1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

72689 Commits

Author SHA1 Message Date
Stefan Metzmacher
2bb637d1cf s4:ntvfs/smb2: use sync version of smb2_connect()
We don't use it in an async fashion anyway.

metze
2011-04-28 20:35:47 +02:00
Stefan Metzmacher
c5034ac315 s4:selftest: skip s3member tests for now
They are flakey, see
http://git.samba.org/autobuild.flakey/2011-04-28-1501/samba4.stdout
http://git.samba.org/autobuild.flakey/2011-04-28-1700/samba4.stdout

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Apr 28 18:42:06 CEST 2011 on sn-devel-104
2011-04-28 18:42:06 +02:00
Volker Lendecke
2e1522f378 s3: Close the winbind client fds after forking
In an overload situation, the winbind helper child process inherits all those
hundreds of fd's which it will never talk to. Close them.

We (Christian Ambach and me) just saw a crash in libkrb5. Christian's analysis
showed that libkrb5 also does select, probably exceeding FD_SETSIZE and
crashing due to that reason. The parent winbind in theory does not do Kerberos
at all, so this should fix that problem.

The crash is interesting because the child process did not really crash.
Somewhere in glibc backtrace() is called, probably due to an assert() or some
explicit consistency check. This then somehow generates a signal probably due
to corrupted memory structures. That signal triggers Samba to again call
backtrace(). This blocks hard on a ptrace_once(). Sorry for the long backtrace
here, but this *is* interesting.

The child process blocking and not really crashing makes the situation worse:
The parent process does not get told the child has crashed and more client
sockets pile up.

This patch is intended to put some relief on this problem by closing the
majority of sockets the parent holds.

