex_mode,
but streams can never be directories, they must be reported
as regular files.
The original code OR'ed in S_IFREG, but neglected to
AND out S_IFDIR.
Note this is not a complete to fix bug 13380 as
it doesn't fix the generic case with all streams
modules. See later fix and regression test.
Found in real-world use case by Andrew Walker <awalker@ixsystems.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Volker Lendecke [Wed, 11 Apr 2018 06:27:41 +0000 (08:27 +0200)]
credentials: Fix CID
1414796 Explicit null dereferenced
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 11 21:58:00 CEST 2018 on sn-devel-144
Volker Lendecke [Wed, 11 Apr 2018 06:26:33 +0000 (08:26 +0200)]
credentials: Fix line length
... just because I'll modify that line in the next commit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 11 Apr 2018 06:21:23 +0000 (08:21 +0200)]
credentials: Revert "credentials: Fix CID
1414796 Explicit null dereferenced"
This reverts commit
90c02ec64d0e3c860f8d6906cf849bdd2c7bcc54.
We have code to take care of password==NULL, this CID must be fixed in a
different way
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Apr 2018 19:27:47 +0000 (21:27 +0200)]
smbd: Fix CID
1414783 Double unlock
The loop is unnecessary, both susv4 as well as the Linux manpage
explicitly say:
> These functions shall not return an error code of [EINTR].
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Apr 2018 19:18:15 +0000 (21:18 +0200)]
dnsrpc: Use TALLOC_FREE instead of an explicit if-statement
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Apr 2018 19:13:37 +0000 (21:13 +0200)]
winbind: Fix CID
1427625 Calling risky function
Probably not really a problem, but we have generate_random(), so why not
use it?
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Apr 2018 19:05:09 +0000 (21:05 +0200)]
vfs_fruit: Fix CID
1416474 Dereference null return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Apr 2018 18:58:11 +0000 (20:58 +0200)]
tevent: Fix CID
1414792 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 11 Apr 2018 08:42:21 +0000 (10:42 +0200)]
rpc_server: Init local_server_* in make_internal_rpc_pipe_socketpair
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13370
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Apr 11 15:19:19 CEST 2018 on sn-devel-144
Andrew Bartlett [Tue, 10 Apr 2018 04:37:45 +0000 (16:37 +1200)]
lib/util: Call log_stack_trace() in smb_panic_default()
This matches the AD DC with the behaviour in smbd.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 11 04:03:07 CEST 2018 on sn-devel-144
Andrew Bartlett [Tue, 10 Apr 2018 04:35:07 +0000 (16:35 +1200)]
lib/util: Move log_stack_trace() to common code
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Tue, 10 Apr 2018 04:06:12 +0000 (16:06 +1200)]
lib/util: Log PANIC before calling pacic action just like s3
This is like the changes made in s3 by
4fa555980070d78b39711ef21d77628d26055bc2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Tue, 10 Apr 2018 03:54:10 +0000 (15:54 +1200)]
s3-lib: Remove support for libexc for IRIX backtraces
IRIX is long dead, and this code needs become_root() which is not in
the top level code.
Additionally, the check for libexc never made it into waf, so this
has been dead code since Samba 4.1.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 10 Mar 2018 17:06:03 +0000 (18:06 +0100)]
libsmb: Pass "account_name/flags" through nb_getdc
Don't hardcode values that we might want to change later
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 10 Mar 2018 17:06:03 +0000 (18:06 +0100)]
libsmb: Pass "account_name/flags" through prep_getdc_request
Don't hardcode values that we might want to change later
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 10 Mar 2018 17:01:08 +0000 (18:01 +0100)]
libsmb: Introduce a helper variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 5 Jan 2018 13:21:05 +0000 (14:21 +0100)]
libsmb: Give dsgetdcname.c its own header
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 10 Mar 2018 14:31:11 +0000 (15:31 +0100)]
libsmb: Give namequery.c its own header
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 10 Mar 2018 14:35:43 +0000 (15:35 +0100)]
libsmb: Remove unused trustdom_cache.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 25 Jan 2018 13:21:22 +0000 (14:21 +0100)]
nmbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 25 Jan 2018 13:07:53 +0000 (14:07 +0100)]
nmbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Apr 2018 14:58:46 +0000 (16:58 +0200)]
tdbtool: Use tdb_wipe_all in "erase" command
This is a lot quicker on large, fragmented databases. tdb_delete can
leave the freelist in a fragmented mess.
