1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

5917 Commits

Author SHA1 Message Date
Andrew Bartlett
13e09c72cd ldb: Version 1.1.30
* let ldbdump parse the -i option
* don't allow the reveal_internals control for ldbedit
* only allow --show-binary for ldbsearch
* don't let ldbsearch create non-existing files
* fix ldb_tdb search inconsistencies
* add cmocka based tests
* provide an interface for improved indexing for callers
  like Samba, which will allow much better performance.
* Makes ldb access to tdb:// databases use a private event context
  rather than the global event context passed in by the caller.
  This is because running other operations while locks are held
  or a search is being conducted is not safe.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:27 +02:00
Andrew Bartlett
e001ac9ef5 ldb: Add Doxygen documentation for ldb_handle_use_global_event_context()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-05-31 06:34:27 +02:00
Andrew Bartlett
850732ebbb ldb: Add Doxygen docs for ldb_set_require_private_event_context()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-05-31 06:34:27 +02:00
Andrew Bartlett
ba3eff930f ldb: Add Doxygen docs for ldb_handle_get_event_context()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-05-31 06:34:27 +02:00
Andrew Bartlett
d73d926458 ldb: Add Doxygen docs for ldb_schema_set_override_indexlist()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-05-31 06:34:27 +02:00
Andrew Bartlett
bcd891dc3f ldb: Add Doxygen docs for ldb_schema_attribute_set_override_handler
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-05-31 06:34:27 +02:00
Andrew Bartlett
cb03b12ac2 ldb: Add Doxygen comments for ldb_req_*trusted() functions
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-05-31 06:34:27 +02:00
Andrew Bartlett
02a4915b91 ldb: Add test for ldb_build_search_req()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:27 +02:00
Andrew Bartlett
6777770d35 ldb: Add tests for new ldb handle and event context behaviour
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:27 +02:00
Andrew Bartlett
c29201d6d3 ldb: Add ldb_handle_use_global_event_context()
This will allow the IRPC to be processed in the main event loop of the
server, not the private event context for this request

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:27 +02:00
Andrew Bartlett
e67d3568e5 ldb: Use the private event context in ldb_tdb and ldb_wait()
This enables the previous commits, and ensures that ldb_tdb is safe from operations while locks
are held

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:27 +02:00
Andrew Bartlett
25795c3da9 ldb: Force use of a private event context in ldb_tdb
ldb_tdb holds locks while making callbacks, so force the use of a per-request event context

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:26 +02:00
Andrew Bartlett
cd97f45976 ldb: Create private event contexts in top level requests, chain to children
We must ensure that the ldb_request we call ldb_wait() will share an event context with all
the eventual request that the ldb backend creates events on

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:26 +02:00
Andrew Bartlett
0f13243f5e ldb: Add ldb_set_require_private_event_context()
This will allow us to force use of the global event context for use when Samba
must make an IRPC call from within the ldb stack, to another part of the same
process

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:26 +02:00
Andrew Bartlett
a83df55693 ldb: Add ldb_handle_get_event_context()
This will allow us to obtain a private event context for use while we hold
locks in ldb_tdb, that is not shared with the global state of the application.

This will ensure we do not perform other operations while we hold the lock

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:26 +02:00
Andrew Bartlett
1ba6b9aae8 ldb: Add ldb_build_req_common() helper function
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:26 +02:00
Andrew Bartlett
aa54ed0365 ldb: Add tests for the schema and index override hooks
Because this uses ldb_private.h we no longer build the
test binary if we are building against a system ldb

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:26 +02:00
Andrew Bartlett
e903e08027 ldb: Move test_ldb_attrs_case_insensitive closer to setup/teardown functions
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:26 +02:00
Andrew Bartlett
2335e57a89 ldb_tdb: Avoid reading the index list from the DB if we are already set to override it
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:26 +02:00
Andrew Bartlett
e584fe85a5 ldb: Allow a caller (in particular Samba) to handle the list of attributes with an index
By doing that, Samba will use a binary search to locate the attributes
rather than an O(n) search, during every search or modify of the database.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:26 +02:00
Andrew Bartlett
29dc93298a ldb_tdb: consistently use ltdb->cache->attribute_indexes to determine if we have indexes
This is instead of checking the number of elements via ltdb->cache->indexlist->num_elements

In turn, this allows us to avoid fetching ltdb->cache->indexlist in the future

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:26 +02:00
Andrew Bartlett
e1bc43dca1 ldb_tdb: change the arguments to ldb_is_indexed() to provide the ltdb_private
By doing this, we can be more efficient in locating if we have an index in
the future.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:26 +02:00
Andrew Bartlett
05e8dcb2f9 ldb_tdb: Split index load out into a sub-funciton: ltdb_index_load
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-31 06:34:26 +02:00
Andrew Bartlett
c23b191ac4 ldb_tdb: Call talloc_free(options_dn) as soon as we are done with options_dn
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-23 01:13:25 +02:00
Andrew Bartlett
496feccad4 ldb_tdb: Provide better debugging on end_trans failures
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-23 01:13:24 +02:00
Andrew Bartlett
a2a1962dc0 ldb_tdb: Provide better debugging on prepare_commit failures
ltdb_index_transaction_commit() does LDB operations, sets the ldb
error string and returns LDB errors so we should not check the tdb
error code.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-23 01:13:24 +02:00
Andrew Bartlett
1fd8ec23c7 tdb: Improve debugging when the allrecord lock fails to upgrade
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-23 01:13:24 +02:00
Ralph Boehme
60747c1be4 lib/torture: add two more ndr assert macros
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12787

