1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

153 Commits

Author SHA1 Message Date
Stefan Metzmacher
8061983d48 wscript: separate embedded_heimdal from system_heimdal
This allows to default (embedded_heimdal) to build even with a
broken krb5-config file from Heimdal.

In the system_heimdal case we parse the content of krb5-config
instead of just executing it. This fails on FreeBSD 12 as
krb5-config contains iso-8859-1 characters, which can't be parsed
as unicode python buffers when using python3.

Fixing the system_heimdal case is a task for another day,
I guess it will only work once we imported a current heimdal version
and actually tested the system_heimdal case.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-01-29 22:09:07 +01:00
Ralph Boehme
991ca9b564 Revert "pthreadpool: add some lockless coordination between the main and job threads"
This reverts commit 9656b8d8ee.

See the discussion in

https://lists.samba.org/archive/samba-technical/2018-December/131731.html

for the reasoning behind this revert.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-01-11 23:11:14 +01:00
Swen Schillig
dfbfb7eb94 waf: Utils package not defined
Fix the package name for the WafError routine.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Dec  4 18:45:38 CET 2018 on sn-devel-144
2018-12-04 18:45:38 +01:00
Andrew Bartlett
07c49d25cd CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental
This matches https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13678

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-28 08:22:24 +01:00
Noel Power
47634a25a0 PY3: We support python3 now, remove error when python3 detected
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-28 01:01:23 +02:00
Philipp Gesang
c98f997192 turn --with-json-audit into global --with-json
Fold the build option --with-json-audit into the toplevel wscript
to reflect the fact that JSON support is no longer local to the
audit subsystem.

Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-26 20:41:07 +02:00
Alexander Bokovoy
699977a2e7 wscript: adopt to waf 2.0
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-05 06:37:26 +02:00
Alexander Bokovoy
2e401d2475 wscript: adopt to waf-2.0
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-05 06:37:26 +02:00
Alexander Bokovoy
c73b7795b8 wscript: update to handle waf 2.0.4
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-05 06:37:25 +02:00
Thomas Nagy
5d99786151 build:wafsamba: Update dist/distcheck commands
Signed-off-by: Thomas Nagy <tnagy@waf.io>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-05 06:37:21 +02:00
Thomas Nagy
8077f462c9 build:wafsamba: Build on waf 1.9
Signed-off-by: Thomas Nagy <tnagy@waf.io>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-05 06:37:21 +02:00
Volker Lendecke
ffa1c040c6 examples: Add winexe re-implemented on current Samba libs
winexe from https://sourceforge.net/projects/winexe/ is a project
based on Samba libraries from 2012. According to the winexe git
repository the last Samba commit winexe was updated to is 47bbf9886f
from November 6, 2012. As winexe uses unpublished Samba internal
libraries, it broke over time.

This is a port of the winexe functionality to more modern Samba
versions. It still uses internal APIs, but it being part of the tree
means that it is much easier to keep up to date.

The Windows service files were taken literally from the original
winexe from the sourceforge git. Andrzej Hajda chose GPLv3 only and
not GPLv3+. As GPL evolves very slowly, this should not be a practical
problem for quite some time.

To build it under Linux, you need mingw binaries on your build
system. Under Debian stretch, the package names are gcc-mingw-w64 and
friends.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 28 02:03:07 CEST 2018 on sn-devel-144
2018-08-28 02:03:07 +02:00
Andreas Schneider
8479401b02 lib: Add support to parse MS Catalog files
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug  9 19:57:02 CEST 2018 on sn-devel-144
2018-08-09 19:57:02 +02:00
Stefan Metzmacher
9656b8d8ee pthreadpool: add some lockless coordination between the main and job threads
In the direction from the main process to the job thread, we have:

- 'maycancel', which is set when tevent_req_cancel() is called,
- 'orphaned' is the job request, tevent_context or pthreadpool_tevent
  was talloc_free'ed.

The job function can consume these by using:

   /*
    * return true - if tevent_req_cancel() was called.
    */
   bool pthreadpool_tevent_current_job_canceled(void);

   /*
    * return true - if talloc_free() was called on the job request,
    * tevent_context or pthreadpool_tevent.
    */
   bool pthreadpool_tevent_current_job_orphaned(void);

   /*
    * return true if canceled and orphaned are both false.
    */
   bool pthreadpool_tevent_current_job_continue(void);

In the other direction we remember the following points
in the job execution:

- 'started'  - set when the job is picked up by a worker thread
- 'executed' - set once the job function returned.
- 'finished' - set when pthreadpool_tevent_job_signal() is entered
- 'dropped'  - set when pthreadpool_tevent_job_signal() leaves with orphaned
- 'signaled' - set when pthreadpool_tevent_job_signal() leaves normal

There're only one side writing each element,
either the main process or the job thread.