Also, it's a lot more robust: I've got a 4GB tdb file that was affected
by the problem fixed with
c7211882a79. These databases have large space
at the end that is not part of any record or freelist
entry. tdb_wipe_all converts this space into a freelist entry. One
downside is that with those broken databases (which should not happen
after
c7211882a79) have unallocated blocks in their file range after
this operation.
I think the speed advantage outweighs this disadvantage.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
William Brown [Tue, 10 Apr 2018 04:51:06 +0000 (14:51 +1000)]
s4:ldb/password_hash.c: improve krb5 context error message
When heimdal encounters a MIT krb5.conf that it does not understand,
it would emit an "ldb operations error". Sadly this does not help
or communicate to the administrator the root cause of the issue.
Improve the error message for when krb init fails during password_hash.c
Signed-off-by: William Brown <william@blackhats.net.au>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Mon, 9 Apr 2018 16:32:23 +0000 (09:32 -0700)]
s3: smbd: Unix extensions attempts to change wrong field in fchown call.
Cut and paste error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13375
Reported-by: Rungta, Vandana <vrungta@amazon.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Apr 10 00:45:56 CEST 2018 on sn-devel-144
Jeremy Allison [Fri, 6 Apr 2018 20:52:52 +0000 (13:52 -0700)]
s3: smbd: Fix memory leak in vfswrap_getwd()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13372
Signed-off-by: Andrew Walker <awalker@ixsystems.com>.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Apr 9 21:48:12 CEST 2018 on sn-devel-144
Ralph Wuerthner [Thu, 29 Mar 2018 08:00:41 +0000 (10:00 +0200)]
s3:smb2_tcon: Add check to prevent non-DFS clients from connecting to an msdfs proxy.
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 7 05:05:22 CEST 2018 on sn-devel-144
Volker Lendecke [Fri, 6 Apr 2018 13:57:36 +0000 (15:57 +0200)]
pdb_nds: Fix CID
1273401 Unused value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Apr 2018 09:04:24 +0000 (11:04 +0200)]
idmap: Fix CID
1363261 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Apr 2018 09:02:48 +0000 (11:02 +0200)]
idmap: Use TALLOC_FREE instead of explicit code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 12 Jan 2018 11:29:17 +0000 (12:29 +0100)]
s4/torture: spelling fix in vfs_fruit test
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 12 Jan 2018 11:28:18 +0000 (12:28 +0100)]
s4/torture: spelling fix in vfs_fruit test
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 11 Jan 2018 11:25:49 +0000 (12:25 +0100)]
s4/test: fix AAPL size check
A recent commit changed the ModelString from "Samba" to "MacSamba".
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Wed, 28 Feb 2018 19:05:34 +0000 (12:05 -0700)]
winbindd: Do not ignore domain in the LOOKUPNAME request
A LOOKUPNAME request with a domain and a name containing a winbind
separator character would return the result for the joined domain,
instead of the specified domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 6 21:03:31 CEST 2018 on sn-devel-144
Christof Schmitt [Wed, 28 Feb 2018 20:10:43 +0000 (13:10 -0700)]
Add test for wbinfo name lookup
This demonstrates that wbinfo -n / --name-to-sid returns information
instead of failing the request. More specifically the query for
INVALIDDOMAIN//user returns the user SID for the joined domain, instead
of failing the request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Christof Schmitt [Fri, 30 Mar 2018 21:35:03 +0000 (14:35 -0700)]
nsswitch: Fix wbcListGroups test
With an AD DC, wbcListGroups returns the users in the DOMAIN SEPARATOR
GROUPNAME format. The test then calls wbcLookupName with the domain
name and the previous string (including domain and separator) as
username. Fix this by passing the correct username and adding some
additional checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Christof Schmitt [Fri, 30 Mar 2018 21:28:46 +0000 (14:28 -0700)]
nsswitch: Fix wbcListUsers test
With an AD DC, wbcListUsers returns the users in the DOMAIN SEPARATOR
USERNAME format. The test then calls wbcLookupName with the domain name
and the previous string (including domain and separator) as username.
