1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

138680 Commits

Author SHA1 Message Date
Stefan Metzmacher
75fe450f98 s3:smbd: split out apply_new_nt_acl() helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
30ddbe4611 lib/util: let server_id_str_buf_unique() use server_id_buf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
20431cc622 lib/util: split out server_id_from_string_ex allow the unique delimiter to be passed in
In future it also allows to specifiy another delemiter than '/'
in order to use the resulting buffer as part of a file/directory
name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
8695231403 lib/util: add server_id_str_buf_unique_ex() and allow the delimiter to be passed in
This way the server_id_str_buf() can just be a tiny wrapper using
'\0' as delemiter.

In future it also allows to specifiy another delemiter than '/'
in order to use the resulting buffer as part of a file/directory
name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
c815128caa lib/util: let server_id_str_buf() use PRIu32 and PRIu64
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
87aa3a46a3 lib/util: add a comment to struct server_id_buf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Stefan Metzmacher
f9d7a930f0 s4:torture/smb2: add smb2.create.mkdir-visible
This reproduces a race where one client creates
a directory and other clients see it before
the directory is fully setup including the correct
permissions and similar things.

We have a DENY ACE for SEC_DIR_ADD_FILE, which means
that files can't be created. This is set on
a base directory 'mkdir_visible'.

Then we have a lot of async loops trying to create
a file called 'mkdir_visible\dir\file_NR'. These loop
as fast as possible expecting OBJECT_PATH_NOT_FOUND,
because 'mkdir_visible\dir' is not there.

Then we send a create for 'mkdir_visible\dir' and
expect that to work.

This should turn the 'mkdir_visible\dir\file_NR' loop
into getting ACCESS_DENIED, because the
DENY ACE for SEC_DIR_ADD_FILE should be inherited
before 'mkdir_visible\dir' is visible to other clients.

Because of the complex steps in mkdir_internal(),
smbd allows the creation 'mkdir_visible\dir\file_NR',
as 'mkdir_visible\dir' is already visible after the
mkdirat(), before the DENY ACE is inherited.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Pavel Filipenský
ffc75c569c lib/param: Don't treat a missing include file as an error in handle_include().
Same fix as in commit 09d7690

'samba-tool domain provision -d10' fails if the included file does not
exist:

lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
Can't find include file /etc/samba/usershares.conf
pm_process() returned No
ERROR: Unable to load default file
  File "/usr/lib64/python3.12/site-packages/samba/netcmd/domain/provision.py", line 183, in run
    lp = sambaopts.get_loadparm()
         ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.12/site-packages/samba/getopt.py", line 282, in get_loadparm
    self._lp.load_default()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Aug 21 00:04:19 UTC 2024 on atb-devel-224
2024-08-21 00:04:18 +00:00
Martin Schwenke
578dfa5765 ctdb-scripts: Avoid flapping NFS services at startup
If an NFS service check is set to, say, unhealthy_after=2 then it will
always switch from the (default startup) unhealthy state to healthy,
even if there is a fatal problem.  If all services/scripts appear OK
then the node will become healthy.  When the counter hits the limit it
will return to unhealthy.  This is misleading.

Instead, never use the counter at startup, until the service becomes
healthy.  This stops services flapping unhealthy-healthy-unhealthy.

A side-effect is that a service that starts in a broken state will
never be restarted to try to fix the problem.  This makes sense.  The
counting and restarting really exist to deal with problems that might
occur under load.  The first monitor events occur before public IPs
are hosted, so there can be no load.  If a service doesn't start
reliably the first time then the admin probably wants to know about
it.

nfs_iterate_test() is updated to run an initial monitor event to mark
the services as healthy.  This initialises the counter so it can be
used for the important part of the test.  Passing the -i option avoids
running the extra monitor event, so the first iteration will be the
initial monitor event.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-08-20 22:50:34 +00:00
Martin Schwenke
18a29ed367 ctdb-scripts: Make initial statistics output empty
This makes initial failure to retrieve statistics less likely to
result in a statistics change.  To help with this, statistics
retrieval stderr now goes to the log - only stdout goes to the file.

This means that the test code for checking statistics changes needs to
be redone to actually run the statistics command and check.  As with
rpcinfo output, this output needs to behave as deterministically in
the test code as it done in the event script.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-08-20 22:50:34 +00:00
Martin Schwenke
032b7b49c9 ctdb-scripts: Only consider statistics on timeout
Checking statistics is only really relevant to timeouts.  That is, if
an rpcinfo times out it is worth checking if the service making
progress.  If the RPC service is not registered then the statistics
don't need to be checked because they shouldn't be changing.

The 2 previously added tests added to check statistics progress now
behave identically and fail on all iterations.  To support testing
with "timeouts", an optional TIMEOUT flag can now be added to the RPC
service passed to nfs_iterate_test().  2 new tests are added to
exercise the new behaviour.

