kseeger/samba-autobuild/.git
2 weeks agoCVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. master
Jeremy Allison [Wed, 27 Mar 2019 19:51:27 +0000 (12:51 -0700)]
CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.

Remove the now unused code implementations of
registry file io.

As reported by Michael Hanselmann.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851

Signed-off-by: Jeremy Allison <jra@samba.org>
2 weeks agoCVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.
Jeremy Allison [Thu, 21 Mar 2019 21:51:30 +0000 (14:51 -0700)]
CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.

The were not using VFS backend calls and could only work
locally, and were unsafe against symlink races and other
security issues.

If the incoming handle is valid, return WERR_BAD_PATHNAME.

[MS-RRP] states "The format of the file name is implementation-specific"
so ensure we don't allow this.

As reported by Michael Hanselmann.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agoCVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir()
Andrew Bartlett [Thu, 21 Mar 2019 04:24:14 +0000 (17:24 +1300)]
CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir()

mkdir() is the other call that requires a umask of 0 in Samba.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 weeks agoCVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users
Andrew Bartlett [Thu, 14 Mar 2019 05:20:06 +0000 (18:20 +1300)]
CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users

Umask manipulation was added to pysmbd with e146fe5ef96c1522175a8e81db15d1e8879e5652 in 2012
and init_files_struct was split out in 747c3f1fb379bb68cc7479501b85741493c05812 in 2018 for
Samba 4.9. (It was added to assist the smbd.create_file() routine used in the backup and
restore tools, which needed to write files with full metadata).

This in turn avoids leaving init_files_struct() without resetting the umask to
the original, saved, value.

Per umask(2) this is required before open() and mkdir() system calls (along
side other file-like things such as those for Unix domain socks and FIFOs etc).

Therefore for safety and clarify the additional 'belt and braces' umask
manipuations elsewhere are removed.

mkdir() will be protected by a umask() bracket, for correctness, in the next patch.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 weeks agoCVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact
Andrew Bartlett [Thu, 21 Mar 2019 04:21:58 +0000 (17:21 +1300)]
CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 weeks agoCVE-2019-3870 tests: Add test to check file-permissions are correct after provision
Tim Beale [Fri, 15 Mar 2019 00:52:50 +0000 (13:52 +1300)]
CVE-2019-3870 tests: Add test to check file-permissions are correct after provision

This provisions a new DC and checks there are no world-writable
files in the new DC's private directory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 weeks agoCVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten
Tim Beale [Fri, 15 Mar 2019 02:20:21 +0000 (15:20 +1300)]
CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten

The smbd changes the umask - if the code fails to restore the umask to
what it was, then this is very bad. Add an extra check to every
smbd-related test that the umask at the end of the test is the same as
what it was at the beginning (i.e. if the smbd code changed the umask
then it correctly restored the value afterwards).

As the selftest sets the umask for all tests to zero, it makes it hard
to detect this problem, so the test setUp() needs to set it to something
else first.

This extra checking is added to the setUp()/tearDown() so that it
applies to all test-cases. However, any failure that occur with this
approach will not be able to be known-failed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 weeks agoselftest: Correct name of flapping smb2.notify test
Andrew Bartlett [Mon, 8 Apr 2019 02:04:08 +0000 (14:04 +1200)]
selftest: Correct name of flapping smb2.notify test

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr  8 03:09:42 UTC 2019 on sn-devel-144

2 weeks agoldb: version 2.0.0
Aaron Haslett [Wed, 20 Mar 2019 00:52:16 +0000 (13:52 +1300)]
ldb: version 2.0.0

* Version bump for adding index_format_fn to the schema syntax structure.
* Range index support added, allowing <= and >= operations to be indexed
* Improved reindex performance by setting the in-memory TDB hash size correctly

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 weeks agoldb_mdb: Add some warnings about poorly constructed callbacks
Garming Sam [Wed, 3 Apr 2019 23:04:47 +0000 (12:04 +1300)]
ldb_mdb: Add some warnings about poorly constructed callbacks

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agoldb: tests for <= and >= integer indexing with duplicates
Garming Sam [Wed, 3 Apr 2019 03:12:35 +0000 (16:12 +1300)]
ldb: tests for <= and >= integer indexing with duplicates

We need to make sure that duplicates are correctly returned (uSNChanged
for instance is UNIQUE but, we should be able to index on attributes
which are not unique).

