IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Jeremy, I know you like it explicit, but I stumbled across this
explicit TALLOC_FREE and asked myself about a potentially wrong
talloc hierarchy.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Thu Apr 26 23:00:03 CEST 2012 on sn-devel-104
This prevents race between fetching seqnum and key content.
Because there is currently no way to atomically fetch the
record along with the seqnum, I use a loop.
This is far from optimal and should should ideally be done
differently. But for now it fixes the race.
Signed-off-by: Andreas Schneider <asn@samba.org>
This prevents race between fetching seqnum and key content.
Because there is currently no way to atomically fetch the
record along with the seqnum, I use a loop.
This is far from optimal and should should ideally be done
differently. But for now it fixes the race.
Signed-off-by: Andreas Schneider <asn@samba.org>
The purpose is to prevent next reads from going to disk.
Note that this will currently only be effective with local tdbs, not
with ctdb: For tdb, store and delete bump the seqnum while transaction
commit does not. For ctdb, transaction commit bumps the seqnum, while
store and delete don't... This needs fixing (in ctdb).
Signed-off-by: Andreas Schneider <asn@samba.org>
Note that this will currently only be effective in the local TDB implementation.
For CTDB, this wont work since seqnum currently works differently there (needs
fixing): For tdb, store and delete operations bump the db seqnum, while
transaction commits don't. For ctdb, the seqnum is bumped by the transaction
commit but not by store and delete operations.
Signed-off-by: Andreas Schneider <asn@samba.org>
This is wrong layering (calling into regdb_transaction* in the reg_api code)
but fixes a potential race. It makes the multi-step create procedure atomic.
This should completely be done in the backend.
Signed-off-by: Andreas Schneider <asn@samba.org>
This is at the wrong layer, but if fixes a race potentially causing
data corruption by concurrent access.
Signed-off-by: Andreas Schneider <asn@samba.org>
(there was no lock around fetching the values and storing them)
The layering is wrong in that it uses regdb transactions in reg_api
Signed-off-by: Andreas Schneider <asn@samba.org>
This is like regval_ctr_key_exists() but does not return bool,
but the regval_blob instead, if found, and NULL if not found.
Signed-off-by: Andreas Schneider <asn@samba.org>
With waf build include directories are defined by dependencies specified to subsystems.
Without proper dependency <gssapi/gssapi.h> cannot be found for embedded Heimdal builds
when there are no system-wide gssapi/gssapi.h available.
Split out GSSAPI header includes in a separate replacement header and use that explicitly
where needed.
Autobuild-User: Alexander Bokovoy <ab@samba.org>
Autobuild-Date: Wed Apr 25 00:18:33 CEST 2012 on sn-devel-104
It's pointless to do a talloc_asprintf with a SMB_STRDUP on the
result. Use asprintf directly.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Tue Apr 24 18:18:05 CEST 2012 on sn-devel-104
With PROCESS_SEPARATE_RULE in wafsamba it is now possible to simplify
configuration and checks for MIT/Heimdal Kerberos implementations.
1. Move MIT krb5 checks from source3/wscript to wscript_configure_krb5
2. Make sure they are called same way (--with-mit-krb5-checks)
3. If no configure checks identified MIT krb5 in system (or were disabled),
make sure Heimdal build is selected, embedded (default) or system-provided.
This makes logic of configuration unchanged for Heimdal builds but adds
less hacky way to use MIT krb5 builds. The latter does not work yet as we
need to untangle more subsystems from HDB/Heimdal-specific details but
lays out a foundation for that.
Signed-off-by: Simo Sorce <idra@samba.org>
When doing a "force user" we need to remember what the "sanitized_username"
was from the original connect.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Apr 23 19:52:19 CEST 2012 on sn-devel-104
With the new --private-libraries option, there is no longer the need
to have this support, which was aimed at avoiding the duplication
between two different libsmbclient binaries in a packaged
distribution. By using --private-libraries instead, we do not
introduce a dependency between Samba 4.0 packages and whatever other
packages are on the system.
