1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

138547 Commits

Author SHA1 Message Date
Shachar Sharon
beb21324c9 vfs_ceph_new: use low-level APIs for lchown
Use libcephfs' low-level API ceph_ll_setattr to implement VFS lchown_fn
hook. Use to standard pattern of iget/iput to allow operation by Inode
reference.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2024-07-29 14:51:36 +00:00
Shachar Sharon
47224fbdeb vfs_ceph_new: use low-level APIs for statfs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2024-07-29 14:51:36 +00:00
Shachar Sharon
93d786b143 vfs_ceph_new: use low-level APIs for lstat
Use libcephfs' low-level APIs and apply the same logic as stat, but
using AT_SYMLINK_NOFOLLOW flags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2024-07-29 14:51:36 +00:00
Shachar Sharon
1b78d79663 vfs_ceph_new: use low-level APIs for stat
Start migrating to libcephfs' low-level APIs, using explicit Inode*
reference. Implement the VFS 'stat' hook using a ceph_ll_getattr
function, encapsulated with a pair of iget/iput to hold a
pinned-to-cache Inode* instance.

Upon calling to libcephfs this new code crates and destroys on-the-fly
a Ceph UserPerm instance based on the uig, gid and groups from
'handle->conn->session_info->unix_token'. This logic ensures that the
correct caller-credentials are passed-on to cephfs (instead of those
set upon connection-creation in legacy 'vfs_ceph.c').

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2024-07-29 14:51:36 +00:00
Shachar Sharon
192b0cf871 vfs_ceph_new: use low-level APIs for disk_free
Start using libcephfs low-level APIs: get reference to root inode and
use it to query statfs. Requires an explicit put-inode to avoid resource
leakage by libcephfs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2024-07-29 14:51:36 +00:00
Shachar Sharon
3720452720 vfs_ceph_new: next iteration of samba-to-cephfs bridge
Defined new module 'vfs_ceph_new.c' which serves as a place holder for
the next development phase of the bridge between samba's VFS layer and
libcephfs. Begin with a module which is almost identical to existing
'vfs_ceph.c', except for hooks-names prefix which is 'vfs_ceph_' in
order to make clear distinction from existing code base. Following
commits will also switch to low-level APIs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2024-07-29 14:51:36 +00:00
Jule Anger
dbc5b73d86 ldb: change the version to 2.11.0 for Samba 4.22
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Mon Jul 29 10:06:23 UTC 2024 on atb-devel-224
2024-07-29 10:06:23 +00:00
Jule Anger
37290695ac WHATSNEW: Start release notes for Samba 4.22.0pre1.
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2024-07-29 09:01:32 +00:00
Jule Anger
9bb02727ef VERSION: Bump version up to 4.22.0pre1...
and re-enable GIT_SNAPSHOT.

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2024-07-29 09:01:32 +00:00
Jule Anger
729078d20c VERSION: Disable GIT_SNAPSHOT for the Samba 4.21.0rc1 release.
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2024-07-29 09:01:32 +00:00
Jule Anger
33f3cd3f0b WHATSNEW: Up to Samba 4.21.0rc1.
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2024-07-29 09:01:32 +00:00
Jule Anger
93a6656c13 tdb: version 1.4.11
* Add tdbdump -x option to output all data as hex values
* Add missing overflow check for num_values in pytdb.c
* Remove Py2 related tests
* Update times in tdb_transaction_commit per fd, not per name
* Fix compilation with TDB_TRACE=1
* Allow tracing of internal tdb

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2024-07-29 09:01:32 +00:00
Douglas Bagnall
e58e4a5aa9 ldb:kv_index: use subtransaction_cancel in transaction_cancel
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sat Jul 27 23:51:44 UTC 2024 on atb-devel-224
2024-07-27 23:51:44 +00:00
Douglas Bagnall
18131aebf8 ldb:kv_index: subtransaction_cancel: check for nested tdb
Just in case, but also so ldb_kv_index_transaction_cancel() can use
this and retain the same logic.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-27 22:47:39 +00:00
Douglas Bagnall
9ecf96859f ldb:kv_index: don't recalculate a length
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-27 22:47:39 +00:00
Douglas Bagnall
1bf9ede94f ldb:kv_index: realloc away old dn list
We can't just free it, because has the GUID index list as a child, and
these are shared by the new dn list (from the subtransaction we are
committing). But if the dn list is long and the main transaction is
long-lived, we can save a lot of memory by turning this dn list into
an almost empty node in the talloc tree. This returns us to roughly
the situation we had prior to the last commit.

For example, with the repro.sh script on bug 15590 in indexes mode
with 10000 rules, The last 3 commits use this much memory at the end
of an unusually large transaction:

full talloc report on 'struct ldb_context' (total 4012222 bytes in 90058 blocks)
full talloc report on 'struct ldb_context' (total 2405482219 bytes in 90058 blocks)
full talloc report on 'struct ldb_context' (total 4282195 bytes in 90058 blocks)

That is, the last commit increased usage 500 fold, and this commit
brings it back to normal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15590

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-27 22:47:39 +00:00
Douglas Bagnall
5f0198d698 ldb_kv_index: dn_list load sub transaction can re-use keys
We don't want to modify the original list, but we can reuse the keys
if we treat them as immutable and don't free them. That makes it a lot
quicker if there are many keys (i.e. where an index is useful) and may
sub-transactions. In particular, it avoids O(n²) talloc_memdups.