Fix this by passing the correct username and adding some additional
checks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Christof Schmitt [Fri, 16 Mar 2018 20:52:14 +0000 (13:52 -0700)]
test_smbclient_s3.sh: Use correct separator in "list with backup privilege" test
Samba selftest uses the forward slash as winbind separator and in the
USERNAME passed to the test. "net sam rights" expect the backslash. Map
the separator used in selftest to a backslash to avoid creating an
incorrect username DOMAIN\DOMAIN/USERNAME.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 6 Apr 2018 11:42:35 +0000 (13:42 +0200)]
ldb: Fix trailing whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Apr 6 17:57:04 CEST 2018 on sn-devel-144
Ralph Boehme [Fri, 6 Apr 2018 09:27:52 +0000 (11:27 +0200)]
ldb/tests: remove lmdb.h include from test
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Apr 6 14:58:48 CEST 2018 on sn-devel-144
Andrew Bartlett [Fri, 6 Apr 2018 04:21:15 +0000 (16:21 +1200)]
samba-tool: Use same method for removing trailing $ as elsewhere in the tool
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr 6 09:30:14 CEST 2018 on sn-devel-144
Andrew Bartlett [Fri, 6 Apr 2018 04:20:22 +0000 (16:20 +1200)]
samba-tool: Escape username and computername in ldb search filter
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Thu, 5 Apr 2018 15:14:32 +0000 (17:14 +0200)]
s3-mdssvc: allow build with --enable-spotlight and libtracker-sparql-2.0
adds libtracker-sparql version 2.0 to configure check with pkg-config.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Fri, 16 Mar 2018 03:39:08 +0000 (16:39 +1300)]
docs-xml:samba-tool.8: improve doc for computer management commands
Add docs for new options:
1. --ip-address
2. --service-prinicipal-name
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Wed, 7 Mar 2018 09:15:06 +0000 (10:15 +0100)]
docs-xml:samba-tool.8: document computer management commands
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Tue, 13 Mar 2018 03:47:58 +0000 (16:47 +1300)]
samba-tool: improve computer management commands
This pathch is based on Björn Baumbach's work:
1. Add `--ip-address` option for create subcommand, to allow user set DNS
A or AAAA records while creating the computer.
2. Delete above DNS records while deleting the computer.
3. Add `--service-principal-name` option for create command, to allow user
set `servicePrincipalName` while creating the computer.
4. Tests.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Tue, 6 Feb 2018 21:11:12 +0000 (22:11 +0100)]
tests/samba-tool: add tests for new computer management commands
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Björn Baumbach [Thu, 7 Dec 2017 20:38:28 +0000 (21:38 +0100)]
samba-tool: implement computer management commands
Usage: samba-tool computer <subcommand>
Computer management.
Available subcommands:
create - Create a new computer.
delete - Delete a computer.
list - List all computers.
move - Move a computer to an organizational unit/container.
show - Display a computer AD object
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Gary Lockyer [Wed, 21 Mar 2018 23:50:45 +0000 (12:50 +1300)]
upgradeprovision: detect and handle lmdb databases
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr 6 05:12:11 CEST 2018 on sn-devel-144
Gary Lockyer [Thu, 22 Mar 2018 22:23:39 +0000 (11:23 +1300)]
ldb: Unwind transaction counter if start_transaction fails
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Tue, 20 Mar 2018 00:14:38 +0000 (13:14 +1300)]
source3: initilize_password_db after a fork.
This is required because we need a new pointer for LDB after the fork,
and with LMDB we can not longer rely on tdb_reopen_all() to do that
for us.