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agoldb: tests for <= and >= integer indexing
Aaron Haslett [Mon, 11 Mar 2019 03:39:13 +0000 (16:39 +1300)]
ldb: tests for <= and >= integer indexing

Testing max, min and negative values for indexed 32 and 64 bit types.
This has to be done in two different files because the 64 bit type is
LDB_SYNTAX_INTEGER which is implemented at the ldb level, while the 32
bit is added in the ldb-samba module.  Schema syntax binding added for
ldb-samba.

We also need to make sure that full scans are not invoked for LMDB.

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agoldb: Add ORDERED_INTEGER to the proto-schema handling
Garming Sam [Mon, 25 Mar 2019 00:52:42 +0000 (13:52 +1300)]
ldb: Add ORDERED_INTEGER to the proto-schema handling

Adding ordered integer proto schema handling in kv index cache.  This
allows ordered 64 bit integers to be used in cached fields like
@ATTRIBUTES

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agoschema_syntax: Add comments for our index format functions
Garming Sam [Thu, 4 Apr 2019 21:22:28 +0000 (10:22 +1300)]
schema_syntax: Add comments for our index format functions

We had to devise our own scheme for writing integers in a human readable
format which also sorted correctly numerically. This might look a bit
confusing to outsiders, so here's a large comment as a peace offering.

Pair-programmed-with: Tim Beale <timbeale@catalyst.net.nz>

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agoldb: activating <= and >= indexing for integers
Aaron Haslett [Thu, 14 Mar 2019 05:05:23 +0000 (18:05 +1300)]
ldb: activating <= and >= indexing for integers

Activating <= and >= mdb indexing in samba for int32 and int64 attributes by:
1. Adding index_format_fn to LDB_SYNTAX_SAMBA_INT32 in ldb_samba
2. Cloning the 64bit LDB_SYNTAX_INTEGER type as LDB_SYNTAX_ORDERED_INTEGER
3. Adding index_format_fn to the new type
4. Modifying LargeInteger use the new type in samba schema
5. Bumping the index version to trigger reindexing

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agoldb_kv_index: Add a giant comment in regards to index_format_fn
Garming Sam [Thu, 4 Apr 2019 02:02:15 +0000 (15:02 +1300)]
ldb_kv_index: Add a giant comment in regards to index_format_fn

The reason we needed it in the first place was that the original
canonicalize is being used for non-index functions and it never produced
the right order originally (at least for integers).

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agoldb_kv_index: Make the edge keys slightly cleaner and generic
Garming Sam [Thu, 4 Apr 2019 01:36:08 +0000 (14:36 +1300)]
ldb_kv_index: Make the edge keys slightly cleaner and generic

It makes no difference in our standard case because \0 will always go
before any value for our index_format_fn, but this is better for
correctness (in case we do mess up our NUL terminations elsewhere).

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agoldb: <= and >= indexed searching
Aaron Haslett [Mon, 4 Mar 2019 06:06:31 +0000 (19:06 +1300)]
ldb: <= and >= indexed searching

Full implementation of <= and >= indexed searching using iterate_range
backend operation.  Adds index_format_fn to ldb_schema_syntax so
requires an ABI version bump.  The function must be provided for any
type for which <= and >= indexing is required, and must return a
lexicographically ordered canonicalization of a value.  This causes
index entries to be written in correct order to the database, so
iterate_range on the index DNs can be used.

ldb_kv_index_key is modified to return an index DN with attribute name
but without value if an empty value is provided.  This is needed for
constructing keys that match the beginning or end of an index DN range.

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agolmdb: iterate_range cmocka testing
Aaron Haslett [Mon, 4 Mar 2019 02:08:25 +0000 (15:08 +1300)]
lmdb: iterate_range cmocka testing

Cmocka testing for LMDB iterate_range operation added in previous commit.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2 weeks agolmdb: iterate_range implementation
Garming Sam [Sun, 3 Mar 2019 23:50:24 +0000 (12:50 +1300)]
lmdb: iterate_range implementation

Adding iterate_range to LDB API and implementing in LMDB.  This
operation takes a start_key and end_key and returns all records between
the two, inclusive of both.  This will be used to implementing indexing
for <= and >= expressions.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agolibnet vampire: NULL access bug fix
Garming Sam [Mon, 11 Mar 2019 22:16:38 +0000 (11:16 +1300)]
libnet vampire: NULL access bug fix

NULL pointer access bug fix

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agoctdb: Fix a typo
Volker Lendecke [Thu, 4 Apr 2019 14:33:22 +0000 (16:33 +0200)]
ctdb: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Apr  6 11:51:55 UTC 2019 on sn-devel-144

2 weeks agoctdb: Slightly simplify ctdb_ltdb_lock_fetch_requeue
Volker Lendecke [Fri, 18 Jan 2019 15:50:22 +0000 (16:50 +0100)]
ctdb: Slightly simplify ctdb_ltdb_lock_fetch_requeue