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2017-05-17 23:02:09 +02:00
Andreas Schneider
ebc049777a lib: Update pam_wrapper to 1.0.4
* Fix build on OpenBSD
* Fix a resource leak

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-05-17 23:02:09 +02:00
Andreas Schneider
d1dc2b0e4b ldb-samba: Fix a possible NULL pointer dereference
CID: #1402566
CID: #1402567

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 16 16:45:43 CEST 2017 on sn-devel-144
2017-05-16 16:45:43 +02:00
Jeremy Allison
b2de5a81bf s4: popt: Global replace of cmdline_credentials -> popt_get_cmdline_credentials().
Add one use of popt_set_cmdline_credentials().
Fix 80 column limits when cmdline_credentials changes
to popt_get_cmdline_credentials().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-05-11 20:30:13 +02:00
Günther Deschner
8e321676b9 lib/krb5_samba: remove some dead prototypes
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-05-10 15:53:20 +02:00
Andrew Bartlett
47a8fb8e70 ldb: Do not use mktemp() nor leak files into /tmp during api.py test
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-06 12:03:16 +02:00
Andrew Bartlett
be87e9dfa3 ldb: Add test for transaction deadlock detected when waiting for a search
This was the original intent of 7dd31288a7
but was broken in 251aaafe3a and
hidden by 4bb2958f16.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-06 12:03:16 +02:00
Andrew Bartlett
e7f3b457d6 ldb: Add some tests to clarify the current iterator behaviour
search_iterator() is no more memory efficient than search() because all the results
come back at the first res.next() call

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-05-06 12:03:16 +02:00
Volker Lendecke
dd0d2ee1dd pam_wrapper: Add PAM_STRERROR_CONST configure check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-05-05 07:46:06 +02:00
Volker Lendecke
ae8f34984f lib: FreeBSD needs sys/wait.h for WIFEXITED
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue May  2 21:14:22 CEST 2017 on sn-devel-144
2017-05-02 21:14:22 +02:00
Alexander Bokovoy
09bc5b5374 systemd: fix detection of libsystemd
On Fedora 25 detection of libsystemd actually fails due to wrong
assumptions in the configure test. conf.CHECK_LIB returns a list
so 'not conf.CHECK_LIB(...)' is always False and we never get to check
libsystemd.

Instead, remember result of checking pkg-config for separate
libsystemd-daemon and libsystemd-journal libraries. If they miss,
attempt to use libsystemd library instead.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May  2 13:05:43 CEST 2017 on sn-devel-144
2017-05-02 13:05:43 +02:00
Ralph Boehme
37ef28794c Revert "lib/util: make use of tfork in samba_runcmd_send()"
This reverts commit 292e46ab12.

Processes run by tfork will have a parent pid of 1, they won't be childs
of the caller anymore.

When the source4 samba process uses samba_runcmd_send() to launch smbd
and winbindd the resulting process hierarchy becomes:

 PPID   PID  PGID   SID TTY      TPGID STAT   UID   TIME COMMAND
    1   516   510   510 ?           -1 S      111   0:02 avahi-daemon: running [samba-ad.local]
    1 29209 29209 29209 ?           -1 Ss       0   0:00 ./bin/samba
29209 29210 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29211 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29213 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29215 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29216 29209 29209 ?           -1 R        0   0:00  \_ ./bin/samba
29209 29217 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29218 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29220 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29221 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29222 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29223 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29224 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
29209 29225 29209 29209 ?           -1 S        0   0:00  \_ ./bin/samba
    1 29214 29209 29209 ?           -1 S        0   0:00 ./bin/samba
29214 29219 29219 29219 ?           -1 Ss       0   0:00  \_ /home/slow/git/samba/scratch/bin/smbd -D --option=server role check:inhibit=yes --foreground
29219 29236 29219 29219 ?           -1 S        0   0:00      \_ /home/slow/git/samba/scratch/bin/smbd -D --option=server role check:inhibit=yes --foreground
29219 29237 29219 29219 ?           -1 S        0   0:00      \_ /home/slow/git/samba/scratch/bin/smbd -D --option=server role check:inhibit=yes --foreground
29219 29238 29219 29219 ?           -1 S        0   0:00      \_ /home/slow/git/samba/scratch/bin/smbd -D --option=server role check:inhibit=yes --foreground
    1 29228 29209 29209 ?           -1 S        0   0:00 ./bin/samba
29228 29230 29230 29230 ?           -1 Ss       0   0:00  \_ /home/slow/git/samba/scratch/bin/winbindd -D --option=server role check:inhibit=yes --foreground
29230 29239 29230 29230 ?           -1 S        0   0:00      \_ /home/slow/git/samba/scratch/bin/winbindd -D --option=server role check:inhibit=yes --foreground

They will still be in the same process group and session, but just not
be a child or subchild. For childs of the source4 samba process this
might be non desirable.

killing all processes by sending a signal to the main samba process
still works, because a pipe is used between the samba process and the
smbd and winbindd childs. Both watch for EOF on the pipe.