(gdb) bt
\#0  0x00002ad686a2b07b in pthread_once () from /lib64/libpthread.so.0
\#1  0x00002ad6867adf87 in backtrace () from /lib64/libc.so.6
\#2  0x00002ad683eab27c in log_stack_trace () at lib/util.c:1580
\#3  0x00002ad683eab34b in smb_panic (why=0x2ad6841c6ec3 "internal error") at lib/util.c:1481
\#4  0x00002ad683e9af3e in fault_report (sig=1) at lib/fault.c:52
\#5  sig_fault (sig=1) at lib/fault.c:75 #6  <signal handler called>
\#7  0x00002ad68673b005 in _int_malloc () from /lib64/libc.so.6
\#8  0x00002ad68673c95d in calloc () from /lib64/libc.so.6
\#9  0x00002ad684503e25 in _dl_new_object () from /lib64/ld-linux-x86-64.so.2
\#10 0x00002ad6844ffadc in _dl_map_object_from_fd () from /lib64/ld-linux-x86-64.so.2
\#11 0x00002ad684501d43 in _dl_map_object () from /lib64/ld-linux-x86-64.so.2
\#12 0x00002ad68450ac8d in dl_open_worker () from /lib64/ld-linux-x86-64.so.2
\#13 0x00002ad684506ed6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
\#14 0x00002ad68450a68c in _dl_open () from /lib64/ld-linux-x86-64.so.2
\#15 0x00002ad6867d0ba0 in do_dlopen () from /lib64/libc.so.6
\#16 0x00002ad684506ed6 in _dl_catch_error () from /lib64/ld-linux-x86-64.so.2
\#17 0x00002ad6867d0d07 in __libc_dlopen_mode () from /lib64/libc.so.6
\#18 0x00002ad6867adeea in init () from /lib64/libc.so.6
\#19 0x00002ad686a2b083 in pthread_once () from /lib64/libpthread.so.0
\#20 0x00002ad6867adf87 in backtrace () from /lib64/libc.so.6
\#21 0x00002ad68673285f in __libc_message () from /lib64/libc.so.6
\#22 0x00002ad68673a30f in _int_free () from /lib64/libc.so.6
\#23 0x00002ad68673a76b in free () from /lib64/libc.so.6
\#24 0x00002ad6853fe346 in krb5int_sendto () from /usr/lib64/libkrb5.so.3
\#25 0x00002ad6853fe511 in krb5_sendto_kdc () from /usr/lib64/libkrb5.so.3
\#26 0x00002ad6853df7c4 in ?? () from /usr/lib64/libkrb5.so.3
\#27 0x00002ad6853e0919 in krb5_get_init_creds () from /usr/lib64/libkrb5.so.3
\#28 0x00002ad6853e2a94 in krb5_get_init_creds_password () from /usr/lib64/libkrb5.so.3
\#29 0x00002ad684169ff1 in kerberos_kinit_password_ext (principal=0x2ad684702180 "<sanitized>", password=0x2ad6844c5bb0 "<sanitized>", time_offset=0, expire_time=0x2ad6846bf380, renew_till_time=0x0, cache_name=0x2ad6843cb3e0 "MEMORY:winbind_ccache", request_pac=false, add_netbios_addr=false, renewable_time=<value optimized out>, ntstatus=0x0) at libads/kerberos.c:223
\#30 0x00002ad68416a223 in ads_kinit_password (ads=0x2ad6846bf330) at libads/kerberos.c:327
\#31 0x00002ad68415f725 in ads_sasl_spnego_bind (ads=0x2ad6846bf330) at libads/sasl.c:812
\#32 0x00002ad68415dbc1 in ads_sasl_bind (ads=0x2ad6846bf330) at libads/sasl.c:1114
\#33 0x00002ad68415c09b in ads_connect (ads=0x2ad6846bf330) at libads/ldap.c:711
\#34 0x00002ad683e1b8f7 in ads_cached_connection (domain=0x2ad6846b07c0) at winbindd/winbindd_ads.c:124
\#35 0x00002ad683e1bc85 in sequence_number (domain=0x2ad6846b07c0, seq=0x2ad6846b0cd8) at winbindd/winbindd_ads.c:1233
\#36 0x00002ad683dffdd7 in refresh_sequence_number (domain=0x2ad6846b07c0, force=128) at winbindd/winbindd_cache.c:510
\#37 0x00002ad683e00520 in wcache_fetch (cache=<value optimized out>, domain=0x2ad6846b07c0, format=0x2ad68419901e "U/%s") at winbindd/winbindd_cache.c:638
\#38 0x00002ad683e04ac8 in query_user (domain=0x2ad6846b07c0, mem_ctx=0x2ad6846bc920, user_sid=0x7fff1d0cb8c0, info=0x7fff1d0cb810) at winbindd/winbindd_cache.c:1910
\#39 0x00002ad683df2d38 in winbindd_dual_userinfo (domain=0x2ad6846b07c0, state=0x7fff1d0cc9c0) at winbindd/winbindd_user.c:173
\#40 0x00002ad683e232e0 in fork_domain_child (child=0x2ad6846c2440) at winbindd/winbindd_dual.c:485
\#41 schedule_async_request (child=0x2ad6846c2440) at winbindd/winbindd_dual.c:319
\#42 0x00002ad683e229f2 in async_request_fail (state=0x2ad6846c1d00) at winbindd/winbindd_dual.c:214
\#43 0x00002ad683ebabec in run_events (ev=0x2ad6846aebf0, selrtn=0, read_fds=0x7fff1d0ce910, write_fds=<value optimized out>) at lib/events.c:123
\#44 0x00002ad683df08cb in process_loop (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at winbindd/winbindd.c:1113
\#45 main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at winbindd/winbindd.c:1437

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Apr 28 12:06:12 CEST 2011 on sn-devel-104
2011-04-28 12:06:12 +02:00
Volker Lendecke
a672707a18 s3: Fix a strange German translation 2011-04-28 10:13:50 +02:00
Andrew Bartlett
1c5cc4a2d1 s4-selftest: Don't use a hardcoded target DC name
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Apr 28 07:34:31 CEST 2011 on sn-devel-104
2011-04-28 07:34:31 +02:00
Andrew Bartlett
f5487b3b47 selftest: Make combined test the default when s3build is enabled 2011-04-28 14:31:32 +10:00
Andrew Bartlett
34e3501a32 selftest: Fix combination of Samba3 and Samba4 test lists
The previous code was too subtle, and tried to filter via two xfail
scripts.  The --fail-immediately for the source3 knownfail would then
fail samba4 know failures.