This can not be done in reinit_after_fork() due to the dependency loop
this would create.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 6 Feb 2018 22:10:34 +0000 (11:10 +1300)]
dsdb: add lmdbLevelOne as a required feature.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 22 Mar 2018 21:58:11 +0000 (10:58 +1300)]
provision: Set @INDEXLIST first when building dummy sam.ldb
The new LMDB backed will not allow normal records to be added before the @INDEXLIST
as this is what forces the GUID index mode.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Tue, 20 Mar 2018 01:38:19 +0000 (14:38 +1300)]
provision: allow provisioning of a different database backend
This sets the backendStore field in @PARTITION, depending on which
argument you set in the provision.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 4 Apr 2018 04:17:51 +0000 (16:17 +1200)]
python: Add wrapper of mdb_copy that we can call from python
This is like the use of tdbbackup for tdb files.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 19 Mar 2018 23:15:12 +0000 (12:15 +1300)]
ldb tests: add cmocka tests of kv operations
Add tests for the behaviour the ldb layer expects the key value layer to
provide. This should make it easier to add another KV store
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 14 Mar 2018 22:37:06 +0000 (11:37 +1300)]
ldb_tdb: ltdb_tdb_delete require active transaction
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 14 Mar 2018 22:36:33 +0000 (11:36 +1300)]
ldb_tdb: ltdb_tdb_store require active transaction
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 14 Mar 2018 22:33:32 +0000 (11:33 +1300)]
ldb_tdb: ltdb_tdb_parse_record map tdb error codes
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 19 Mar 2018 22:20:35 +0000 (11:20 +1300)]
ldb tests: ldb_mod_op_test use correct ldb to create dn
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 12 Mar 2018 23:43:25 +0000 (12:43 +1300)]
ldb test: close pipes to stop forked tests failing on failure
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 12 Mar 2018 19:45:28 +0000 (08:45 +1300)]
ldb index: Add tests for truncated base 64 index keys
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 4 Apr 2018 02:00:57 +0000 (14:00 +1200)]
ldb_tdb: A more robust check for if we can fit the index string in
This avoids magic numbers and also is careful against overflow
from a long attr_for_dn.
This is done as a distinct commit to make the previous behaviour
change more clear, and to show that this does not change the
calculations, only improves the overflow check.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Mon, 12 Mar 2018 19:10:54 +0000 (08:10 +1300)]
ldb index: Fix truncation key length calculation
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 22 Mar 2018 22:10:25 +0000 (11:10 +1300)]
ldb: Allow GUID index mode to be tested on TDB
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Tue, 6 Mar 2018 04:00:07 +0000 (17:00 +1300)]
ldb: Ignore these tests in mdb test mode
These are tests are specifically for when the GUID index is not in use
which is always in with ldb_mdb.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Wed, 17 Jan 2018 01:02:09 +0000 (14:02 +1300)]
upgradeprovision: Do not copy backup lmdb -lock files
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Sun, 18 Feb 2018 23:37:20 +0000 (12:37 +1300)]
ldb: Change remaining fetch prototypes to remove TDB_DATA
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Garming Sam [Fri, 16 Feb 2018 04:13:26 +0000 (17:13 +1300)]
ldb: Change some prototypes to using ldb_val instead of TDB_DATA
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Fri, 23 Mar 2018 00:05:55 +0000 (13:05 +1300)]
samba-tool domain classicupgrade: Do not mix python-samdb transactions and passdb modifications