In the output above smbd and winbindd are in their own process group ans
session because they call become_daemon().

See also the discussion in this mailthread:
<https://lists.samba.org/archive/samba-technical/2017-April/120257.html>

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Apr 30 17:21:05 CEST 2017 on sn-devel-144
2017-04-30 17:21:05 +02:00
Andreas Schneider
7556c20d4b param: Add 'mit kdc command' to change the default.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:09 +02:00
Stefan Metzmacher
77d4e07ef3 tdb: version 1.3.13
* documentation for the tdbbackup -n option
* correctly upgrade F_RDLCK to F_WRLCK locks
* tdbtool: Add "storehex" command
* fix robust mutex detection in threaded applications
  (bug #12593)
* improve debugging of transaction lock failures

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 27 18:50:10 CEST 2017 on sn-devel-144
2017-04-27 18:50:08 +02:00
Andrew Bartlett
3607826334 tdb: Improve debugging in _tdb_transaction_start
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-27 14:52:17 +02:00
Andrew Bartlett
1148e8f040 tdb: Improve debugging when the allrecord lock fails to upgrade
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-27 14:52:17 +02:00
Ralph Boehme
19b193ebc9 tdb: runtime check for robust mutexes may hang in threaded programs
The current runtime check for robust mutexes in
tdb_runtime_check_for_robust_mutexes() is not thread-safe.

When called in a multi-threaded program where any another thread doesn't
have SIGCHLD blocked, we may end up hung in sigsuspend() waiting for a
SIGCHLD of a child procecss and the signal was delivered to another
thread.

Revert to the previous behaviour of waiting for the child instead of
waiting for the SIGCHLD signal.

Ensure the pid we wait for is not reset to -1 in a toctou race with the
signal handler.

Check whether waitpid() returns ECHILD which can happen if the signal
handler is run by more then one thread in parallel (yes, this can
happen) or if tdb_robust_mutex_wait_for_child() and the signal handler
are racing.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12593

Pair-programmed-with: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-27 14:52:16 +02:00
Ralph Boehme
f5c3904f35 lib/util: fix a Coverity finding in tfork
If dup2() fails, fd is -1 and is later used in sys_write().

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-25 19:14:11 +02:00
Volker Lendecke
5d288a9b17 tdbtool: Add "storehex" command
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 09:16:16 CEST 2017 on sn-devel-144
2017-04-22 09:16:16 +02:00
Jeremy Allison
306783d6f5 lib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *)
Not currently used - no logic changes inside.

This will make it possible to pass down a long-lived talloc
context from the loading function for modules to use instead
of having them internally all use talloc_autofree_context()
which is a hidden global.

Updated all known module interface numbers, and added a
WHATSNEW.

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
2017-04-22 01:17:00 +02:00
Ralph Boehme
426e407c53 lib/util: add a test for samba_runcmd_send()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-20 16:53:16 +02:00
Ralph Boehme
292e46ab12 lib/util: make use of tfork in samba_runcmd_send()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-20 16:53:16 +02:00
Ralph Boehme
3ce1060f78 lib/util: add a test for tfork()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-20 16:53:16 +02:00
Stefan Metzmacher
6b950ae37e lib/util: add tfork()
triple-fork to avoid handling SIGCHLD in the parent.

This function is a workaround for the problem of using fork() in
library code. In that case the library should avoid setting a global
signal handler for SIGCHLD, because the application may wants to use its
own handler.

status_fd can be used to wait for the child to exit and get its exit
status.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-20 16:53:16 +02:00
Jakub Hrozek
3d049f2aad ldb:tests: Unit test the ldb_rename() operation
Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-04-19 15:46:26 +02:00
Jakub Hrozek
a05fda2f3f ldb:tests: Add tests for case insensitive searches
Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-04-19 15:46:26 +02:00
Jakub Hrozek
f44c0827eb ldb:tests: unit test for ldb_search()
Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-04-19 15:46:26 +02:00
Jakub Hrozek
68a00330af ldb:tests: Add a modify test
Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-04-19 15:46:26 +02:00
Jakub Hrozek
5113116a83 ldb:tests: Add a test for ldb transactions
Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-04-19 15:46:26 +02:00
Jakub Hrozek
dddac9fc3c ldb:tests: Add a basic delete test
Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-04-19 15:46:26 +02:00
Jakub Hrozek
b423c3e8d5 ldb:tests: Add a basic search test
Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-04-19 15:46:26 +02:00
Jakub Hrozek
dbe1dd5fab ldb:tests: A rudimentary ldb_add() test
Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-04-19 15:46:26 +02:00
Andreas Schneider
b49ee16b9c ldb:tests: Build a ldb test for the tdb backend
Pair-Programmed-With: Andrew Bartlet <abartlet@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Andrew Bartlet <abartlet@samba.org>
2017-04-19 15:46:26 +02:00
Jakub Hrozek
15ad5de6aa ldb:tests: Add a simple cmocka test for ldb_connect()
Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-04-19 15:46:26 +02:00
Jakub Hrozek
317f3c6f3d ldb: Clarify LDB_MODULES_PATH is used
Make it (hopefully more) clear where modules are loaded from.

Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-04-19 15:46:26 +02:00
Jakub Hrozek
1a90b55da6 ldb_tdb: Remove unused function parameter
Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-04-19 15:46:25 +02:00
Jakub Hrozek
1c7c4b474c ldb_tdb: Remove unused function parameter
Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-04-19 15:46:25 +02:00
Jakub Hrozek
9d4168e745 ldb_tdb: Remove unused function ltdb_add_attr_results
Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-04-19 15:46:25 +02:00
Ralph Boehme
b3f8e9a62c dbwrap: add dbwrap_parse_record_send/recv
The req_state parameter tells the caller whether the async request is
blocked in a full send queue:

req_state >= DBWRAP_REQ_DISPATCHED := request is dispatched
req_state < DBWRAP_REQ_DISPATCHED := send queue is full

This is useful in a clustered Samba environment where the async dbwrap
request is sent over a socket to the local ctdbd.

If the send queue is full and the caller was issuing multiple async
dbwrap requests in a loop, the caller knows it's probably time to stop
sending requests for now and try again later.

This will be used in subsequent commits in
smbd_smb2_query_directory_send() when implementing async write time
updates. Directories may contain umpteen files so we send many requests
to ctdb without going through tevent and reading the responses which has
the potential to deadlock.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-04-18 22:54:16 +02:00
Ralph Boehme
4449844096 dbwrap: add parse_record_send/recv to struct db_context
The implementation comes next.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-04-18 22:54:16 +02:00
Ralph Boehme
27acbb26ee dbwrap: add enum dbwrap_req_state
This will be used by async dwrap_parse_send() as an out argument, giving
the caller an indication about the state of the request.

This is can be useful for the caller if it is a sync function and sends
multiple async dbwrap requests. As it's a sync function it won't return
to the main tevent event loop and so the async dbwrap recv function are
not called.

As a result the function may deadlock: our receive queue may already be
full with results from a peer, the peer might be blocked in his send
queue (because we're not receiving), the peer therefor doesn't read from
his receive queue so our send queue will block as well.

To inform the caller of this situation "send queue full" we return this
state information to the caller of the dbwrap send function.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-04-18 22:54:16 +02:00
Ralph Boehme
1fcb66efe0 lib/util: add and use iov_concat
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-04-18 22:54:15 +02:00
Jeremy Allison
1e8e048bf0 lib: param: Remove lpcfg_register_defaults_hook().
Completely unused functionality. Gets rid of another
talloc_autofree_context(). Updated WHATSNEW to make
this clear.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-04-18 22:54:15 +02:00
Jeremy Allison
600f8787e3 lib: debug: Avoid negative array access.
Report and patch from Hanno Böck <hanno@hboeck.de>.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12746

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-18 11:47:17 +02:00
Jeremy Allison
bf8f7a36bf lib:charset: Remove use of talloc_autofree_context() for global_iconv_handle
All other callers use NULL here anyway, so there's no
need to use a special context for get_iconv_handle().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-18 11:47:17 +02:00
Jeremy Allison
35b23711e8 lib:charset: Make global_iconv_handle private
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-18 11:47:17 +02:00
Jeremy Allison
2a4d07b999 lib: param: Remove the last external use of global_iconv_handle by calling the utility function reinit_iconv_handle().
Add an error check.

This *looks* like a logic change, but it is not.

The only change is the addition of the error return check.

The reason is that the changed function, reload_charcnv(),
is the *only* function that sets lp_ctx->iconv_handle. And
it does so just before setting global_iconv_handle = lp_ctx->iconv_handle.

Calling the utility function reinit_iconv_handle()
instead merely sets global_iconv_handle first, then
assigns it (as the return) to lp_ctx->iconv_handle.

So all this is doing is reversing the order of
setting global_iconv_handle and lp_ctx->iconv_handle
to the same thing.

Even the removal of the lines:

-       struct smb_iconv_handle *old_ic = lp_ctx->iconv_handle
-       if (old_ic == NULL) {
-               old_ic = global_iconv_handle;

has no effect, as remember that lp_ctx->iconv_handle
is only ever set to the same value as global_iconv_handle,
and once this function has been run once, lp_ctx->iconv_handle != NULL.

This allows us finally to make global_iconv_handle private
to the C source file that defines it.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-18 11:47:17 +02:00
Jeremy Allison
766e9ff05e lib: param: Use utility functions to get rid of two more uses of global_iconv_handle.
Add error return checking.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-18 11:47:17 +02:00
Jeremy Allison
c28e2c937a lib:charset: Add utility functions reinit_iconv_handle() and free_iconv_handle(void)
Not yet used. Will enable us to make global_iconv_handle private.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-18 11:47:17 +02:00
Jeremy Allison
3afbdb7a0e lib: Remove smb_iconv_handle_reinit_lp()
It's merely a wrapper for smb_iconv_handle_reinit(),
only used in one place and smb_iconv_handle_reinit()
is already called from lib/param/loadparm.c.