Andrew Bartlett

Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2011-04-28 14:31:25 +10:00
Andrew Bartlett
123097e879 selftest: Print a better warning warning message when smbcacls fails.
These tests can't run on systems without posix ACLs.

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Apr 28 06:18:59 CEST 2011 on sn-devel-104
2011-04-28 06:18:59 +02:00
Andrew Bartlett
b44f4325bb selftest: Don't die() when the join fails
This kills off everything without a proper shutdown, and is difficult
to debug.

Andrew Bartlett
2011-04-28 05:30:21 +02:00
Andrew Bartlett
fb5e1f4a65 selftest: s3member admember test to confirm s3/s4 interopability
This checks that Samba3 joins Samba4 correctly, and allows NTLM and
Kerberos logons from a live Samba4 DC.

This needs the common krb5.conf generation logic, and because we now
override KRB5_CONFIG we must update ktest to have a valid krb5.conf.

Based on an original patch by metze

Andrew Bartlett
2011-04-28 05:30:21 +02:00
Andrew Bartlett
a427652010 s3-libads: Use ldap_init_fd() to connect to AD server in socket_wrapper
This means that we control the connection setup, don't rely on signals
for timeouts and the connection uses socket_wrapper where that is
required in our test environment.

According to bug reports, this method is also used by curl and other
tools, so we are not the first to (ab)use the OpenLDAP libs in this
way.

It is ONLY enabled for socket_wrapper at this time, as this is the
best way to get 'make test' working for S3 winbind tests in an S4
domain.

Andrew Bartlett
2011-04-28 05:30:21 +02:00
Andrew Bartlett
ab46d66101 selftest: Make overwrite of $env->{target} optional
This allows a target to be a mix of Samba3 and Samba4, and chose it's
own backend for check_env and get_log_env.

Andrew Bartlett
2011-04-28 05:30:21 +02:00
Andrew Bartlett
818ec32d0c s3-libads Pass a struct sockaddr_storage to cldap routines
This avoids these routines doing a DNS lookup that has already been
done, and ensures that the emulated DNS lookup isn't thrown away.

Andrew Bartlett
2011-04-28 05:30:20 +02:00
Andrew Bartlett
aa8406cadf s3-selftest: Use default name resolution methods (now that dns is emulated)
Now that we have emulated DNS, we can test Samba with the default name
resolve order.

Andrew Bartlett
2011-04-28 05:30:20 +02:00
Andrew Bartlett
0df4061cff lib/util/charset Merge talloc-based pull and push charset functions
These were copied from source3/lib/charcnv.c

Andrew Bartlett
2011-04-28 05:30:20 +02:00
Andrew Tridgell
ea95e0967b s3-test: log to stdout for smbd/nmbd/winbindd
this prevents error messages from logfile creation before smb.conf is
read