This means we can do the coordination with a full memory
barrier using atomic_thread_fence(memory_order_seq_cst).
lib/replace provides fallbacks if C11 stdatomic.h is not available.

A real pthreadpool requires pthread and atomic_thread_fence() (or an
replacement) to be available, otherwise we only have pthreadpool_sync.c.
But this should not make a real difference, as at least
__sync_synchronize() is availabe since 2005 in gcc.
We also require __thread which is available since 2002.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-07-24 17:38:26 +02:00
Christof Schmitt
5c58ccba71 wscript: Add --with-system-heimdalkrb5
Add the configure option --with-system-heimdalkrb5 to build Samba
explicitly with a system Heimdal kerberos library. This does the same as
the more complicated syntax

--bundled-libraries='!heimdal,!asn1,!com_err,!roken,!hx509,!wind,!gssapi,!hcrypto,!krb5,!heimbase,!asn1_compile,!compile_et,!kdc,!hdb,!heimntlm'

and it also enforces the conflicts with MIT Kerbros and the AD DC
build.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 11 05:18:59 CEST 2018 on sn-devel-144
2018-07-11 05:18:59 +02:00
Andrew Bartlett
5bb60e2dd7 build: Move --without-json-audit and json lib detection to lib/audit_logging
This is the common location of the audit logging code now

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-06-25 23:01:20 +02:00
Ralph Boehme
8649e21665 Add a wrapper script as git pre-commit hook
When developer mode is enabled, the wrapper script
"script/git-hooks/pre-commit-hook" gets installed as

  .git/hooks/pre-commit

and calls "script/git-hooks/pre-commit-script".

This way we can later modify the "script/git-hooks/pre-commit-script"
without the need to ever change the installed commit hook itself.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Jeremy Allison <jra at samba.org>
2018-04-26 01:09:27 +02:00
Björn Baumbach
cc1eed99bd build: add option to choose to build with or without JSON audit support
Add a new configure option:

  --with-json-audit
            Build with JSON auth audit support (default=auto). This requires
	    the jansson devel package.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master):  <bbaumbach@samba.org>
Autobuild-Date(master): Wed Apr 18 15:25:42 CEST 2018 on sn-devel-144
2018-04-18 15:25:42 +02:00
Aurelien Aptel
080d590de1 packaging: add configure option to preprocess and install systemd files
Turn the systemd service files under packaging into template (.in) files
with @VAR@ substitutions and add configure options to install and tweak
them.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-01-08 03:34:18 +01:00
Stefan Metzmacher
2abb55b735 docs-xml: autogenerate a doc.version XML entity.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9531

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-12-13 13:20:08 +01:00
Christof Schmitt
8e17be1c3d wscript: Add check for --wrap linker flag
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-12-08 09:43:12 +01:00
Andreas Schneider
8635465d77 build: Move pam_wrapper to third_party
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-11-25 10:14:13 +01:00
Andreas Schneider
6fbc8b810e build: Move uid_wrapper to third_party
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-11-25 10:14:13 +01:00
Andreas Schneider
ac65070490 build: Move resolv_wrapper to third_party
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-11-25 10:14:13 +01:00
Andreas Schneider
5d2b5e9848 build: Move nss_wrapper to third_party
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-11-25 10:14:13 +01:00
Andreas Schneider
22bf36c85a build: Move socket_wrapper to third_party
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-11-25 10:14:13 +01:00
Jeremy Allison
5f87a05aa3 lib: crypto: Add the ability to select Intel AESNI instruction set at configure time.
Add --accel-aes=[none|intelaesni] to select.
Default is none.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-09-07 02:01:08 +02:00
Andreas Schneider
25ef27b2e6 waf: Only build unit tests with selftest enabled
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12877