This effectivly reverts part of
e3ffb31554 while kpeeing the improved
SAMBA_LIBRARY declaration.
Andrew Bartlett
Only non-gcc compilers seem to notice this as an error.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Apr 23 05:58:52 CEST 2012 on sn-devel-104
This was useful before the idmap cache was moved to gencache.
Nowadays it is available to smbd through gencache, so we
can remove the extra caching layer.
This simplifies the g_lock implementation. The new implementation tries to
acquire a lock. If that fails due to a lock conflict, wait for the g_lock
record to change. Upon change, just try again. The old logic had to cope with
pending records and an ugly hack into ctdb itself. As a bonus, we now get a
really clean async g_lock_lock_send/recv that can asynchronously wait for a
global lock. This would have been almost impossible to do without the
dbwrap_record_watch infrastructure.
For the notify cleanup process we have a notify context without a
messaging entry. We will never call notify_add/remove for this, but
the code should protect against this.
There is no need to call pdb_set_pass_must_change_time() because
nothing ever consults that value. It is always calculated from the
domain policy.
Also, this means we no longer store the value in LDAP. The value
would only ever be set when migrating from tdbsam or smbpasswd, not on
password changes, so would become incorrect over time.
Andrew Bartlett
In this case, the blob is already in memory, so it is easier to return the full
blob to the caller, and let the caller decide if some interface restriction
stops the full blob from being passed all the way up the stack.
This allows us to quickly write a python wrapper for this xattr storage
mechanism.
Andrew Bartlett
This will allow db_open_tdb() to be called from common code, which may
already have a loadparm context loaded.
It also slowly moves the lp_ctx up the stack, as required to remove
the library loop between smbconf and the registry.
Andrew Bartlett
From notify_internal.c:
/*
* The notify database is split up into two databases: One
* relatively static index db and the real notify db with the
* volatile entries.
*/
This change is necessary to make notify scale better in a cluster
This will help notify torture tests: A tevent barrier can be waited on with
tevent_barrier_wait_send/recv. The barrier is initialized with a number of
requests that it will accept waiting. When that number is reached, all those
requests will be released and their callback will be called. The barrier will
be free for re-use again.
This is a void* that represents a signal handler attached to some
custom tevent_context. This is necessary to make the tdb based
messaging infrastructure trigger its business when we are sitting in
tevent_loop_once for an event context that is not the main one in the
messaging context.
This is designed to spread the load on individual ctdb records to allow upper
layers to do backoff mechanisms. In the ctdb case, do not get the record if a
local lock is already taken. If we are not dmaster, do at most one migrate
attempt.
For the tdb case, this is a nonblocking fetch_locked. If someone else has the
lock, give up.
This is a caching layer for the notify database and potentially for the brlock
database. It caches the parse_record operation as long as the underlying seqnum
does not change.
Windows server doesn't set the SMB2_SESSION_FLAG_IS_GUEST nor
SMB2_SESSION_FLAG_IS_NULL flag.
This fix makes sure we don't try to verify a signature on the
final session setup response.
metze
sys/inotify.h was added to glibc 2.4 in 2006.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Apr 13 21:15:00 CEST 2012 on sn-devel-104
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Apr 13 02:23:36 CEST 2012 on sn-devel-104
This way we can't end up with a mismatch between outstanding events and the counter.
We may still have problems with canceling and not correctly freeing the aio
struct, but at least the counter won't get out of sync anymore.
fixed by Volker for vfs_aio_fork as ref 0aacdbfada.
From that change:
aio_suspend does not signal the main process with a signal, it just waits. The
aio_fork module does not use the signal at all, it directly calls back into the
main smbd by calling smbd_aio_complete_aio_ex. This is an abstraction
violation, but the alternative would have been to use signals where they are
not needed. However, in wait_for_aio_completion this bites us: With aio_fork we
call handle_aio_completed twice on the same aio_ex struct: Once from the call
to handle_aio_completion within the aio_fork module and once from the code in
wait_for_aio_completion.
Fix this differently here by not calling directly back into smbd,
but using a new function aio_linux_setup_returns() to setup the
return values that wait_for_aio_completion() in the main smbd
will pick up by calling handle_aio_completd().