Reduce indentation with an early return

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 weeks agotorture: Add test for talloc size accounting in memcache
Christof Schmitt [Thu, 28 Mar 2019 17:46:43 +0000 (10:46 -0700)]
torture: Add test for talloc size accounting in memcache

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr  6 06:08:42 UTC 2019 on sn-devel-144

2 weeks agomemcache: Increase size of default memcache to 512k
Christof Schmitt [Fri, 5 Apr 2019 22:43:21 +0000 (15:43 -0700)]
memcache: Increase size of default memcache to 512k

With the fixed accounting of talloc objects, the default cache size
needs to increase. The exact increase required depends on the workloads,
going form 256k to 512k seems like a reasonable guess.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 weeks agomemcache: Properly track the size of talloc objects
Christof Schmitt [Mon, 1 Apr 2019 23:23:35 +0000 (16:23 -0700)]
memcache: Properly track the size of talloc objects

With memcache_add_talloc, the talloc object becomes part of the pool and
the memcache_element stores a pointer to the talloc object. The
size of the the talloc object was not used when tracking the used space,
allowing the cache to grow larger than defined in the memcache_init
call.

Fix this by adding the size of the talloc object to the used space.

Also record the initial size of the talloc object for proper adjustment
of the used space in the cache later. This is in case the size of the
talloc object is modified while being owned by the cache (e.g.
allocating talloc child objects). This should never happen, but better
be safe than ending up with a broken cache usage counter.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 weeks agomemcache: Introduce struct for storing talloc pointer
Christof Schmitt [Mon, 1 Apr 2019 22:38:59 +0000 (15:38 -0700)]
memcache: Introduce struct for storing talloc pointer

This allows extending the additional data stored for talloced objects
later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 weeks agonetcmd: Fix passwordsettings --max-pwd-age command
Tim Beale [Tue, 2 Apr 2019 20:10:55 +0000 (09:10 +1300)]
netcmd: Fix passwordsettings --max-pwd-age command

The min_pwd_age and max_pwd_age parameters are both optional and default
to None. However, if we just set the max-pwd-age, then the check
'min_pwd_age >= max_pwd_age' will throw a Python exception because it's
trying to compare an int to NoneType (min_pwd_age). This works on Python 2
but is a problem on Python 3.

We could just add a check that min_pwd_age is not None, but that defeats
the point of having the check if you're only setting either the min or
max age indepedently.

This patch gets the current min/max password age from the DB (in ticks).
If either setting is changed, the ticks will be updated. Then at the end
we check the min is still less than the max (to do this, we convert the
ticks back to days in the interests of readability).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr  5 08:03:08 UTC 2019 on sn-devel-144

2 weeks agonetcmd: Add some timestamp conversion helper functions
Tim Beale [Mon, 1 Apr 2019 22:10:41 +0000 (11:10 +1300)]
netcmd: Add some timestamp conversion helper functions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agonetcmd: Use python constant for -0x8000000000000000
Tim Beale [Mon, 1 Apr 2019 03:42:32 +0000 (16:42 +1300)]
netcmd: Use python constant for -0x8000000000000000

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agotests: Add test for setting min/maxPwdAge
Tim Beale [Mon, 1 Apr 2019 03:32:27 +0000 (16:32 +1300)]
tests: Add test for setting min/maxPwdAge

Currently setting maxPwdAge doesn't work at all.

While we're adding a test, we might as well assert that minPwdAge
can't be greater than maxPwdAge as well.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agoldb_kv_search: avoid handling uninitialised dn
Douglas Bagnall [Thu, 4 Apr 2019 02:08:18 +0000 (15:08 +1300)]
ldb_kv_search: avoid handling uninitialised dn

If ldb_kv_filter_attrs() fails, we don't know that the dn of filtered_msg
is OK.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr  5 05:46:55 UTC 2019 on sn-devel-144

2 weeks agoautobuild: attempt authenticated email if environment suggests it
Douglas Bagnall [Wed, 3 Apr 2019 00:17:17 +0000 (13:17 +1300)]
autobuild: attempt authenticated email if environment suggests it

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agodsdb/modules: minor comment typos in samba_dsdb
Douglas Bagnall [Sun, 31 Mar 2019 21:25:28 +0000 (10:25 +1300)]
dsdb/modules: minor comment typos in samba_dsdb

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agodsdb mods/extended_dn_store: used the ldb we already have
Douglas Bagnall [Thu, 28 Mar 2019 03:06:56 +0000 (16:06 +1300)]
dsdb mods/extended_dn_store: used the ldb we already have

