1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

162 Commits

Author SHA1 Message Date
Andreas Schneider
ab232ca77f waf: Use waf function to add for -Wl,--as-needed
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Sep 25 16:56:40 UTC 2019 on sn-devel-184
2019-09-25 16:56:39 +00:00
Björn Jacke
5ad629dcb9 wscript: avoid inefficient string concatenations
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2019-09-24 12:22:45 +00:00
David Disseldorp
f8e79be2c1 build: fix mandatory typo in zlib configure check
This ensures that waf correctly fails during configure if zlib is
missing.
msg can also be dropped as it matches the waf validate_cfg() default
(ignoring the quotes).

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 20 06:58:12 UTC 2019 on sn-devel-184
2019-08-20 06:58:12 +00:00
Andrew Bartlett
2b7224ab7c third_party: Remove zlib from third_party
We require zlib 1.2.3.

We stopped requring a patched zlib with 5631a1b9bc

As discussed on samba-technical here:

https://lists.samba.org/archive/samba-technical/2019-May/133476.html

In short, zlib contains some (old, now broken) crypto code that while not compiled
in Samba is best left out of our tarball to ease crypto audits.  It is also very
very out of date and is a slightly modified copy of something otherwise very
likely available on our supported host OSs.  It would be strange to say that
GnuTLS and dependencies are an acceptable burden to install but say zlib is
a step to far.

So it is removed from Samba's third_party with this commit.

The diff between zlib in Samba and official zlib 1.2.3 is included
in third_party/zlib/last-samba-from-1.2.3.diff

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2019-08-17 03:50:40 +00:00
Andreas Schneider
1fa3c9a3cc waf: Remove configure steps from source4/lib/tls
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-30 23:18:27 +00:00
Andreas Schneider
382d5908a4 waf: Add mandatory requirement for GnuTLS >= 3.2.0
We plan to move to GnuTLS for crypto in Samba, this is the first step to
make it mandatory and to require a version which is in LTS
distributions.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-30 23:18:26 +00:00
Andrew Bartlett
a574e8f517 build: Standardise on calling conf.SAMBA_CHECK_PYTHON() in libraries
We do this by removing the confusing mandatory option to
conf.SAMBA_CHECK_PYTHON{,_HEADERS}(), instead just use the value of
--disable-python internally

This follows the default minimum of Python 3.4 and keeps things consistent
with the main Samba build where --disable-python is required to skip building
python bindings.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-03-21 04:06:16 +00:00
Andrew Bartlett
a459650054 build: Remove manual specification of minimum python version
We now used the default of 3.4 from conf.SAMBA_CHECK_PYTHON()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-03-21 04:06:16 +00:00
Andrew Bartlett
760b176d86 build: Do not make python mandatory to build
Clearly we have python or else we would not be running, so this is about if
we have a new enough version.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-03-21 04:06:15 +00:00
Stefan Metzmacher
8061983d48 wscript: separate embedded_heimdal from system_heimdal
This allows to default (embedded_heimdal) to build even with a
broken krb5-config file from Heimdal.

In the system_heimdal case we parse the content of krb5-config
instead of just executing it. This fails on FreeBSD 12 as
krb5-config contains iso-8859-1 characters, which can't be parsed
as unicode python buffers when using python3.

Fixing the system_heimdal case is a task for another day,
I guess it will only work once we imported a current heimdal version
and actually tested the system_heimdal case.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-01-29 22:09:07 +01:00
Ralph Boehme
991ca9b564 Revert "pthreadpool: add some lockless coordination between the main and job threads"
This reverts commit 9656b8d8ee.

See the discussion in

https://lists.samba.org/archive/samba-technical/2018-December/131731.html

for the reasoning behind this revert.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-01-11 23:11:14 +01:00
Swen Schillig
dfbfb7eb94 waf: Utils package not defined
Fix the package name for the WafError routine.

Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Dec  4 18:45:38 CET 2018 on sn-devel-144
2018-12-04 18:45:38 +01:00
Andrew Bartlett
07c49d25cd CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental
This matches https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13678

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-11-28 08:22:24 +01:00
Noel Power
47634a25a0 PY3: We support python3 now, remove error when python3 detected
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-28 01:01:23 +02:00
Philipp Gesang
c98f997192 turn --with-json-audit into global --with-json
Fold the build option --with-json-audit into the toplevel wscript
to reflect the fact that JSON support is no longer local to the
audit subsystem.

Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-26 20:41:07 +02:00
Alexander Bokovoy
699977a2e7 wscript: adopt to waf 2.0
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-05 06:37:26 +02:00
Alexander Bokovoy
2e401d2475 wscript: adopt to waf-2.0
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-05 06:37:26 +02:00
Alexander Bokovoy
c73b7795b8 wscript: update to handle waf 2.0.4
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-05 06:37:25 +02:00
Thomas Nagy
5d99786151 build:wafsamba: Update dist/distcheck commands
Signed-off-by: Thomas Nagy <tnagy@waf.io>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-05 06:37:21 +02:00
Thomas Nagy
8077f462c9 build:wafsamba: Build on waf 1.9
Signed-off-by: Thomas Nagy <tnagy@waf.io>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-05 06:37:21 +02:00
Volker Lendecke
ffa1c040c6 examples: Add winexe re-implemented on current Samba libs
winexe from https://sourceforge.net/projects/winexe/ is a project
based on Samba libraries from 2012. According to the winexe git
repository the last Samba commit winexe was updated to is 47bbf9886f
from November 6, 2012. As winexe uses unpublished Samba internal
libraries, it broke over time.

This is a port of the winexe functionality to more modern Samba
versions. It still uses internal APIs, but it being part of the tree
means that it is much easier to keep up to date.

The Windows service files were taken literally from the original
winexe from the sourceforge git. Andrzej Hajda chose GPLv3 only and
not GPLv3+. As GPL evolves very slowly, this should not be a practical
problem for quite some time.

To build it under Linux, you need mingw binaries on your build
system. Under Debian stretch, the package names are gcc-mingw-w64 and
friends.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 28 02:03:07 CEST 2018 on sn-devel-144
2018-08-28 02:03:07 +02:00
Andreas Schneider
8479401b02 lib: Add support to parse MS Catalog files
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug  9 19:57:02 CEST 2018 on sn-devel-144
2018-08-09 19:57:02 +02:00
Stefan Metzmacher
9656b8d8ee pthreadpool: add some lockless coordination between the main and job threads
In the direction from the main process to the job thread, we have:

- 'maycancel', which is set when tevent_req_cancel() is called,
- 'orphaned' is the job request, tevent_context or pthreadpool_tevent
  was talloc_free'ed.

The job function can consume these by using:

   /*
    * return true - if tevent_req_cancel() was called.
    */
   bool pthreadpool_tevent_current_job_canceled(void);

   /*
    * return true - if talloc_free() was called on the job request,
    * tevent_context or pthreadpool_tevent.
    */
   bool pthreadpool_tevent_current_job_orphaned(void);

   /*
    * return true if canceled and orphaned are both false.
    */
   bool pthreadpool_tevent_current_job_continue(void);

In the other direction we remember the following points
in the job execution:

- 'started'  - set when the job is picked up by a worker thread
- 'executed' - set once the job function returned.
- 'finished' - set when pthreadpool_tevent_job_signal() is entered
- 'dropped'  - set when pthreadpool_tevent_job_signal() leaves with orphaned
- 'signaled' - set when pthreadpool_tevent_job_signal() leaves normal

There're only one side writing each element,
either the main process or the job thread.

This means we can do the coordination with a full memory
barrier using atomic_thread_fence(memory_order_seq_cst).
lib/replace provides fallbacks if C11 stdatomic.h is not available.

A real pthreadpool requires pthread and atomic_thread_fence() (or an
replacement) to be available, otherwise we only have pthreadpool_sync.c.
But this should not make a real difference, as at least
__sync_synchronize() is availabe since 2005 in gcc.
We also require __thread which is available since 2002.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-07-24 17:38:26 +02:00
Christof Schmitt
5c58ccba71 wscript: Add --with-system-heimdalkrb5
Add the configure option --with-system-heimdalkrb5 to build Samba
explicitly with a system Heimdal kerberos library. This does the same as
the more complicated syntax

--bundled-libraries='!heimdal,!asn1,!com_err,!roken,!hx509,!wind,!gssapi,!hcrypto,!krb5,!heimbase,!asn1_compile,!compile_et,!kdc,!hdb,!heimntlm'

and it also enforces the conflicts with MIT Kerbros and the AD DC
build.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 11 05:18:59 CEST 2018 on sn-devel-144
2018-07-11 05:18:59 +02:00
Andrew Bartlett
5bb60e2dd7 build: Move --without-json-audit and json lib detection to lib/audit_logging
This is the common location of the audit logging code now

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-06-25 23:01:20 +02:00
Ralph Boehme
8649e21665 Add a wrapper script as git pre-commit hook
When developer mode is enabled, the wrapper script
"script/git-hooks/pre-commit-hook" gets installed as

  .git/hooks/pre-commit

and calls "script/git-hooks/pre-commit-script".