The 2 new "if" statements in nfs_iterate_test() could be combined.
However, a subsequent commit would split them and would be more
difficult to read.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-08-20 22:50:34 +00:00
Martin Schwenke
f7a96deafa ctdb-tests: Make _rpc_service_up() and _rpc_services_down() internal
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-08-20 22:50:34 +00:00
Martin Schwenke
0919701a68 ctdb-tests: Make NFS RPC monitoring tests consistent
Update the remaining RPC monitoring tests to use nfs_iterate_test(),
depending on it to set results.  This makes all RPC monitoring tests
consistent, so they will all benefit from future improvements.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-08-20 22:50:34 +00:00
Martin Schwenke
47c33a2442 ctdb-tests: Drop unnecessarily "else"
Doing this in a previous commit would have made it more difficult to
read that commit.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-08-20 22:50:34 +00:00
Martin Schwenke
8b2f228198 ctdb-tests: Replace implicit healthy behaviour with early exits
The early exits from the sub-shell make the obvious successes much
more obvious, and slightly simplify the code that follows.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-08-20 22:50:34 +00:00
Martin Schwenke
a522864138 ctdb-tests: Simplify handling of statistics change
Handling this across two different functions led to insanity, so
simplify.

The handling of unhealthy_after when $_numfails = 0 implicitly causes
the node to be healthy.  This is how the "rpcinfo succeeds" case
works.  Doing it this way for statistics makes this patch easier to
read.  The implicit behaviour will go away in the next patch.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-08-20 22:50:34 +00:00
Martin Schwenke
084a69d552 ctdb-tests: Move result check to rpc_set_service_failure_response()
The current structure here is wrong and repetitive.  Checking rpcinfo
result and determining output should be in the same place.

Failure counting is now contained in
rpc_set_service_failure_response(), but needs a file to survive the
sub-shell.

Don't attempt to combine and simplify code yet.  That would make this
commit harder to review.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-08-20 22:50:34 +00:00
Martin Schwenke
4754001200 ctdb-tests: Initialise return code file
The output file is initialised, so doesn't need to be created on
success.  Treat the return code file the same way.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-08-20 22:50:34 +00:00
Martin Schwenke
833deb067d ctdb-tests: Add function rpc_failure() to log failures and warnings
Improves readability, makes future changes easier.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-08-20 22:50:34 +00:00
Martin Schwenke
1d9661d587 ctdb-tests: Argument 3 to nfs_iterate_test() is up iteration
Nothing more complex is ever done, so we might as well simplify and
reduce coupling.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-08-20 22:50:34 +00:00
Martin Schwenke
7c5e708001 ctdb-tests: nfs_iterate_test() marks RPC service down
If an RPC service is given, it is automatically marked down.  This
avoids repetition in test cases and loosens coupling.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2024-08-20 22:50:34 +00:00
Martin Schwenke
8edb1fd13c ctdb-tcp: Remove a use of ctdb_addr_to_str()
This one is in a rarely used error path, so call a function that
talloc()s the string instead.

Again, this will also print the port, which might be useful if we ever
add the ability to also specify ports in the nodes list.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Aug 20 14:24:14 UTC 2024 on atb-devel-224
2024-08-20 14:24:14 +00:00
Martin Schwenke
afaf151193 ctdb-tcp: Consolidate failure code
Same thing several times, so change to common failure code.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-08-20 13:06:33 +00:00
Martin Schwenke
f7aac2f755 ctdb-tcp: Use already constructed node name
Node has been found, so use the pre-constructed name instead of
calling ctdb_addr_to_str().

This will also print the port, which might be useful if we ever add
the ability to also specify ports in the nodes list.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-08-20 13:06:33 +00:00
Martin Schwenke
02c9e7a63f ctdb-tcp: Use path_rundir_append() to construct lock_path
The current constant value doesn't respect CTDB_TEST_MODE/CTDB_BASE.
Instead use the path module to allow automatic listening in test mode
with local daemons.

A single node can be tested with local daemons, using something like:

  $ tests/local_daemons.sh foo setup -n 1 -C "node address"
  $ grep "node address" foo/node.0/ctdb.conf
      # node address = 127.0.0.1
  $ tests/local_daemons.sh foo start all
  $ tests/local_daemons.sh foo print-log 0 | grep -i chose
  ... node.0 ctdbd[24546]: ctdb chose network address 127.0.0.1:4379

The trick is that commenting out the node address in ctdb.conf means
the chosen node address is the first one from the nodes file that
allows bind/listen.  In this case it is the only line.