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agospell "recursive"
Douglas Bagnall [Wed, 27 Mar 2019 02:37:54 +0000 (15:37 +1300)]
spell "recursive"

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agoperf-tests: rename paged search test for regex disambiguation
Douglas Bagnall [Wed, 3 Apr 2019 21:36:37 +0000 (10:36 +1300)]
perf-tests: rename paged search test for regex disambiguation

We like to use "TESTS=medley" for the old ad_dc_medley.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agorpc: Convert npa_tstream.c to use tstream_u32_read_send
Volker Lendecke [Mon, 1 Apr 2019 13:23:11 +0000 (15:23 +0200)]
rpc: Convert npa_tstream.c to use tstream_u32_read_send

This avoids a bit of code duplication. Overall the last two commits
add a few lines, but that also contains the header file and another GPL
header for tstream_u32_read.c.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr  5 01:00:48 UTC 2019 on sn-devel-144

2 weeks agorpc: Add tstream_u32_read
Volker Lendecke [Thu, 21 Mar 2019 18:41:28 +0000 (19:41 +0100)]
rpc: Add tstream_u32_read

In npa_tstream.c we have two next_vector functions reading a big
endian uin32_t length and then the blob described by the length. This
factors that next_vector out into a central routine.

Why? I'll add another NPA protocol in the future, and this would add
yet another two copies of that next_vector code

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 weeks agos3-messages: add mallinfo() information to pool-usage report
Ralph Wuerthner [Fri, 29 Mar 2019 11:44:50 +0000 (12:44 +0100)]
s3-messages: add mallinfo() information to pool-usage report

Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Thu Apr  4 23:39:25 UTC 2019 on sn-devel-144

2 weeks agos3-messages: modify msg_pool_usage() to allow enhanced memory reports
Ralph Wuerthner [Fri, 29 Mar 2019 11:30:45 +0000 (12:30 +0100)]
s3-messages: modify msg_pool_usage() to allow enhanced memory reports

Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2 weeks agopython join: Set index transaction cache size.
Gary Lockyer [Mon, 1 Apr 2019 03:49:38 +0000 (16:49 +1300)]
python join: Set index transaction cache size.

The default value is too small for joining a large domain.  So we specify a
size of 200,000 which is suitable for domains with up to 100,000 users.

At a later date this could be added as a parameter to the join, but
200,000 should be suitable for now.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr  4 07:45:03 UTC 2019 on sn-devel-144

2 weeks agolib ldb key_value: Set index cache size on open
Gary Lockyer [Mon, 1 Apr 2019 03:33:52 +0000 (16:33 +1300)]
lib ldb key_value: Set index cache size on open

Set the default index cache from the passed option
"transaction_index_cache_size" on open.  This allows the default cache
size to be overridden when processing large transactions i.e. joining a
large domain.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agolib ldb key_value: set the cache size for re-indexing
Gary Lockyer [Mon, 1 Apr 2019 02:28:31 +0000 (15:28 +1300)]
lib ldb key_value: set the cache size for re-indexing

Set the index cache size to the number of records in the databse when
reindexing.

This significantly improves reindex performance.  For a domain with
100,000 users the reindex times are reduced from 17 minutes to 45
seconds.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agolib ldb key_value: Add get_size method
Gary Lockyer [Mon, 1 Apr 2019 02:27:32 +0000 (15:27 +1300)]
lib ldb key_value: Add get_size method

Add the get_size method to the ldb_key_value layer, this will allow the
reindexing code to get an estimate of the number of records in the
database.

The lmdb backend returns an accurate count of the number of records in
the database withe the mdb_env_stat call.

The tdb backend does not provide a low cost method to determine the
number of records on the database.  It does provide a tdb_summary call
however this this walks the entire database.

So for tdb we use the map size divided by 500, this over estimates the counts
for small domains, but the extra memory allocated for the cache should
not be significant.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agolib ldb key_value: Pass index cache size
Gary Lockyer [Mon, 1 Apr 2019 01:10:10 +0000 (14:10 +1300)]
lib ldb key_value: Pass index cache size

Pass the index cache size to ldb_kv_index_transaction_start.  This will
allow it to be set for reindex and join operations, where the current
defaults result in a significant performance penalty on large databases.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agolib ldb key_value: Remove index cache lazy initialisation
Gary Lockyer [Mon, 1 Apr 2019 00:12:20 +0000 (13:12 +1300)]
lib ldb key_value: Remove index cache lazy initialisation

Remove the lazy initialisation of the index cache. This make setting
the size of the cache for re-indexing easier, which will be done in
later commits.