This worked previously because we knew the same tdb was in use under the hood,
but now that nested TDB transactions are banned this breaks, and it breaks for
LMDB.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Thu, 8 Mar 2018 01:01:50 +0000 (14:01 +1300)]
ldb: Fix missing NULL terminator in ldb_mod_op_test testsuite
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andreas Schneider [Thu, 5 Apr 2018 20:33:56 +0000 (13:33 -0700)]
wafsamba: Add '-Werror=strict-overflow -Wstrict-overflow=2' to the developer build
We could move it to 3, but shouldn't go higher. If you set it to 4 and 5
you will probably also get a lot of false positives.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 6 02:07:16 CEST 2018 on sn-devel-144
Stefan Metzmacher [Thu, 5 Apr 2018 20:28:12 +0000 (13:28 -0700)]
s3: nmbd: Fix strict overflow checking compiler warning.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 5 Apr 2018 08:12:41 +0000 (10:12 +0200)]
eventlog: Fix CID
1363194 Resource leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Apr 5 19:11:57 CEST 2018 on sn-devel-144
Volker Lendecke [Thu, 5 Apr 2018 08:11:16 +0000 (10:11 +0200)]
eventlog: Fix CID 242105 Unchecked return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 3 Apr 2018 11:46:20 +0000 (13:46 +0200)]
talloc: version 2.1.13
* Use atexit() again instead of a library destructor
(bug #13366)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 5 15:53:16 CEST 2018 on sn-devel-144
Stefan Metzmacher [Tue, 3 Apr 2018 11:13:01 +0000 (13:13 +0200)]
talloc: use atexit() again instead of a library destructor
The change for https://bugzilla.samba.org/show_bug.cgi?id=7587
("talloc_autofree_context() in shared libraries and plugins is a bad idea on FreeBSD")
(ommit
41b6810ba01f44537f470c806adb8686e1a39c48)
causes the following for sssd on Linux:
Stack trace of thread 19667:
#0 0x00007f2cab91ff6b __GI_raise (libc.so.6)
#1 0x00007f2cab90a5c1 __GI_abort (libc.so.6)
#2 0x00007f2cab90a491 __assert_fail_base (libc.so.6)
#3 0x00007f2cab9186e2 __GI___assert_fail (libc.so.6)
#4 0x00007f2cb10aaca5 k5_mutex_lock (libkrb5.so.3)
#5 0x00007f2cb10ab790 k5_mutex_lock (libkrb5.so.3)
#6 0x00007f2cb10ab8f5 profile_free_file (libkrb5.so.3)
#7 0x00007f2cb10ab983 profile_close_file (libkrb5.so.3)
#8 0x00007f2cb10af249 profile_release (libkrb5.so.3)
#9 0x00007f2cb10a06c7 k5_os_free_context (libkrb5.so.3)
#10 0x00007f2cb1075a9a krb5_free_context (libkrb5.so.3)
#11 0x000055cea7cb2dd1 kcm_data_destructor (sssd_kcm)
#12 0x00007f2cac153e96 _tc_free_internal (libtalloc.so.2)
#13 0x00007f2cac1537b0 _tc_free_internal (libtalloc.so.2)
#14 0x00007f2cac1537b0 _tc_free_internal (libtalloc.so.2)
#15 0x00007f2cac1537b0 _tc_free_internal (libtalloc.so.2)
#16 0x00007f2cac1537b0 _tc_free_internal (libtalloc.so.2)
#17 0x00007f2cac14e648 _talloc_free (libtalloc.so.2)
#18 0x00007f2cac14c480 talloc_lib_fini (libtalloc.so.2)
#19 0x00007f2cb151da96 _dl_fini (ld-linux-x86-64.so.2)
#20 0x00007f2cab9226bc __run_exit_handlers (libc.so.6)
#21 0x00007f2cab9227ec __GI_exit (libc.so.6)
#22 0x00007f2cb030dc61 orderly_shutdown (libsss_util.so)
#23 0x00007f2cac365a46 tevent_common_check_signal (libtevent.so.0)
#24 0x00007f2cac367975 epoll_event_loop_once (libtevent.so.0)
#25 0x00007f2cac365dab std_event_loop_once (libtevent.so.0)
#26 0x00007f2cac362098 _tevent_loop_once (libtevent.so.0)
#27 0x00007f2cac3622eb tevent_common_loop_wait (libtevent.so.0)
#28 0x00007f2cac365d3b std_event_loop_wait (libtevent.so.0)
#29 0x00007f2cb030eb37 server_loop (libsss_util.so)
#30 0x000055cea7cb29f4 main (sssd_kcm)
#31 0x00007f2cab90c1eb __libc_start_main (libc.so.6)
#32 0x000055cea7cb2c7a _start (sssd_kcm)
We still only register one atexit handler instead of multiple ones
like in talloc 2.1.11, but avoids using a library destructor.