The remaining gssapi_parse functions were used exclusively in
gensec_krb5. Move them there and make them static.
Signed-off-by: Andreas Schneider <asn@samba.org>
This is clearly a utiliy function generic to gensec. Also the 3 callers
had identical implementations. Provide a generic implementation for all
of them and avoid duplicating the code everywhere.
Signed-off-by: Andreas Schneider <asn@samba.org>
if kernel oplocks are not enabled for that share, we can grant level2 oplocks
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Apr 11 22:45:21 CEST 2012 on sn-devel-104
We don't need to do a talloc here, we already have a long-lived
pointer we can pass in as the private data.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Apr 11 08:05:47 CEST 2012 on sn-devel-104
This isn't strictly required - this isn't a build break at the moment,
but is a good practice to directly depend on the major libraries we
use, and helps us to have more fine-grained rather than global
dependencies.
Andrew Bartlett
We've just talloc_asprintf'ed the fullpath, so talloc_get_size knows the
strlen.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Tue Apr 10 13:20:22 CEST 2012 on sn-devel-104
On platforms that don't have an RT signal space, signal initialization
fails. aio_fork and aio_pthread don't need the signal, so this would
block them from running as well.
The delete tokens are unique to each name hash representing a pathname,
if we don't correctly return here we'll add duplicate tokens for a
given pasname hash.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Apr 7 02:13:58 CEST 2012 on sn-devel-104
on a 32-bit system and defined as a long, then inside vfswrap_get_alloc_size()
we cast to a uint64_t. This sign-extends when converting to unsigned,
so if the high bit of st_ex_blksize is set we return insane values to clients.
Now that we always require a 64 bit off_t, we no longer need SMB_OFF_T.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Apr 6 01:47:43 CEST 2012 on sn-devel-104
(We also already use any other macro as set by getconf LFS_CFLAGS, and
the standard AC_SYS_LARGEFILE macro in libreplace).
This is instead of using the transitional *64 posix largefile API
Andrew Bartlett
Use correct check to see if veto files has been enabled. Even if not
set lp_veto_files() returns a valid string address (to a '\0' character).
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Apr 5 01:36:04 CEST 2012 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Apr 3 19:19:33 CEST 2012 on sn-devel-104
This removes the last user of ads_verify_ticket(), and means that we
only have one code path to verify an incoming krb5 (GSSAPI) ticket.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Otherwise, really simple clients (such as the current ntlm_auth gss-spnego client)
will not select krb5.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This imports the gensec handling code from the source4 ntlm_auth, which
will eventually be used for all the NTLMSSP and SPNEGO clients and servers
but which is only used for gss-spnego for now.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This is a module that, like vfs_xattr_tdb, stores extended attributes
in a DB on disk. This uses the format needed to support the
posix:eadb smb.conf option.
Andrew Bartlett
aio_suspend does not signal the main process with a signal, it just waits. The
aio_fork module does not use the signal at all, it directly calls back into the
main smbd by calling smbd_aio_complete_aio_ex. This is an abstraction
violation, but the alternative would have been to use signals where they are
not needed. However, in wait_for_aio_completion this bites us: With aio_fork we
call handle_aio_completed twice on the same aio_ex struct: Once from the call
to handle_aio_completion within the aio_fork module and once from the code in
wait_for_aio_completion.
This patch fixes it in a pretty bad way by introducing flag variables and more
state. But the mid-term plan is to replace the posix aio calls from the vfs and
do pread_send/recv and pwrite_send/recv at the vfs layer, so this will
significantly change anyway.
Thanks to Kirill Malkin <kirill.malkin@starboardstorage.com> for reporting this
crash!
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sat Mar 31 15:25:55 CEST 2012 on sn-devel-104
This removes a dependency on "struct notify_entry" and makes the nature of the
API more explicit. We depend upon the VFS module to mask out elements from
e->filter and e->subdir_filter that it took over to handle.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Mar 26 17:45:44 CEST 2012 on sn-devel-104