Removing this will make it easier to make global_iconv_handle
private state to lib/util/charset/codepoints.c later.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-18 11:47:17 +02:00
Noel Power
8050db2303 param: Check for valid values of 'name resolve order' option
This variable is populated by a list of values where each value should
be a known option. This patch ensures that illegal values are detected.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12739

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2017-04-13 11:26:28 +02:00
Volker Lendecke
397d1936ec tdb: Test for readonly lock upgrade bug
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 11 00:33:31 CEST 2017 on sn-devel-144
2017-04-11 00:33:30 +02:00
Volker Lendecke
a6f1532d7f tdb: Do lock upgrades properly
When a process holds a readlock and wants to upgrade, this needs to be
reflected in the underlying lock. Without this, it is possible to cheat:
One process holds a readlock, and another process wants to write this
record. All the writer has to do is take a readonly lock on the key and
then do the store.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-10 20:44:21 +02:00
Volker Lendecke
97cafdcfaa tdb: Fix some signed/unsigned hickups
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-10 20:44:21 +02:00
Andreas Schneider
a46566ea5e lib: Add pam_wrapper 1.0.3
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-04-07 10:32:13 +02:00
Stefan Metzmacher
7a4e2bef18 uid_wrapper: use conf.blddir to construct libnss_wrapper_so_path
conf.blddir might not the the same as conf.srcdir + '/bin'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-07 10:32:13 +02:00
Stefan Metzmacher
05c8aa6390 resolv_wrapper: use conf.blddir to construct libnss_wrapper_so_path
conf.blddir might not the the same as conf.srcdir + '/bin'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-07 10:32:13 +02:00
Stefan Metzmacher
013a92ccc8 nss_wrapper: use conf.blddir to construct libnss_wrapper_so_path
conf.blddir might not the the same as conf.srcdir + '/bin'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-04-07 10:32:13 +02:00
Gary Lockyer
387eb18a1c auth_log: Add JSON logging of Authorisation and Authentications
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Pair-Programmed: Andrew Bartlett <abartlet@samba.org>
2017-03-29 02:37:27 +02:00
Andrew Bartlett
0db7719071 debug: Add debug class for auth_audit
This will be an audit stream of authentication and connection-level authorization

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-03-29 02:37:26 +02:00
Gary Lockyer
eacb5aead7 lib/util: Add functions to escape log lines but not break all non-ascii
We do not want to turn every non-ascii username into a pile of hex, so we instead focus
on avoding newline insertion attacks and other low control chars

Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2017-03-29 02:37:26 +02:00
Björn Baumbach
0558715b5b tdb/tools: add documentation for the tdbbackup -n option
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org
2017-03-28 17:45:19 +02:00
Volker Lendecke
b224b2033d lib: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-28 17:45:19 +02:00
Volker Lendecke
2ad26a63c9 lib: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-28 17:45:19 +02:00
Volker Lendecke
0865fea4fc lib: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-28 17:45:19 +02:00
Volker Lendecke
aea4e4cbd3 lib: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-28 17:45:19 +02:00
Volker Lendecke
d13496f387 lib: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-28 17:45:18 +02:00
Volker Lendecke
d98c7263e0 lib: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-28 17:45:18 +02:00
Volker Lendecke
e92a20781c server_id_db: Protect against non-0-terminated data records
Remove the failing test from knownfail.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12705
2017-03-28 09:23:11 +02:00
Uri Simchoni
f31fd41ca7 torture: add torture_assert_mem_not_equal_goto()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12715

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-03-26 19:42:16 +02:00
Jeremy Allison
ed483d8e57 s3: smbd: Change "strict sync" paramter from "no" to "yes" for 4.7.0.
Document change and modify in loadparm.c.
Safer default for new installs and vendors.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2017-03-25 00:49:22 +01:00
Volker Lendecke
a181609f94 lib: Simplify smb_nanosleep
We have the recalculation logic also in sys_poll_intr, don't duplicate it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Mar 20 16:11:16 CET 2017 on sn-devel-144
2017-03-20 16:11:15 +01:00
Volker Lendecke
8f0ecb660e lib: Make sys_poll_intr available to ctdb
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-03-20 12:20:08 +01:00
Volker Lendecke
0b6156f8da lib: Avoid an includes.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-03-20 12:20:08 +01:00
Amitay Isaacs
a1131494df lib/util: Fix initializer
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-16 20:30:19 +01:00
Amitay Isaacs
59514f2e4c replace: Fix compiler warning flag
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-16 20:30:19 +01:00
Alexander Bokovoy
bbeef554f2 lib/crypto: implement samba.crypto Python module for RC4
Implement a small Python module that exposes arcfour_crypt_blob()
function widely used in Samba C code.

When Samba Python bindings are used to call LSA CreateTrustedDomainEx2,
there is a need to encrypt trusted credentials with RC4 cipher.

Current Samba Python code relies on Python runtime to provide RC4
cipher. However, in FIPS 140-2 mode system crypto libraries do not
provide access RC4 cipher at all. According to Microsoft dochelp team,
Windows is treating AuthenticationInformation blob encryption as 'plain
text' in terms of FIPS 140-2, thus doing application-level encryption.

Replace samba.arcfour_encrypt() implementation with a call to
samba.crypto.arcfour_crypt_blob().