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Apr 28 05:29:19 CEST 2011 on sn-devel-104
2011-04-28 05:29:19 +02:00
Andrew Bartlett
790ab3e0db lib/util/charset Add copyright headers
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Apr 28 04:13:44 CEST 2011 on sn-devel-104
2011-04-28 04:13:44 +02:00
Andrew Tridgell
d17f4352fe lib/util/charset Make fast path from UTF16 to '8 bit' charsets clearer
This breaks the fast path into handling for -1 and handling for
specified lenghts, avoding branch operations on each character.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-04-28 03:24:06 +02:00
Andrew Bartlett
eee1ff2fb5 lib/util/charset Add tests for srclen=-1 behaviour.
This confirms that we do include a null terminator in all non-failed
conversions.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-04-28 03:24:05 +02:00
Andrew Bartlett
4081ea5b49 lib/util/charset use convert_string.c in common
This brings another layer of the charcnv library in common.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-04-28 03:24:05 +02:00
Andrew Bartlett
75d5ba4109 lib/util/charset Fix string termination conditions for UTF16 strings
This punts partial UTF16 strings to iconv() to deal with, as it's not
a fast path any longer if it's got an odd length.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-04-28 03:24:05 +02:00
Jeremy Allison
240465f96e Remove another fstring in this code.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Apr 28 03:15:32 CEST 2011 on sn-devel-104
2011-04-28 03:15:32 +02:00
Volker Lendecke
a8a6433fec s3: Properly clean up in pthreadpool_init in case of failure
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Apr 27 23:57:19 CEST 2011 on sn-devel-104
2011-04-27 23:57:19 +02:00
Andrew Bartlett
91ebf22fa8 s3-rpc_server Fix compile without kerberos
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Apr 27 23:08:48 CEST 2011 on sn-devel-104
2011-04-27 23:08:48 +02:00
Jeremy Allison
af599b3d90 Fixup (C) - we've both worked lots on this :-).
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Apr 27 21:56:29 CEST 2011 on sn-devel-104
2011-04-27 21:56:29 +02:00
Jeremy Allison
1815f0298f Remove fstrings from client struct. Properly talloc strings (ensuring we never end up with a NULL pointer). 2011-04-27 12:06:25 -07:00
Günther Deschner
66b26195d2 s3-waf: add pthreadpool support.
Volker, please check.

Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Apr 27 17:57:32 CEST 2011 on sn-devel-104
2011-04-27 17:57:32 +02:00
Günther Deschner
cad8fafa03 s3-waf: check for pthread support.
Guenther
2011-04-27 16:51:02 +02:00
Günther Deschner
ee0b0dd3a1 s3-netapi: Fix Coverity CID #2302: FORWARD_NULL
Guenther
2011-04-27 16:51:02 +02:00
Andrew Bartlett
1d46325af8 Remove outdated S4 OpenLDAP backend HOWTO.
This is no longer a feature of Samba4

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Apr 27 15:32:28 CEST 2011 on sn-devel-104
2011-04-27 15:32:28 +02:00
Andrew Bartlett
5e90405af9 s3-winbind Use get_dyn_WINBINDD_SOCKET_DIR() to get the winbind pipe dir
This ensures we follow the dynconfig convention for the socket
directory, and makes it easier to ensure that the client and server
both refer to the same socket.

Andrew Bartlett
2011-04-27 22:22:27 +10:00
Andrew Bartlett
3e85b960fa dynconfig: Have only one dynconfig.o in the common code. 2011-04-27 22:22:26 +10:00
Andrew Bartlett
9e29b09d39 s3-test Make samba3.blackbox.net.local.registry.roundtrip reliable
Looking for smb.conf files with find -name \*.conf would find and not
find all sorts of things that were just not valid inputs.  When
restricted to under source3 it then finds no inputs in the top level
build, as it only worked on the generated smb.conf files from 'make
test' environments.

Instead, just run it on the one file we know is valid, and if we want
to run it on more files, then we can make this test run against more
environments, or specific target files.

Andrew Bartlett
2011-04-27 21:10:30 +10:00
Andrew Bartlett
a60889e006 s3-waf Don't enable profiling by default
This is disabled by default in the s3-autoconf build.

Andrew Bartlett
2011-04-27 21:10:30 +10:00
Andrew Bartlett
d526f861c7 build: Add lib/replace as a default include path
This makes #include "system/filesys.h" in the
source3/includes/includes.h work more often.