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-07-05 17:54:10 +02:00
Anoop C S
7b50dddb32 wscript: Fix some typos
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun  6 05:26:37 CEST 2017 on sn-devel-144
2017-06-06 05:26:36 +02:00
Andreas Schneider
fecbc81c60 waf: Create kerberos_implementation.py for provisioning
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:11 +02:00
Andreas Schneider
6d19a66cf8 waf: Do not disable the ntvfs fileserver when we have MIT DC build
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:09 +02:00
Andreas Schneider
b5a67b9d24 waf: Check for MIT KDC binary
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:09 +02:00
Andreas Schneider
a0464e3f87 waf: Require MIT Kerberos 1.15.1 for Samba AD
Are build without AD DC still only requried MIT Kerberos 1.9.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:08 +02:00
Andreas Schneider
63698da6e2 waf: Only build pam_wrapper if we build with pam
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-04-12 12:54:24 +02:00
Andreas Schneider
94b7672d48 third_party: Add cmocka 1.1.1
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Apr 10 11:38:13 CEST 2017 on sn-devel-144
2017-04-10 11:38:13 +02:00
Andreas Schneider
a46566ea5e lib: Add pam_wrapper 1.0.3
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-04-07 10:32:13 +02:00
Gary Lockyer
387eb18a1c auth_log: Add JSON logging of Authorisation and Authentications
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Pair-Programmed: Andrew Bartlett <abartlet@samba.org>
2017-03-29 02:37:27 +02:00
Ian Stakenvicius
7d5db90850 waf: disable-python - configuration adjustments
Adjust configuration to accomodate when --disable-python is set:

- Error when AD-DC is still enabled (and others later as needed)

- Set mandatory=false on SAMBA_CHECK_PYTHON_HEADERS

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-03-10 07:31:12 +01:00
Amitay Isaacs
a9211ec286 build: Fix generation of CTDB manpages while creating tarball
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12595

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Feb 23 19:25:11 CET 2017 on sn-devel-144
2017-02-23 19:25:11 +01:00
Matthieu Patou
dd25d75b96 Move pthreadpool to top of the tree.
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-02-09 20:04:12 +01:00
Andreas Schneider
7585aa6c8f testsuite: Add cmocka unit test for smb_krb5_kt_open()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 16 05:43:12 CET 2016 on sn-devel-144
2016-12-16 05:43:10 +01:00
Volker Lendecke
3b97211d18 examples: Add smb2mount
This is an incomplete playground to add a fuse client based on
the Samba-internal libsmb interfaces.

There's a few fuse smb clients out there, but they all suffer from
Samba not exporting the async internal libsmb interfaces.

We don't export those with an API, because we believe we need the ability
to mess with those interfaces. This is an attempt to create a fully
asynchronous user-space fuse client file system that might make it
easier to mess with fancy SMB features than it would be possible in
a kernel client.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2016-10-14 21:45:08 +02:00
Stefan Metzmacher
81190f910a s4:dsdb/samdb: add configure checks for libgpgme
This will be used to store the cleartext utf16 password
GPG encrypted as 'Primary:SambaGPG' in the
supplementalCredentials attribute.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-07-22 16:03:27 +02:00
Andreas Schneider
7feb650a37 wscript: Build the KDC code if we have the AD DC build enabled
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-17 04:32:28 +01:00
Michael Adam
1862aa6c25 build: detect support for ethtool
Pair-Programmed-With: Anoop C S <anoopcs@redhat.com>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-01-26 07:33:16 +01:00
Andrew Bartlett
71dcc76b70 build: Enable NTVFS file server to be omitted
We now only build it by default with --enable-sefltest, or otherwise
if requested.

The NTVFS file server still has features not present in the smbd file
server, such as a CIFS/SMB proxy, and a radically different design,
but it is also not undergoing any ongoing development so this keeps it
in a safe state for care and maintaince, with less of a security risk
if such an issue were to come up.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-10-23 22:27:30 +02:00
Thomas Nagy
71a168eb2b build:wafsamba: Set the default installation prefix for Waf 1.8
These changes enable the default installation prefix settings to
take effect in both Waf 1.5 and 1.8 with no additional code changes.

Signed-off-by: Thomas Nagy <tnagy@waf.io>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-09-29 11:59:20 +02:00
Björn Jacke
b0f41c07ff build: use as-needed linker flag also on OpenBSD
OpenBSD is unusable with binaries with many superfluous libs linked in.
samba-tool start times of 250 seconds without as-needed vs. 1.4 seconds with
as-needed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11355

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Ralph Böhme <rb@sernet.de>

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Sep 11 03:37:17 CEST 2015 on sn-devel-104
2015-09-11 03:37:17 +02:00
Thomas Nagy
21f98e58da Remove PYTHONDIR and PYTHONARCHDIR in a single place 2015-06-26 02:10:12 +02:00
Jelmer Vernooij
5e0821201c Make waf fail if submodules are out of date.
Instead, suggest the user run 'git submodule update'.

This should prevent users from accidentally building Samba against
outdated or too new versions of the bundled third party libraries
after switching branches.

I've opted to make this an error rather than actually
running 'git submodule update' directly, as the latter could
cause unpredictable behaviour. If we find that manually updating
submodules is too cumbersome, we can always change this. The normal mode
of operation for developers should not involve any submodules at all,
but system versions of these libraries.

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-19 19:28:19 +02:00