IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Even though GET would work as well, only adding POST, as that's the only method
that's going to be exersized in code and tests (RPC mdssvc elasticsearch
backend).
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@suse.de>
Works, tested with
$ bin/smbtorture -W RIVERSIDE --realm=RIVERSIDE.SITE -s /dev/null \
-U Administrator%Passw0rd \
ncacn_http:10.10.11.164[HttpProxy=10.10.11.164:593,HttpUseTls=false,HttpAuthOption=basic,HttpConnectOption=UseHttpProxy] \
rpc.epmapper.epmapper.Lookup_simple
I get an ACCESS_DENIED error, but I get it over HTTP. :)
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@suse.de>
This is only used by the implemementation of http_send_request_send/recv, no
need to have this in the header file.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@suse.de>
This is only used by the implemementation of http_send_request_send/recv, no
need to have this in the header file.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@suse.de>
My FreeBSD install does not have __compar_fn_t. libreplace has the
QSORT_CAST for systems that do.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This made Message.deregister() a decref machine, with talloc crashes
and segfaults available thus:
from samba import messaging
m = messaging.Messaging()
for i in range(20):
m.deregister(m)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Try to make clear what is being done here, we are trying to count the partitions so that
we can then walk them in reverse.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 31 04:08:48 UTC 2019 on sn-devel-184
This is all strictly unnecessary, as ret is always != LDB_SUCCESS when
res is NULL, but we want to make peace between clang and converity.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
When joining a DC without DNS partitions, make sure that the alternate
flow of creating them afterwards results in a database with everything
that is necessary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14051
RN: Allow a DC join without DNS partitions, to add them later
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This ensures GnuTLS is used as the underlying RC4 crypto engine
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This allows the use of GnuTLS for the underlying RC4 crypto
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
There is no session key here, the buffers are directly encrypted
with the long-term passwords.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This allows the use of GnuTLS for the RC4 crypto operation
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This allows the use of GnuTLS for the RC4 crypto operation
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This allows the use of GnuTLS for the underlying RC4 crypto operations.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
In replmd_replicated_handle_rename().
The helper function was introduced two commits ago and consists of
a large common stretch of this and the function modified in the previous
commit.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 24 11:21:50 UTC 2019 on sn-devel-184
In replmd_op_possible_conflict_callback().
The helper function was introduced in the previous commit and consists
of a large common stretch of this and replmd_replicated_handle_rename().
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We currently do exactly this work, in exactly these words (ignoring
formatting) in two different places. The next two commits will make
those places use this helper function. We do this over three commits
so that we can more easily compare the next two and be sure they are
doing the same thing.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Unlock partition databases in the reverse order from which they were
acquired. This is separated from the previous commit for future
bisecting purposes, since the last commit was made to fix specific CI
failures, while this one is a speculative fix made based on code
inspection.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
A schema reading bug was traced to a lock ordering issue in partition.c.
This patch fixes the problem by:
1. Releasing locks/transactions in the order they were acquired.
2. Always lock/start_trans on metadata.tdb first, before any other
databases, and release it last, after all others. This is so that we are
never exposed to MDB's lock semantics, which we don't support.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Fixes:
source4/dsdb/common/util.c:3131:6: warning: Dereference of undefined pointer value <--[clang]
if (res->count < 1) {
^
/source4/dsdb/common/util.c:3207:6: warning: Dereference of undefined pointer value <--[clang]
if (res->count < 1) {
^~~~~~~~~~
source4/dsdb/common/util.c:4004:39: warning: Dereference of undefined pointer value <--[clang]
(*wkguid_dn) = talloc_steal(mem_ctx, res->msgs[0]->dn);
^
source4/dsdb/common/util.c:4191:35: warning: Dereference of undefined pointer value <--[clang]
ouv_value = ldb_msg_find_ldb_val(r->msgs[0], "replUpToDateVector");
source4/dsdb/common/util.c:5757:13: warning: 1st function call argument is an uninitialized value <--[clang]
same_nc = (ldb_dn_compare(source_nc, target_nc) == 0);
^
This fix also fixes the associated 'Access to field 'xyx' results in a