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Mar 15 01:30:24 CET 2017 on sn-devel-144
2017-03-15 01:30:24 +01:00
Andreas Schneider
6b73f75540 krb5_wrap: Fix smb_gss_krb5_import_cred() picky-developer build
This does not build on Fedora 25 with picky-developer turned on.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-03-14 15:22:12 +01:00
Andreas Schneider
12d26899a4 param: Allow to specify kerberos method on the commandline
We support --option for our tools but you cannot set an option where the
value of the option includes a space.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-03-14 15:22:12 +01:00
Andreas Schneider
a6a527e1e8 krb5_wrap: Print a warning for an invalid keytab name
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-03-14 15:22:12 +01:00
Garming Sam
ee04f96b69 ldb_tdb: Add better comments for duplicate attr values
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
2017-03-13 05:10:10 +01:00
Garming Sam
b562a90646 ldb_tdb: Do not check for duplicate values during a rename
This is not the time to be pretending to be dbcheck, and there are
exceptions to the single-value rules in Samba. This is needed for
the same reasons as the modify case.

(Note: this error was triggered with the demote of an RODC with links)

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
2017-03-13 05:10:10 +01:00
Garming Sam
3b5aeaba95 ldb_tdb: Do not care about duplicates if single value check disabled
This behaviour of ignoring duplicates with the flag
LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK is also used in the replace
case here.

When we add a forward DN+Binary link with a duplicate DN, this prevents
us from not being able to add the backlink because it appears to be a
duplicate here.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>
2017-03-13 05:10:10 +01:00
Ralph Boehme
c9a7a065bb lib/pthreadpool: fix a memory leak
When copying large files from the server to the client with aio enabled
we noticed that smbd kept growing RSS and VSZ.

valgrind was reporting:

==2503== 4,093,440 bytes in 6,560 blocks are possibly lost in loss record 460 of 460
==2503==    at 0x4C299CE: calloc (vg_replace_malloc.c:711)
==2503==    by 0x4011C24: _dl_allocate_tls (in /usr/lib64/ld-2.17.so)
==2503==    by 0x4E3C960: pthread_create@@GLIBC_2.2.5 (in /usr/lib64/libpthread-2.17.so)
==2503==    by 0x9B298AE: pthreadpool_add_job (in /usr/lib64/samba/libmessages-dgm-samba4.so)
==2503==    by 0x9B29FDC: pthreadpool_tevent_job_send (in /usr/lib64/samba/libmessages-dgm-samba4.so)
==2503==    by 0x56A78EF: ??? (in /usr/lib64/samba/libsmbd-base-samba4.so)
==2503==    by 0x55D86B7: smb_vfs_call_pread_send (in /usr/lib64/samba/libsmbd-base-samba4.so)
==2503==    by 0x55F7543: schedule_smb2_aio_read (in /usr/lib64/samba/libsmbd-base-samba4.so)
==2503==    by 0x5608F57: smbd_smb2_request_process_read (in /usr/lib64/samba/libsmbd-base-samba4.so)
==2503==    by 0x55FCB6C: smbd_smb2_request_dispatch (in /usr/lib64/samba/libsmbd-base-samba4.so)
==2503==    by 0x55FD7DC: ??? (in /usr/lib64/samba/libsmbd-base-samba4.so)
==2503==    by 0x641B977: ??? (in /usr/lib64/samba/libtevent.so.0.9.31)

The problem seems to be caused by worked threads that are not properly
started in detached state and thus their tls is not reclaimed upon
thread termination.

In pthreadpool.c we prepare a pthread attribute with
PTHREAD_CREATE_DETACHED, but we don't pass it to pthread_create().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12624

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 10 22:06:02 CET 2017 on sn-devel-144
2017-03-10 22:06:02 +01:00
Andreas Schneider
804e828d52 krb5_wrap: Remove obsolete smb_krb5_get_principal_from_service_hostname()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-03-10 11:37:22 +01:00
Andreas Schneider
339a2ecb3f krb5_wrap: Make smb_krb5_get_realm_from_hostname() public
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2017-03-10 11:37:21 +01:00
Andreas Schneider
f0c4fcace5 krb5_wrap: pass client_realm to smb_krb5_get_realm_from_hostname()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2017-03-10 11:37:21 +01:00
Andreas Schneider
65228925ab krb5_wrap: Try to guess the correct realm from the service hostname
If we do not get a realm mapping from the krb5.conf or from the Kerberos
library try to guess it from the service hostname. The guessing of the
realm from the service hostname is already implemented in Heimdal. This
makes the behavior of smb_krb5_get_realm_from_hostname() consistent
with both MIT and Heimdal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2017-03-10 11:37:21 +01:00
Andreas Schneider
946f9dd117 krb5_wrap: Do not return an empty realm from smb_krb5_get_realm_from_hostname()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12554

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2017-03-10 11:37:21 +01:00
Ian Stakenvicius
81ff0f3065 waf: disable-python - align tdb's wscript
Drop the configure option for --disable-python as it is now
global in wafsamba.

If samba is set to use a system copy of tdb, and tdb wasn't built
with python support, then the system pytevent will not be found.  If
samba is being built without python support then pytdb is not needed,
so do not bother to try and find it.

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-03-10 07:31:12 +01:00
Ian Stakenvicius
b45ff0bcf9 waf: disable-python - align tevent wscript
Drop the configure option for --disable-python as it is now
global in wafsamba.

If samba is set to use a system copy of tevent, and tevent wasn't built
with python support, then the system pytevent will not be found.  If
samba is being built without python support then pytevent is not needed,
so do not bother to try and find it.