Performance testing shows that the removal of lazy initialisation makes
no appreciable difference to performance.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agoflapping tests: Add samba3.smb2.notify
Gary Lockyer [Wed, 3 Apr 2019 00:03:56 +0000 (13:03 +1300)]
flapping tests: Add samba3.smb2.notify

Add samba3.smb2.notify until Metze gets time to follow it up.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 weeks agos3-libnet_join: allow fallback to NTLMSSP auth in libnet_join
Günther Deschner [Tue, 2 Apr 2019 11:16:55 +0000 (13:16 +0200)]
s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join

When a non-DNS and non-default admin domain is provided during the join
sometimes we might not be able to kinit with 'user@SHORTDOMAINNAME'
(e.g. when the winbind krb5 locator is not installed). In that case lets
fallback to NTLMSSP, like we do in winbind.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr  3 18:57:31 UTC 2019 on sn-devel-144

2 weeks agos3-libnet_join: setup libnet join error string when AD connect fails
Günther Deschner [Tue, 2 Apr 2019 11:16:11 +0000 (13:16 +0200)]
s3-libnet_join: setup libnet join error string when AD connect fails

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 weeks agos3-libnet_join: always pass down admin domain to ads layer
Günther Deschner [Tue, 2 Apr 2019 11:14:06 +0000 (13:14 +0200)]
s3-libnet_join: always pass down admin domain to ads layer

Otherwise we could loose the information that a non-default domain name
has been used for admin creds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 weeks agorpc: Fix a typo
Volker Lendecke [Mon, 1 Apr 2019 19:14:05 +0000 (21:14 +0200)]
rpc: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr  3 17:53:30 UTC 2019 on sn-devel-144

2 weeks agoauth: Add necessary decoration to auth/auth_util.h
Volker Lendecke [Wed, 3 Apr 2019 10:16:50 +0000 (12:16 +0200)]
auth: Add necessary decoration to auth/auth_util.h

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 weeks agorpc: Don't crash if npa_accept fails
Volker Lendecke [Tue, 2 Apr 2019 14:37:39 +0000 (16:37 +0200)]
rpc: Don't crash if npa_accept fails

We can only rely on session_info_transport to be filled correctly upon
success of the accept_existing_recv function

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 weeks agopython/samba: ignore encoding errors while reading files
Philipp Gesang [Tue, 12 Mar 2019 14:43:42 +0000 (15:43 +0100)]
python/samba: ignore encoding errors while reading files

Provisioning fails on C locale due to the Unicode quotes in ldif
data. Patch read_and_sub_file() to read the files as UTF-8.

Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Apr  3 11:33:38 UTC 2019 on sn-devel-144

2 weeks agoprovision: use ASCII quotes
Philipp Gesang [Tue, 12 Mar 2019 14:51:16 +0000 (15:51 +0100)]
provision: use ASCII quotes

Remove some Unicode quotes that cause problems under the C
locale.

Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 weeks agolib:util: Include talloc_keep_secret.h in samba_util.h
Andreas Schneider [Tue, 19 Mar 2019 11:31:42 +0000 (12:31 +0100)]
lib:util: Include talloc_keep_secret.h in samba_util.h

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr  3 07:50:03 UTC 2019 on sn-devel-144

2 weeks agolib:util: Add test for talloc_keep_secret()
Andreas Schneider [Tue, 19 Mar 2019 10:18:47 +0000 (11:18 +0100)]
lib:util: Add test for talloc_keep_secret()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2 weeks agolib:util: Add support to keep talloc chunks secret
Andreas Schneider [Tue, 19 Mar 2019 09:57:54 +0000 (10:57 +0100)]
lib:util: Add support to keep talloc chunks secret

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2 weeks agooLschema2ldif: Resolve multiple parsing bugs
Michael Hanselmann [Wed, 27 Mar 2019 19:17:08 +0000 (20:17 +0100)]
oLschema2ldif: Resolve multiple parsing bugs

The "oLschema2ldif" program contained multiple bugs triggered by
malformed inputs:

* Iteration beyond list of recognized dsdb syntax OIDs when value wasn't
  found (bug 9567)
* NULL pointer dereference when input didn't define a name
* Heap buffer overflows for unterminated token values

Tests are added to reproduce all identified bugs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9567

Signed-off-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Then adapted to use ARRAY_SIZE() consistently as suggested by
metze.