The following ensures that automatic listening works for a node that
isn't the first:

  $ cat >mynodes
  192.168.1.1
  127.0.0.1
  $ tests/local_daemons.sh foo setup -n 2 -N mynodes -C "node address"
  $ grep "node address" foo/node.1/ctdb.conf
      # node address = 127.0.0.1
  $ tests/local_daemons.sh foo start 1
  $ tests/local_daemons.sh foo print-log 1 | grep -i chose
  [...] node.1 ctdbd[22787]: ctdb chose network address 127.0.0.1:4379

Note that the first address isn't local on this host, so will always
fail.

So, doing the above and starting both nodes yields...

  ...
  $ tests/local_daemons.sh foo start 1
  $ sleep 3; tests/local_daemons.sh foo start 0
  $ tests/local_daemons.sh foo print-log all | grep -i 'chose\|bind'
  [...] node.1 ctdbd[26351]: ctdb chose network address 127.0.0.1:4379
  [...] node.0 ctdbd[26438]: ctdb_tcp_listen_addr: Failed to bind() to socket - Address already in use (98)
  [...] node.0 ctdbd[26438]: Unable to bind to any node address - giving up

... as expected.

It would be nice to add tests for this, but we don't really have
infrastructure for that.  At least manual testing shows, for the
obvious cases, the previous commits didn't break anything.  :-)

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-08-20 13:06:33 +00:00
Martin Schwenke
17959ccb4b ctdb-ib: Remove a use of ctdb_set_error()
Now the transport code is free of ctdb_set_error().

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-08-20 13:06:33 +00:00
Martin Schwenke
b433663414 ctdb-tcp: Factor out listening code to avoid repetition
Modernise debug and comments while here.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-08-20 13:06:33 +00:00
Martin Schwenke
2c75bb8687 ctdb-tcp: Use talloc_strdup() instead of repeating logic
The node name is already constructed when the nodes file is loaded, so
just copy the node name.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-08-20 13:06:33 +00:00
Martin Schwenke
f36f03172a ctdb-daemon: Remove a use of ctdb_errstr()
Code to setup the transport is about to be cleaned up, including
removing uses of ctdb_set_error(), so avoid logging a NULL pointer or
some other old error.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-08-20 13:06:33 +00:00
Volker Lendecke
a18c45046d libsmb: Remove cli_state->raw_status
All callers which looked at this are gone

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Aug 20 10:57:12 UTC 2024 on atb-devel-224
2024-08-20 10:57:12 +00:00
Volker Lendecke
bdedf5d0ee libsmb: Remove unused cli_is_error()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
8171a1ccd3 libsmb: Remove a call to cli_is_error()
We are already in the !NT_STATUS_IS_OK if-branch, so this call was
redundant

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
e071ec1ffe libsmb: Remove unused cli_errno()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
e43a05ee3b libsmb: Don't set errno in cli_NetServerEnum()
No caller looks at it, and if someone should ever want to return a
more informative error, we now have NTSTATUS

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
2d361cc103 libsmb: Convert cli_NetServerEnum() to return NTSTATUS
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
b9c018d17e libsmb: Remove a reference to cli_errno()
If I see it correctly, this case was already covered by checking the
return code of cli_trans() a few lines above.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
16c31fe804 libsmb: Remove unused cli_nt_error()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
ac5713f3b2 libsmb: Make cli_api() static to clirap2.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
e02e6f28a9 torture3: Convert run_randomipc() away from cli_api()
Not that it matters much, but I want to make cli_api() static in
clirap2.c.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
ee174fb050 libsmb: Convert cli_NetServerEnum() away from cli_api()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
c58ff4367a libsmb: Convert cli_RNetShareEnum() to NTSTATUS
Avoid a call to cli_nt_error()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
9812f87268 libsmb: Convert cli_RNetShareEnum() away from cli_api()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
7681007738 libsmb: Reduce indentation in cli_RNetShareEnum()
Use a "goto done", review with "git show -b"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
b1d5b8ef23 libsmb: Convert cli_oem_change_password() to NTSTATUS
Remove a few calls to cli_nt_error()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
40e2fdfc6b libsmb: Simplify smb1cli_trans_recv()
tevent_req_received() called below takes care of this

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
fd9a0dc9a9 libsmb: Remove a pointless variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
cf61617198 utils: Fix "net rap password" return code
cli_oem_change_password() returns a bool, net_rap_password must return
0 for success

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
78a1e2817d libsmb: Fix cli_oem_change_password()
"(rdrcnt < 2)" was wrong, we don't look at rdata but at rparam. Use
"min_rparam" to cli_trans and the fact that if that succeeds "rparam"
is not NULL.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:40 +00:00
Volker Lendecke
86cc6f59cf libsmb: Convert cli_oem_change_password() away from cli_api()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:39 +00:00
Volker Lendecke
4f3a6dc8b0 samr: Avoid a "ret == false" for a bool
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-08-20 09:34:39 +00:00