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-03-10 07:31:12 +01:00
Ian Stakenvicius
ce956be075 waf: disable-python - align ldb's wscript
If samba is set to use a system copy of ldb, and ldb wasn't built with
python support, then no system pyldb-util will be found.  If samba is
being built without python support then pyldb-util isn not needed, so
do not bother to try and find it.

The system ldb check had to be duplicated due to the earlier commits
which changed order of ldb and pyldb-util checks, and by association
also added a dependency of pyldb-util onto ldb.  This seemed cleaner
than messing with variables.

The build configuration for pyldb-util needs to exist even if it's
not being built, so that dependency resolution can occur throughout
the rest of the samba build system -- this required dropping the higher
level conditional and using the enabled= parameter instead.

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-03-10 07:31:12 +01:00
Ian Stakenvicius
dcba0b1975 waf: disable-python - align talloc's wscript
Drop the configure option for --disable-python as it is now
global in wafsamba

If samba is set to use a system copy of talloc, and talloc wasn't built
with python support, then the system pytalloc-util will not be found.
If samba is being built without python support then pytalloc-util is not
needed, so do not bother to try and find it.

The build configuration for pytalloc-util needs to exist even if it's
not being built, so that dependency resolution can occur throughout
the rest of the samba build system -- this required dropping the higher
level conditional and using the enabled= parameter instead.

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-03-10 07:31:12 +01:00
Lumir Balhar
e9a464911c python: samba._ldb: Port of samba._ldb to Python 3 compatible form
Port of samba._ldb Python module to Python 3 compatible form.

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-03-10 07:31:11 +01:00
Andrew Bartlett
583ff0a0e3 lib/ldb: Enable use of a python3 pyldb-util system library
To do this, we have to install a .pc file for the python3 pyldb-util

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Incorportaing fixes by Petr Viktorin <pviktori@redhat.com>

Signed-off-by: Petr Viktorin <pviktori@redhat.com>
2017-03-10 07:31:10 +01:00
Andrew Bartlett
f5cafee0c7 talloc: use the system pytalloc-util for python3 as well
This involves installing a .pc file for the python3 library as well

To get the .pc file generated and installed is quite a mission, we
have to rework the talloc build system to ensure that the second 'env'
created for EXTRA_PYTHON has everything set up on it, the
TALLOC_VERSION in particular.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Incorportaing fixes by Petr Viktorin <pviktori@redhat.com>

Signed-off-by: Petr Viktorin <pviktori@redhat.com>
2017-03-10 07:31:10 +01:00
Douglas Bagnall
bb4ad8dffe pyldb: p3k readiness: allow single unicode string in msg element
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-03-10 07:31:09 +01:00
Uri Simchoni
2772fa4fbf talloc: fix doxygen of talloc_move
talloc_move cannot fail.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 10 07:30:40 CET 2017 on sn-devel-144
2017-03-10 07:30:40 +01:00
Stefan Metzmacher
35f92b82b5 ldb: add LDB_FLG_DONT_CREATE_DB
This avoids creating an new tdb files on ldbsearch
or other callers which use LDB_FLG_DONT_CREATE_DB.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar  9 16:02:21 CET 2017 on sn-devel-144
2017-03-09 16:02:21 +01:00
Alexander Bokovoy
57286d5773 s3-gse: move krb5 fallback to smb_gss_krb5_import_cred wrapper
MIT krb5 1.9 version of gss_krb5_import_cred() may fail when importing
credentials from a keytab without specifying actual principal.
This was fixed in MIT krb5 1.9.2 (see commit
71c3be093db577aa52f6b9a9a3a9f442ca0d8f20 in MIT krb5-1.9 branch, git
master's version is bd18687a705a8a6cdcb7c140764d1a7c6a3381b5).

Move fallback code to the smb_gss_krb5_import_cred wrapper. We only
expect this fallback to happen with krb5 GSSAPI mechanism, thus hard
code use of krb5 mech when calling to gss_acquire_cred.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Mar  8 22:00:24 CET 2017 on sn-devel-144
2017-03-08 22:00:24 +01:00
Alexander Bokovoy
0e6e8dd260 lib/krb5_wrap: add smb_gss_krb5_import_cred wrapper
Wrap gss_krb5_import_cred() to allow re-implementing it with
gss_acquire_cred_from() for newer MIT versions. gss_acquire_cred_from()
works fine with GSSAPI interposer (GSS-proxy) while
gss_krb5_import_cred() is not interposed yet.