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr  3 02:43:07 UTC 2019 on sn-devel-144

2 weeks agoRelax GPGME version check
Mathieu Parent [Fri, 24 Aug 2018 04:51:04 +0000 (06:51 +0200)]
Relax GPGME version check

The current method require at least the same version as during the build. This is not needed.

Used symbols indicate the minimum is 1.2.0

Bug-Debian: http://bugs.debian.org/886333

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13880

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 weeks agoprefork tests: disable restart tests MIT
Gary Lockyer [Wed, 27 Mar 2019 00:52:37 +0000 (13:52 +1300)]
prefork tests: disable restart tests MIT

The prefork restart tests use the kdc to test restart back off.  These
tests need to use a process that has not been restarted to ensure that
the process restart counters are sitting at 0 when the tests start.

As MIT kerberos is experimental the heimdal builds will still ensure
that this functionality is tested.

At some stage the echo server should be converted to run in pre-fork and
this process can then be used to test the restart backoff.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 weeks agos4:rpc_server: add missing newline to error debug message
Björn Baumbach [Fri, 29 Mar 2019 15:36:03 +0000 (16:36 +0100)]
s4:rpc_server: add missing newline to error debug message

Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr  3 00:13:10 UTC 2019 on sn-devel-144

2 weeks agowaf: Simplify condition for undefined symbol detection
Michael Hanselmann [Fri, 22 Mar 2019 23:14:52 +0000 (00:14 +0100)]
waf: Simplify condition for undefined symbol detection

There's no need to check for OpenBSD twice.

Signed-off-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Apr  2 17:28:40 UTC 2019 on sn-devel-144

2 weeks agosamba_dnsupdate: small tweaks to make code more pythonic
Joe Guo [Wed, 27 Mar 2019 02:21:14 +0000 (15:21 +1300)]
samba_dnsupdate: small tweaks to make code more pythonic

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
3 weeks agomake some auth functions return an NTSTATUS like other similar functions for better...
Kristján Valur [Tue, 12 Mar 2019 09:33:15 +0000 (09:33 +0000)]
make some auth functions return an NTSTATUS like other similar functions for better diagnostics.

Signed-off-by: Kristján Valur <kristjan@rvx.is>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr  2 02:12:48 UTC 2019 on sn-devel-144

3 weeks agoSpelling fixes s/verson/version/
Mathieu Parent [Mon, 25 Mar 2019 14:22:55 +0000 (15:22 +0100)]
Spelling fixes s/verson/version/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 weeks agoSpelling fixes s/conficts/conflicts/
Mathieu Parent [Mon, 25 Mar 2019 14:22:49 +0000 (15:22 +0100)]
Spelling fixes s/conficts/conflicts/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 weeks agoSpelling fixes s/overrided/overridden/
Mathieu Parent [Mon, 25 Mar 2019 14:20:44 +0000 (15:20 +0100)]
Spelling fixes s/overrided/overridden/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 weeks agoSpelling fix s/informations/information/
Mathieu Parent [Mon, 25 Mar 2019 14:02:45 +0000 (15:02 +0100)]
Spelling fix s/informations/information/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 weeks agos3:ldap: Leave add machine code early for pre-existing accounts
Guenther Deschner [Mon, 1 Apr 2019 15:40:03 +0000 (17:40 +0200)]
s3:ldap: Leave add machine code early for pre-existing accounts

This avoids numerous LDAP constraint violation errors when we try to
re-precreate an already existing machine account.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 weeks agos3:libads: Make sure we can lookup KDCs which are not configured
Andreas Schneider [Mon, 1 Apr 2019 14:47:26 +0000 (16:47 +0200)]
s3:libads: Make sure we can lookup KDCs which are not configured

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 weeks agos3:libnet: Use more secure name for the JOIN krb5.conf
Andreas Schneider [Mon, 1 Apr 2019 14:39:45 +0000 (16:39 +0200)]
s3:libnet: Use more secure name for the JOIN krb5.conf

Currently we create krb5.conf..JOIN, use krb5.conf._JOIN_ instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 weeks agoauth:creds: Prefer the principal over DOMAIN/username when using NTLM
Andreas Schneider [Mon, 1 Apr 2019 13:59:10 +0000 (15:59 +0200)]
auth:creds: Prefer the principal over DOMAIN/username when using NTLM

If we want to authenticate using -Wadmin@otherdomain the DC should do
take care of the authentication with the right DC for us.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 weeks agoauth:ntlmssp: Add back CRAP ndr debug output
Guenther Deschner [Wed, 27 Mar 2019 16:51:04 +0000 (17:51 +0100)]
auth:ntlmssp: Add back CRAP ndr debug output

This got lost somehow during refactoring. This is still viable
information when trying to figure out what is going wrong when
authenticating a user over NTLMSSP.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 weeks agos3:libnet: Fix debug message in libnet_DomainJoin()
Guenther Deschner [Mon, 1 Apr 2019 15:46:39 +0000 (17:46 +0200)]
s3:libnet: Fix debug message in libnet_DomainJoin()

A newline is missing but also use DBG_INFO macro and cleanup spelling.