Bug #7587 seems to be fixed by not using talloc_autofree_context()
within samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13366
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joe Guo [Thu, 5 Apr 2018 03:03:18 +0000 (15:03 +1200)]
selftest: enable py3 for samba.tests.blackbox.ndrdump
No change needed.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr 5 12:16:41 CEST 2018 on sn-devel-144
Joe Guo [Wed, 4 Apr 2018 22:47:16 +0000 (10:47 +1200)]
selftest: enable py3 for samba.tests.samdb_api
Fix bytes and string.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Wed, 4 Apr 2018 01:07:38 +0000 (13:07 +1200)]
selftest: enable py3 for samba.tests.kcc.graph_utils
zip will not return a list in Python 3.
Convert to list.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Tue, 3 Apr 2018 23:29:41 +0000 (11:29 +1200)]
selftest: enable py3 for samba.tests.kcc.graph
In Python 3, range() will not return a list any more.
So `range(7) * 4` will not work.
Convert range to list to fix.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Tue, 3 Apr 2018 23:19:48 +0000 (11:19 +1200)]
selftest: enable py3 for samba.tests.upgradeprovision
1. `has_key` was removed from dict in Python 3, use `in` instead.
2. `cmp` was removed in Python 3, define it ourselves.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Tue, 3 Apr 2018 03:24:28 +0000 (15:24 +1200)]
selftest: enable py3 for samba.tests.hostconfig
Fix relative import.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Mon, 26 Mar 2018 04:07:33 +0000 (17:07 +1300)]
selftest: enable py3 for samba.tests.common
fix dsdb_Dn comparison for Python 3
In Python 3, the builtin `cmp` funtion was dropped. And the `__cmp__` magic
method in object is no longer honored, which is replaced by 6 new methods:
__eq__, __ne__, __lt__, __le__, __gt__, __ge__.
This caused `tests.CommonTests` failed with `py3_compatiable=True`.
Fixed by adding the above methods.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Tue, 3 Apr 2018 03:15:12 +0000 (15:15 +1200)]
selftest: enable py3 for samba.tests.dcerpc.string
No change needed.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Tue, 3 Apr 2018 03:13:09 +0000 (15:13 +1200)]
selftest: enable py3 for samba.tests.dcerpc.array
No change needed.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Tue, 3 Apr 2018 03:11:48 +0000 (15:11 +1200)]
selftest: enable py3 for samba.tests.dcerpc.rpc_talloc
No changes needed.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Tue, 3 Apr 2018 02:47:41 +0000 (14:47 +1200)]
selftest: enable py3 for samba.tests.password_quality
No change needed.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Tue, 3 Apr 2018 02:29:26 +0000 (14:29 +1200)]
selftest: enable py3 for samba.tests.upgrade
`os.tempname` is removed in Python 3.
Use `tempfile` instead.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Fri, 23 Mar 2018 01:10:28 +0000 (14:10 +1300)]
selftest: enable py3 for samba.tests.blackbox.check_output
convert bytes to str for Python 3
`BlackboxTestCase.check_output` will return bytes since it uses
`subprocess.communicate` underneath.
Convert expected string result to bytes for comparing.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Thu, 5 Apr 2018 02:49:55 +0000 (14:49 +1200)]
selftest: enable py3 for samba.tests.xattr
Fix bytes and str issue.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Thu, 5 Apr 2018 02:49:25 +0000 (14:49 +1200)]
selftest: enable py3 for samba.tests.posixacl
Fix bytes and str issue.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Wed, 28 Mar 2018 02:53:50 +0000 (15:53 +1300)]
wscript_build: fix c modules deps name for Python 3
In wscript_build, the lib name in deps list may have postfix for Python
3. Instead of hard coding the base name directly, need to load correct
name for each Python version with `bld.pyembed_libname`.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joe Guo [Wed, 28 Mar 2018 02:08:40 +0000 (15:08 +1300)]
samba3: work around bytes formatting for Python 3.4
b'%s\x00' % key
The above % formatting for bytes is only available since Python 3.5,
however we need to support Python 3.4 so far.
Work around this with `+`.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>