dereference of a null pointer' warnings that also will happen when this
is fixed
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed Jul 24 05:49:14 UTC 2019 on sn-devel-184
Fixes:
source4/dsdb/common/util.c:2125:4: warning: Value stored to 'cps_stdin' is never read <--[clang]
cps_stdin = -1;
^ ~~
source4/dsdb/common/util.c:2132:3: warning: Value stored to 'cps_stdin' is never read <--[clang]
cps_stdin = -1;
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Fixes:
source4/dsdb/common/util.c:2000:6: warning: Access to field 'count' results in a dereference of a null pointer (loaded from variable 'res') <--[clang]
if (res->count != 1) {
^~~
source4/dsdb/common/util.c:3281:28: warning: Access to field 'msgs' results in a dereference of a null pointer (loaded from variable 'res') <--[clang]
el = ldb_msg_find_element(res->msgs[0], attr);
^~~
source4/dsdb/common/util.c:3568:6: warning: Access to field 'count' results in a dereference of a null pointer (loaded from variable 'res') <--[clang]
if (res->count != 1 || ret != LDB_SUCCESS) {
^~~
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Fixes:
source4/dsdb/common/util.c:1964:18: warning: The left operand of '&' is a garbage value <--[clang]
return (options & DS_NTDSDSA_OPT_IS_GC) != 0;
~~~~~~~ ^
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Fixes:
source4/dsdb/common/util.c:1804:8: warning: 3rd function call argument is an uninitialized value <--[clang]
ret = samdb_reference_dn(ldb, mem_ctx, server_ref_dn, "rIDSetReferences", dn);
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Fixes:
source4/auth/kerberos/kerberos_util.c:645:3: warning: Value stored to 'code' is never read <--[clang]
code = 0;
^ ~
1 warning generated.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Fixes:
source4/auth/kerberos/kerberos_pac.c:116:2: warning: Value stored to 'ret' is never read <--[clang]
ret = smb_krb5_make_pac_checksum(mem_ctx,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Otherwise we get a segfault when the NULL creds are dereferenced in cli_credentials_is_anonymous()
$ python3 -c"from samba.dcerpc.dnsserver import dnsserver; d = dnsserver('addc')"
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 22 23:37:57 UTC 2019 on sn-devel-184
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Regression caused by 16596842a6
[MS-GPSB] 2.2 Message Syntax says that you have to write a BOM which I
didn't do up until this patch. UTF-16 as input encoding was marked much
higher up in the inheritance tree, which got overriden with the Python 3
fixes. I've now marked the encoding much more obviously for this file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14004
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Fri Jul 19 02:20:47 UTC 2019 on sn-devel-184
Fixes a memory leak where schema reference attached to ldb
instance is lost before it can be freed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14042
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Jul 17 06:17:10 UTC 2019 on sn-devel-184
Fixes:
source4/libcli/raw/clitree.c:138:3: warning: Value stored to 'p' is never read <--[clang]
p += smbcli_req_pull_string(&req->in.bufinfo, mem_ctx, &parms->tconx.out.fs_type,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Fixes:
source4/libcli/raw/rawnegotiate.c:157:11: warning: Value stored to 'status' during its initialization is never read <--[clang]
NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Fixes:
source4/libcli/smb_composite/fetchfile.c:91:11: warning: Value stored to 'status' during its initialization is never read <--[clang]
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Fixes:
source4/libcli/ldap/ldap_client.c:1023:6: warning: Access to field 'type' results in a dereference of a null pointer <--[clang]
if ((*msg)->type != type) {
^~~~~~~~~~~~
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Enable the prefork process model, for the echo server. This is allows
it to be used in the prefork_restart tests.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Extended DN requests seem to have been incorrectly handled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14029
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Thu Jul 11 05:25:26 UTC 2019 on sn-devel-184
Fixes:
source4/auth/gensec/gensec_gssapi.c:431:11: warning: Value stored to 'nt_status' during its initialization is never read <--[clang]
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
^~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Fixes:
source4/dsdb/common/util_trusts.c:2915:21: warning: Access to field 'sid' results in a dereference of a null pointer (loaded from field 'tdo') <--[clang]
d->di.domain_sid = d->tdo->sid;
^ ~~~
1 warning generated.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Following the python/C convention for checking vs non-checking
convertors.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
In the Python/C API, conversion functions which check the types of their arguments
have names like:
double PyFloat_AsDouble(PyObject *pyfloat);
while conversion macros that don't check have names like:
PyFloat_AS_DOUBLE(pyfloat)
The pyldb_Ldb_AsLdbContext() macro looks like one of the checking functions
but it actually isn't. This has fooled us more than once. Here we fork
the macro into two -- one which performs checks and keeps the camel