Andrew Bartlett
2011-04-27 21:10:30 +10:00
Samba-JP oota
9d5138fb2b docs: Fix a bogus )
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Apr 27 10:21:14 CEST 2011 on sn-devel-104
2011-04-27 10:21:14 +02:00
Andrew Tridgell
7fa51fa130 selftest: we don't get valgrind errors any more with iconv
this check was causing the CP850 warning in the combined build, as the
s3 tests want CP850, but we don't have builtin support for that
charset

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Apr 27 09:31:44 CEST 2011 on sn-devel-104
2011-04-27 09:31:44 +02:00
Andrew Tridgell
e877d4fd1e build: fixed build problems due to implicit library deps in samba3core
this fixes the top level build on svart and probably other hosts

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Apr 27 08:27:49 CEST 2011 on sn-devel-104
2011-04-27 08:27:49 +02:00
Andrew Bartlett
47e2870228 auth/kerberos Add check for gss_inquire_sec_context_by_oid
Not all kerberos distributions have this function.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Apr 27 07:39:08 CEST 2011 on sn-devel-104
2011-04-27 07:39:08 +02:00
Andrew Bartlett
722ec8b347 s4-gensec: Use new common 'obtain the PAC' functions.
Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Apr 27 05:08:10 CEST 2011 on sn-devel-104
2011-04-27 05:08:10 +02:00
Andrew Bartlett
cd7112ba84 s3-gse: Don't release the mech OID from gss_accept_security_context
This is constant data according to the man pages I find for this
fucntion, and causes a segfault to free() when linked to Heimdal.  I
am advised that while it is constant for gss_mech_krb5, it may not be
for other mechanisms, so an assert will ensure this is dealt with by
the programmer who extends this code in future.

Andrew Bartlett
2011-04-27 11:56:48 +10:00
Andrew Bartlett
f0ce322c77 auth/kerberos Move all the PAC handling functions to auth/kerberos 2011-04-27 11:56:48 +10:00
Andrew Bartlett
6ec4306f8c auth/kerberos: Create common helper to get the verified PAC from GSSAPI
This only works for Heimdal and MIT Krb5 1.8, other versions will get
an ACCESS_DEINED error.

We no longer manually verify any details of the PAC in Samba for
GSSAPI logins, as we never had the information to do it properly, and
it is better to have the GSSAPI library handle it.

Andrew Bartlett
2011-04-27 11:56:48 +10:00
Andrew Bartlett
e130dec97b s3-libsmb Use 'resolv:hosts file' as a DNS emulation when specified.
This allows make test to operate without making real DNS calls.

Andrew Bartlett
2011-04-27 11:40:18 +10:00
Andrew Bartlett
806eef63ba s3-libads Don't start a DEBUG with 'time'
This strange requirement comes from our subunit test harness.

Andrew Bartlett
2011-04-27 11:25:53 +10:00
Andrew Bartlett
2a9a9454e8 selftest: Make bindir_path much less complex
There is no need to pass it as a function pointer, just put it in 'Samba.pm'.

Andrew Bartlett
2011-04-27 11:22:07 +10:00
Andrew Bartlett
e04bab4a19 libcli/auth Move Samba4's gssapi_error_string from GENSEC to libcli/auth
This will allow the GSSAPI PAC fetch code to use it.

Andrew Bartlett
2011-04-27 11:21:37 +10:00
Volker Lendecke
e81ea8a291 s3: Make cli_session_setup_lanman2 async
Signed-off-by: Jeremy Allison <jra@samba.org>

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Apr 27 00:25:35 CEST 2011 on sn-devel-104
2011-04-27 00:25:34 +02:00
Volker Lendecke
531628e558 s3: Make cli_session_setup_nt1 async
Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-26 12:22:55 -07:00
Volker Lendecke
40e2ee9cb6 s3: Make plaintext session setup async
Signed-off-by: Jeremy Allison <jra@samba.org>
2011-04-26 12:22:55 -07:00