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 weeks agos3:libsmb: Add some useful debug output to cliconnect
Andreas Schneider [Wed, 27 Mar 2019 15:45:39 +0000 (16:45 +0100)]
s3:libsmb: Add some useful debug output to cliconnect

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 weeks agos3:libads: Print more information when LDAP fails
Andreas Schneider [Fri, 29 Mar 2019 10:34:53 +0000 (11:34 +0100)]
s3:libads: Print more information when LDAP fails

Currently we just get an error but don't know what exactly we tried to
do in 'net ads join -d10'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 weeks agolibsmb: Make cli_posix_chown/chmod proper tevent_req functions
Volker Lendecke [Fri, 29 Mar 2019 08:50:31 +0000 (09:50 +0100)]
libsmb: Make cli_posix_chown/chmod proper tevent_req functions

This prepares for making them smb2-aware

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Apr  1 19:00:11 UTC 2019 on sn-devel-144

3 weeks agolibsmb: Make "struct smb2_lock_element" generally usable
Volker Lendecke [Mon, 25 Mar 2019 14:43:49 +0000 (15:43 +0100)]
libsmb: Make "struct smb2_lock_element" generally usable

This struct will be of interest when we add locking capabilities to
libcli/smb/smb2cli*

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 weeks agolibsmb: Rename InfoType from [MS-SMB2] according to the spec
Volker Lendecke [Fri, 29 Mar 2019 10:08:12 +0000 (11:08 +0100)]
libsmb: Rename InfoType from [MS-SMB2] according to the spec

This makes it easier to find this via internet search

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 weeks agoctdb-scripts: Do not "correct" number of nfsd threads when it is 0
Martin Schwenke [Tue, 26 Mar 2019 03:15:33 +0000 (14:15 +1100)]
ctdb-scripts: Do not "correct" number of nfsd threads when it is 0

While 0 may indicate that all threads have exited after being stuck,
it may also indicate that nfsd should not be running due to being shut
down.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sun Mar 31 11:47:44 UTC 2019 on sn-devel-144

3 weeks agoctdb-scripts: Update statd-callout to try several configuration files
Martin Schwenke [Wed, 20 Mar 2019 10:22:43 +0000 (21:22 +1100)]
ctdb-scripts: Update statd-callout to try several configuration files

The alternative seems to be to try something via CTDB_NFS_CALLOUT.
That would be complicated and seems like overkill for something this
simple.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
3 weeks agoctdb-scripts: Allow load_system_config() to take multiple alternatives
Martin Schwenke [Wed, 20 Mar 2019 10:19:49 +0000 (21:19 +1100)]
ctdb-scripts: Allow load_system_config() to take multiple alternatives

The situation for NFS config has got more complicated and is probably
broken in statd-callout on Debian-like systems at the moment.  Allow
several alternative configuration names to be tried.  Stop after the
first that is found and loaded.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
3 weeks agoctdb-scripts: Default to using systemd services in NFS call-out
Martin Schwenke [Tue, 26 Mar 2019 04:05:58 +0000 (15:05 +1100)]
ctdb-scripts: Default to using systemd services in NFS call-out

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
3 weeks agoctdb-tests: Update NFS test infrastructure to support systemd services
Martin Schwenke [Tue, 26 Mar 2019 04:07:43 +0000 (15:07 +1100)]
ctdb-tests: Update NFS test infrastructure to support systemd services

The tests are written around the default of sysvinit-redhat.  Add
support for systemd-redhat.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
3 weeks agoctdb-scripts: Add systemd services to NFS call-out
Martin Schwenke [Wed, 20 Mar 2019 06:45:10 +0000 (17:45 +1100)]
ctdb-scripts: Add systemd services to NFS call-out

At least Red Hat and Debian appear to use (a variant of?) the upstream
systemd units for NFS, so adding support for these services is
relatively easy.  Distributions using Sys-V init can patch the
call-out to use the relevant Sys-V init services.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
3 weeks agoctdb-scripts: Start NFS quota service if defined
Martin Schwenke [Thu, 21 Mar 2019 04:30:00 +0000 (15:30 +1100)]
ctdb-scripts: Start NFS quota service if defined

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
3 weeks agoctdb-scripts: Stop/start mount/rquotad/status via NFS call-out
Martin Schwenke [Wed, 20 Mar 2019 06:35:44 +0000 (17:35 +1100)]
ctdb-scripts: Stop/start mount/rquotad/status via NFS call-out

When an NFS check restarts a failed service by hand then systemd will
be unable to stop or start this service again because (at least) the
PID file will be wrong.  Do this via the NFS Linux kernel call-out
instead.  Allow the call-out to use the services instead of doing
manual restarts.  Add variables for mount, status and rquotad services
to support this.