case, and one with a shouty name that keeps the check-free behaviour.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Don't call ldb_ldif_message_redacted_string when linked_attr_modify
fails. When joining a large domain this takes way to much time, in excess of 3
hours for a join on a 200k domain.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Jul 9 03:03:25 UTC 2019 on sn-devel-184
Fixes:
source4/dsdb/schema/schema_set.c:274:3: warning: Value stored to 'ret' is never read <--[clang]
ret = LDB_SUCCESS;
^ ~~~~~~~~~~~
source4/dsdb/schema/schema_set.c:327:3: warning: Value stored to 'ret' is never read <--[clang]
ret = LDB_SUCCESS;
^ ~~~~~~~~~~~
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Fixes:
source4/dsdb/schema/schema_info_attr.c:207:38: warning: Access to field 'revision' results in a dereference of a null pointer (loaded from variable 'schema_info') <--[clang]
if (schema->schema_info->revision > schema_info->revision) {
^~~~~~~~~~~
1 warning generated.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Allow to manually issue the FSCTL_ZERO_DATA call and verify the
state of the file in the file system.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows for manual testing of changing the sparse setting on a file
and verifying the flag in the file system.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If Samba was configured with "--nonshared-binary=winexe" to build
winexe as a static binary, and the replacement closefrom() function
was used (which is default on most GNU/Linux systems without the libbsd
development package installed), then winexe would fail to link with the
error message shown below.
[2631/3059] Linking bin/default/examples/winexe/winexe
source4/heimdal/lib/roken/closefrom.c.1.o: In function `rep_closefrom':
closefrom.c:(.text+0x0): multiple definition of `rep_closefrom'
lib/replace/closefrom.c.2.o:closefrom.c:(.text+0x292): first defined here
collect2: error: ld returned 1 exit status
The real problem here was not with the winexe build itself - that was
merely the application that I was attempting to build statically when I
encountered it. As Andrew Bartlett very helpfully pointed out to me, this
regression was introduced when "lib/replace/closefrom.c" was added in
commit 55529d0f and, more to the point, when the heimdal build started
using it in commit 3a7ebd0e. From that point on, any time that Samba's
embedded copy of heimdal was statically linked into an application, it
would fail to link because heimdal's own rep_closefrom() function in its
"roken" library would conflict with the rep_closefrom() function in the
"replace" library used elsewhere in Samba - a library which the "roken"
library itself depends on. To further compound the problem, heimdal's
own "roken" library is also compiled for the host (a necessary
distinction for cross-compiled builds) and linked into a small number of
utility applications used during the heimdal build. However, they can't
link directly against the "replace" library, unlike the main "roken"
library build which carries that dependency, because the "replace"
library is _not_ built for the host.
I solved this problem by eliminating heimdal's version of rep_closefrom()
and making it use the one from "lib/replace" everywhere. That wasn't a
problem for the main heimdal library that is built for the target because
it was already linking in "lib/replace" (that's what caused this problem
in the first place!), but to solve the aforementioned issue with
"lib/replace" not being built for the host, I added
"lib/replace/closefrom.c" to the list of "source4/heimdal/lib/roken"
sources to be built for the host to satisfy heimdal's host utilities.
Everyone wins, I think.
Signed-off-by: Karl Lenz <xorangekiller@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This has been turned off by default for 10 years
(since 26e114b83c), and is only interesting for
nostalgia purposes.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
What does it even do? Possibly nothing, not least because nobody ever
runs it.
It was introduced as source4/scripting/bin/autoidl.py in
a2446e5f85 ("initial work for script
that uses probing to figure out IDL"). Since then it has only had
superficial patches, generally aimed at Python 3.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Also, use sys.exit() function, not exit(), because sys.exit() reliably
exists.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
When a script is run with the wrong arguments, it should at least say
something like this:
Usage: samba-foo [OPTIONS]
For many samba scripts, especially without a server environment, having
no arguments is the wrong arguments.
Here we look for every executable file with '#![...]python[3]' on the
first line, and exclude certain files and directories that have excuses
to fail the test. For example, many selftest scripts are stream-oriented
and will hang forever waiting for stdin, which is not an error. Some
test modules are designed so they can be optionally run from the command
line, but this option is typically only used by the developer who is
writing them.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
From v4.8 onwards, Samba may not be able join a DC older than 2008R2
because the Windows DC doesn't support GET_TGT.