This way we can later modify the "script/git-hooks/pre-commit-script"
without the need to ever change the installed commit hook itself.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Jeremy Allison <jra at samba.org>
2018-04-26 01:09:27 +02:00
Björn Baumbach
cc1eed99bd build: add option to choose to build with or without JSON audit support
Add a new configure option:

  --with-json-audit
            Build with JSON auth audit support (default=auto). This requires
	    the jansson devel package.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master):  <bbaumbach@samba.org>
Autobuild-Date(master): Wed Apr 18 15:25:42 CEST 2018 on sn-devel-144
2018-04-18 15:25:42 +02:00
Aurelien Aptel
080d590de1 packaging: add configure option to preprocess and install systemd files
Turn the systemd service files under packaging into template (.in) files
with @VAR@ substitutions and add configure options to install and tweak
them.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-01-08 03:34:18 +01:00
Stefan Metzmacher
2abb55b735 docs-xml: autogenerate a doc.version XML entity.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9531

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-12-13 13:20:08 +01:00
Christof Schmitt
8e17be1c3d wscript: Add check for --wrap linker flag
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-12-08 09:43:12 +01:00
Andreas Schneider
8635465d77 build: Move pam_wrapper to third_party
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-11-25 10:14:13 +01:00
Andreas Schneider
6fbc8b810e build: Move uid_wrapper to third_party
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-11-25 10:14:13 +01:00
Andreas Schneider
ac65070490 build: Move resolv_wrapper to third_party
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-11-25 10:14:13 +01:00
Andreas Schneider
5d2b5e9848 build: Move nss_wrapper to third_party
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-11-25 10:14:13 +01:00
Andreas Schneider
22bf36c85a build: Move socket_wrapper to third_party
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-11-25 10:14:13 +01:00
Jeremy Allison
5f87a05aa3 lib: crypto: Add the ability to select Intel AESNI instruction set at configure time.
Add --accel-aes=[none|intelaesni] to select.
Default is none.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-09-07 02:01:08 +02:00
Andreas Schneider
25ef27b2e6 waf: Only build unit tests with selftest enabled
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12877

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2017-07-05 17:54:10 +02:00
Anoop C S
7b50dddb32 wscript: Fix some typos
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun  6 05:26:37 CEST 2017 on sn-devel-144
2017-06-06 05:26:36 +02:00
Andreas Schneider
fecbc81c60 waf: Create kerberos_implementation.py for provisioning
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:11 +02:00
Andreas Schneider
6d19a66cf8 waf: Do not disable the ntvfs fileserver when we have MIT DC build
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:09 +02:00
Andreas Schneider
b5a67b9d24 waf: Check for MIT KDC binary
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:09 +02:00
Andreas Schneider
a0464e3f87 waf: Require MIT Kerberos 1.15.1 for Samba AD
Are build without AD DC still only requried MIT Kerberos 1.9.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:08 +02:00
Andreas Schneider
63698da6e2 waf: Only build pam_wrapper if we build with pam
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-04-12 12:54:24 +02:00
Andreas Schneider
94b7672d48 third_party: Add cmocka 1.1.1
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Apr 10 11:38:13 CEST 2017 on sn-devel-144
2017-04-10 11:38:13 +02:00
Andreas Schneider
a46566ea5e lib: Add pam_wrapper 1.0.3
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-04-07 10:32:13 +02:00
Gary Lockyer
387eb18a1c auth_log: Add JSON logging of Authorisation and Authentications
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Pair-Programmed: Andrew Bartlett <abartlet@samba.org>
2017-03-29 02:37:27 +02:00
Ian Stakenvicius
7d5db90850 waf: disable-python - configuration adjustments
Adjust configuration to accomodate when --disable-python is set:

- Error when AD-DC is still enabled (and others later as needed)

- Set mandatory=false on SAMBA_CHECK_PYTHON_HEADERS

Signed-off-by: Ian Stakenvicius <axs@gentoo.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-03-10 07:31:12 +01:00
Amitay Isaacs
a9211ec286 build: Fix generation of CTDB manpages while creating tarball
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12595

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Feb 23 19:25:11 CET 2017 on sn-devel-144
2017-02-23 19:25:11 +01:00
Matthieu Patou
dd25d75b96 Move pthreadpool to top of the tree.
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-02-09 20:04:12 +01:00
Andreas Schneider
7585aa6c8f testsuite: Add cmocka unit test for smb_krb5_kt_open()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 16 05:43:12 CET 2016 on sn-devel-144
2016-12-16 05:43:10 +01:00