Adding systemd NFS services to the call-out will follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
3 weeks agoctdb-scripts: Factor out nfs_load_config()
Martin Schwenke [Wed, 20 Mar 2019 05:11:32 +0000 (16:11 +1100)]
ctdb-scripts: Factor out nfs_load_config()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
3 weeks agoctdb-scripts: Add test variable CTDB_NFS_DISTRO_STYLE
Martin Schwenke [Tue, 26 Mar 2019 03:49:49 +0000 (14:49 +1100)]
ctdb-scripts: Add test variable CTDB_NFS_DISTRO_STYLE

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
3 weeks agoctdb-scripts: Rename variable nfslock_service to nfs_lock_service
Martin Schwenke [Wed, 20 Mar 2019 03:50:59 +0000 (14:50 +1100)]
ctdb-scripts: Rename variable nfslock_service to nfs_lock_service

There will be more of these variable for other services so, for
readability, it makes sense for them to start with "nfs_".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
3 weeks agoctdb-scripts: Reindent some functions prior to making changes
Martin Schwenke [Mon, 18 Mar 2019 03:42:36 +0000 (14:42 +1100)]
ctdb-scripts: Reindent some functions prior to making changes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@samba.org>
3 weeks agolibcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotia...
Philipp Gesang [Thu, 14 Feb 2019 09:17:28 +0000 (10:17 +0100)]
libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response

Certain Netapp versions are sending SMB2_ENCRYPTION_CAPABILITIES
structures containing DataLength field that includes the padding
[0]. Microsoft has since clarified that only values smaller than
the size are considered invalid [1].

While parsing the NegotiateContext it is ensured that DataLength
does not exceed the message bounds. Also, the value is not
actually used anywhere outside the validation. Thus values
greater than the actual data size are safe to use. This patch
makes Samba fail only on values that are too small for the (fixed
size) payload.

[0] https://lists.samba.org/archive/samba/2019-February/221139.html
[1] https://lists.samba.org/archive/cifs-protocol/2019-March/003210.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13869

Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Mar 31 01:11:09 UTC 2019 on sn-devel-144

3 weeks agodoc: add missing "samba-tool ou" entry
Björn Baumbach [Thu, 28 Mar 2019 14:26:36 +0000 (15:26 +0100)]
doc: add missing "samba-tool ou" entry

Signed-off-by: Björn Baumbach <bbaumbach@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sat Mar 30 23:33:39 UTC 2019 on sn-devel-144

3 weeks agodoc: add missing "samba-tool computer" entry
Björn Baumbach [Thu, 28 Mar 2019 14:25:01 +0000 (15:25 +0100)]
doc: add missing "samba-tool computer" entry

Signed-off-by: Björn Baumbach <bbaumbach@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
3 weeks agodoc: fix typos in samba-tool documentation
Björn Baumbach [Thu, 28 Mar 2019 14:18:49 +0000 (15:18 +0100)]
doc: fix typos in samba-tool documentation

Signed-off-by: Björn Baumbach <bbaumbach@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
3 weeks agodoc: add missing samba-tool user edit documentation
Björn Baumbach [Thu, 28 Mar 2019 14:02:08 +0000 (15:02 +0100)]
doc: add missing samba-tool user edit documentation

Signed-off-by: Björn Baumbach <bbaumbach@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
3 weeks agosamba-tool: fix some typos
Björn Baumbach [Thu, 28 Mar 2019 16:24:40 +0000 (17:24 +0100)]
samba-tool: fix some typos

All command descriptions have a dot '.' at the end.
The ou and visualize command need this too.

  ...
  group       - Group management.
  ldapcmp     - Compare two ldap databases.
  ntacl       - NT ACLs manipulation.
  ou          - Organizational Units (OU) management
  ...
  user        - User management.
  visualize   - Produces graphical representations of Samba network state

Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
3 weeks agoselftest: use test smb.conf in provision
Douglas Bagnall [Fri, 29 Mar 2019 01:12:49 +0000 (14:12 +1300)]
selftest: use test smb.conf in provision

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>