The wrapper has additional parameter, krb5_context handle, to facilitate
with credentials cache name discovery. All our callers to
gss_krb5_import_cred() already have krb5 context handy.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12611

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-03-08 18:00:11 +01:00
Stefan Metzmacher
4738754e7d ldb-samba: remember the error string of a failing bind in ildb_connect()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9048

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-03-03 08:59:16 +01:00
Ralph Boehme
49723151b2 lib/torture: add torture_assert_mem_equal_goto
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12427

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-03-02 00:32:22 +01:00
Stefan Metzmacher
20057544cb talloc: version 2.1.9
* fix some coverity defects
* fix TALLOC_VERSION_MINOR and talloc_version_minor()
* add new tests
* add pytalloc_get_type()
* add pytalloc_GenericObject_{steal,reference}[_ex]()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-02-25 02:39:11 +01:00
Stefan Metzmacher
2cae14df12 pytalloc: add pytalloc_GenericObject_{steal,reference}[_ex]()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-02-25 02:39:11 +01:00
Martin Schwenke
138deeaa7f lib/util: Put bitmap.c into samba-util-core so it is available to CTDB
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-02-24 07:47:11 +01:00
Stefan Metzmacher
a2daa664cc ldb/tools: only use LDB_FLG_SHOW_BINARY for 'ldbsearch'
--show-binary is only useful for ldbseach in all other cases
it will destroy data.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 24 03:59:01 CET 2017 on sn-devel-144
2017-02-24 03:59:01 +01:00
Chris Lamb
1e0bca1e6c Correct "seperate" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:22 +01:00
Chris Lamb
9f03cf9123 Correct "formated" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:22 +01:00
Chris Lamb
a4ab7c73bd Correct "occured" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:21 +01:00
Garming Sam
bed19f3744 ldbedit: Prevent the use of the reveal internals control
This is almost certainly not what you want to do. Providing the output of reveal as the input of modify
will necessarily revivify all dead linked attributes (regardless of --extended-dn or not).

This is extremely unexpected behaviour, so we prevent this from happening.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12596

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Feb 22 04:23:05 CET 2017 on sn-devel-144
2017-02-22 04:23:05 +01:00
Stefan Metzmacher
16ea6e1308 talloc: fix TALLOC_VERSION_* mismatch detection
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 22 00:14:34 CET 2017 on sn-devel-144
2017-02-22 00:14:34 +01:00
Stefan Metzmacher
10e1b92c28 krb5_wrap: use our own code to calculate the ENCTYPE_ARCFOUR_HMAC key
Our own convert_string_talloc() function handles a wider range
of unicode code points than the MIT krb5 or heimdal code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Feb 21 20:08:16 CET 2017 on sn-devel-144
2017-02-21 20:08:16 +01:00
Stefan Metzmacher
ad12cfae42 lib/util: add generate_random_machine_password() function
It generates more random password for the use as machine password,
restricted to codepoints <= 0xFFFF in order to be compatible
with MIT krb5 and Heimdal.

Note: the fallback to ascii if 'unix charset' is not 'utf8'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-21 16:09:21 +01:00
Cody Harrington
4940661658 ndrdump: Add the option --hex-input for hexdump parsing
This allows the user to input a hexdump that has been generated by the dump option.

Signed-off-by: Cody Harrington <cody@harringtonca.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-02-14 09:46:23 +01:00
Andrew Bartlett
77b37e9372 lib/util: Remove ntstatus.h and string_wrappers.h include from samba_util.h
These are not low-level headers that we need everywhere.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Feb 11 11:40:45 CET 2017 on sn-devel-144
2017-02-11 11:40:45 +01:00
Andrew Bartlett
83a3805461 debug: Do not depend on the whole of samba_util.h
By depending only on util_strlist.h and blocking.h we avoid pulling in the
generated NTSTATUS list for this low-level subsystem

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-11 07:49:16 +01:00
Ralph Boehme
738797d8ad lib/replace: validate xattr namespace prefix on FreeBSD
We should validate the xattr name string ensuring it either begins with
"sytem." or "user.". If it doesn't, we should fail the request with
EINVAL.

The FreeBSD xattr API uses namespaces but doesn't put the namespace name
as a string prefix at the beginning of the xattr name. It gets passed as
an additional int arg instead.

On the other hand, our libreplace xattr API expects the caller to put a
namespace prefix into the xattr name.

Unfortunately the conversion and stripping of the namespace string prefix
from the xattr name gives the following unexpected result on FreeBSD:

rep_setxattr("foo.bar", ...) => xattr with name "bar"

The code checks if the name begins with "system.", if it doesn't find
it, it defaults to the user namespace and then does a strchr(name, '.')
which skips *any* leading string before the first dot.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12490

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-02-10 18:33:17 +01:00
Douglas Bagnall
b02d636e0b lib/replace tests: prevent GCC fretting over snprintf sizes
These tests deliberately use snprintf for truncating strings, which is
fine for tests. This has the effect of leaving the warning in place
but preventing it from becoming a fatal error.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-02-10 05:09:08 +01:00
Matthieu Patou
dd25d75b96 Move pthreadpool to top of the tree.
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-02-09 20:04:12 +01:00
Douglas Bagnall
83c4ad778e binsearch: make BINARY_ARRAY_SEARCH_GTE compare against a pointer
This is in preparation for improvements in our handling of linked
attributes where we make changes to the pointer in the process of
comparing it (for caching purposes).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-02-09 03:17:15 +01:00
Douglas Bagnall
8bdec7034e binsearch: clarify variable name in greater-than-or-equal search
The exact match variable was called "result" following the other
macros, which confused me for a moment.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-02-09 03:17:15 +01:00
Stefan Metzmacher
3fe1f06278 talloc/wscript: avoid passing pointless enabled=True to SAMBA_PYTHON()
This is the default and should not be passed explicitly.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb  1 18:16:58 CET 2017 on sn-devel-144
2017-02-01 18:16:58 +01:00