A removed comment that says "We have to free the top level index
memory otherwise we would leak", and this will be addressed in the
next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15590

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-27 22:47:39 +00:00
Douglas Bagnall
ed7bc50b00 ldb:ldb_kv_dn_list_find_val: check for int overflow
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-27 22:47:39 +00:00
Douglas Bagnall
d8c7768fed ldb_kv_cache: always initialise dn_list.strict
The strict flag is only read in list intersection, so most of the time
it doesn't matter whether it is set because that path is not used.
Nevertheless seeing it set to all kinds of values is distracting.

The undefined behaviour has likely been hidden from static analysis
because the structure is passed through the in-memory tdb before use.

Incorrect true values will have disabled an optimisation but not
caused the wrong result.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-27 22:47:39 +00:00
Douglas Bagnall
351636efa7 tdb: allow tracing of internal tdb
This will trace internal databases to files like this:

tdb_0x5da896b51870.trace.267290

We avoid strlen(name) because name could be NULL in this case (which
works fine with glibc but feels bad).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-27 22:47:39 +00:00
Douglas Bagnall
e653b0870f tdb: fix compilation with TDB_TRACE=1
../../lib/tdb/common/tdb.c: In function ‘tdb_trace_record’:
../../lib/tdb/common/tdb.c:1224:22: error: ‘snprintf’ output truncated before the last format character [-Werror=format-truncation=]
 1224 |                 p += snprintf(p, 2, %02x, rec.dptr[i]);
      |                      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/tdb/common/tdb.c:1224:22: note: ‘snprintf’ output 3 bytes into a destination of size 2
cc1: all warnings being treated as errors

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-27 22:47:39 +00:00
Pavel Filipenský
e61f53b656 WHATSNEW: Automatic keytab update after machine password changes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Fri Jul 26 18:16:15 UTC 2024 on atb-devel-224
2024-07-26 18:16:15 +00:00
Pavel Filipenský
6a97f8e16d selftest: Add tests for keytab update in clustered samba
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
be29fe50ad selftest: setup clusteredmember with kerberos, change dependency to "ad_dc"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
c76727b3c7 selftest: Rename nt4_dc_vars -> dcvars in setup_clusteredmember
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
fb0c2774ca script: clustered samba: Build samba-ctdb with ad-dc support
samba-tool requires addc support

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
bf13d9b3ef s3:script: clustered samba: Add script updatekeytab.sh
Admin should use this script in smb.conf parameter 'sync machine
password script' in clustered samba

TODO: onnode will update the keytab on all connected nodes, so the
update will happen on the triggering node twice. This can be improved in
the future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
1fcaf066f4 ctdb:events: Add 46.update-keytabs.script for 'recovered' event
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
e08b2963d9 s3:libads: Call 'sync machine password script' when machine password is updated
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
f819ad2502 s3:utils: Remove from "net ads keytab": "add", "delete" and "add_update_ads"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
c10c49b3f0 s3:libads: Remove ads_keytab_create_default & friends
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
ad6a91ba74 testprogs: Remove alias test from test_net_ads.sh
"net ads keytab create" no longer reads msDS-AdditionalDnsHostName from AD

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
abbf926067 testprogs: Remove dnshostname related test from test_net_ads.sh
"net ads keytab create" no longer reads dNSHostName from AD

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
2304d96db3 testprogs: Use "HOST' instead of 'host' in test_net_ads.sh
"net ads keytab create" will uses the same value as in AD,
modifications to lower case are no longer done

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
18aedcc84c testprogs: Remove upn related test from test_net_ads.sh
"net ads keytab create" will no longer read "userPrincipalName" from AD

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
d18babd1d7 testprogs: Remove "keytab add", "keytab delete" and "keytab add_apdate_ads" related tests from test_net_ads.sh
"net ads" will no longer support "keytab add", "keytab delete" and "keytab add_apdate_ads"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
90ec8adf1f selftest: Add tests for keytab update
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
aff928268a selftest: Add "sync machine password to keytab" to env. ad_member_idmap_nss
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
253625dabf s3:utils: Change net_ads_keytab_create() to call sync_pw2keytabs()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
eeb79875c6 s3:libnet: Sync keytab during libnet_join_create_keytab()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
683f6eec40 s3: Sync machine account password in secrets_{prepare,finish}_password_change
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
7c65aa8c7b s3:ads: Remove 'kerberos method' warning for 'net ads keytab' functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
49d0990689 s3:ads: Do not update system keytab from "net ads changetrustpw"
It will be done in secrets_{prepare,finish}_password_change

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
da622ccc16 s3:lib: Sync machine password to keytab: helper functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
f3ff687119 s3:libads: Request "msDS-KeyVersionNumber" from ads_find_machine_acct()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
b007fb89d5 s3:libads: Use the TRACE SUPPORT for keys operations
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
1185b03b27 krb5_wrap: Add TRACE SUPPORT for keys operations
The trace looks like below. Useful is the last filed - hex dump of the
data - allows to search for all manipulations.

KEYTAB_TRACE sync_pw2keytabs_process_keytab:622 add ADMEMKEYTAB$@ADDOM.SAMBA.EXAMPLE.COM 14 17 C66D244CB26005C7D6FF9FC00FCBBE4A

BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
27ca58f9bf s3:testparm: Add check for "sync machine password to keytab" to testparm
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
09c3029958 docs:smbdotconf: Add parameter 'sync machine password script'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
731a25b5c8 docs:smbdotconf: Add parameter 'sync machine password to keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00