If the dsdb repl_md code can't resolve a link target it returns an
error, and the calling code (e.g. drs_util.py) should retry with
GET_TGT. However, GET_TGT is only supported on Windows 2008R2 and later,
so if you try to join an earlier Windows DC, the join will throw an
error that you can't work-around.
We can avoid this problem by setting the same DSDB flag that GET_TGT
sets to indicate that the link targets are as up-to-date as possible,
and so there's no point retrying. Missing targets are still logged, so
this at least allows the admin to fix up any problems after the join
completed.
I've only done this for the join case (problems during periodic
replication are probably still worth escalating to an error).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14021
RN: From Samba v4.8 onwards, joining a Windows 2003 or 2008 (non-R2) AD
DC may not have worked. When this problem occurred, the following
message would be displayed:
'Failed to commit objects: DOS code 0x000021bf'
This particular issue has now been resolved. Note that there may still
be other potential problems that occur when joining an older Windows DC.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pass the ldb options into ldb_module_connect_backend, to ensure ldb
options such as "batch mode" and "transaction index cache size" get passed
through to the backend modules.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11362
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11362
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
If the "-d" debug level parameter is not supplied, default to DBGLVL_WARNING.
Overiding the "log level" set in smb.conf.
When samba runs the kcc command stderr output is logged at DBGLVL_ERR,
the default log destination is stderr. As a result any log messages
generated by the kcc command, are effectively logged at DBGLVL_ERR.
This causes issues if auth or audit logging are enabled in smb.conf.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Tim Beale <timbeale@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 2 05:49:43 UTC 2019 on sn-devel-184
It is still unused and untested, probably not working.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
You could run the script, but it wouldn't do anything.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Cross-partition links could still be dropped if GET_TGT was already
previously set for the replication.
This was due to a slight error in the order of logic. We never want to
ignore cross-partition links (regardless of whether the TARGETS_UPTODATE
/GET_TGT flag is set). We should only be returning early in the
GET_TGT case if the objects are both in the same partition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14022
RN: When the AD domain contained a linked attribute that spanned
partitions, DRS replication could drop the link. This dropped link could
then result in subtle differences in behaviour between DCs, as some DCs
would have the link and others wouldn't. When this issue occurred, the
dropped link would be logged in a warning message:
"<target-dn> is Unknown but up to date. Ignoring link from <source-dn>"
This issue would not always occur - it depended a lot on the database
contents. Typically, it would only potentially occur when joining a new
DC to the domain (doing an ldapcmp after the join would also highlight
the problem, if it occurred). This issue has now been resolved.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This adds a test-case to highlight a bug in the client side GetNCChanges
handling.
These tests mostly exercise the server-side behaviour of sending the
GetNCChanges, however, there's a bug in the client-side code when we try
to handle a missing cross-partition link target *in combination* with
the GET_TGT flag already having been set.
The test is exercising the client-side code by using the 'samba-tool drs
replicate' command. By adding a one-way link to a deleted target object,
we force the client code to retry with the GET_TGT flag set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14022
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool domain dcpromo" option "backend-store-size".
This allows the lmdb map size to be set during a promotion, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool drs clone-dc-database" option "backend-store-size".
This allows the lmdb map size to be set during a clone, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>'
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tests for the new "samba-tool domain join" option
"backend-store-size". This allows the lmdb map size to be set during a
provision, instead of hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tests for the new "samba-tool domain provision" option
"backend-store-size". This allows the lmdb map size to be set during a
provision, instead of hard-wiring it to 8Gb
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 27 14:11:39 UTC 2019 on sn-devel-184
Modifying blackbox provision test to check schema version.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 26 05:31:03 UTC 2019 on sn-devel-184
We're going to change the default base schema so this patch changes all
tests and testenvs requiring the current default (2008_R2) to specify it
in all provision commands using --base-schema.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
A 2003 AD DB with functional level set to >= 2008 was non-functional
due to the PSO checks.
We already check the functional level is >= 2008 before checking for the
PSO container. However, users could change their functional level
without ensuring their DB conforms to the corresponding base schema.
The objectclass DSDB module should prevent the PSO container from ever
being deleted. So the only way we should be able to hit this case is
through upgrading the functional level (but not the underlying schema
objects). If so, log a low-priority message and continue without errors.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14008
RN: Previously, AD operations such as user authentication could fail
completely with the message 'Error 32 determining PSOs in system' logged
on the samba server. This problem would only affect a domain that was
created using a pre-2008 AD base schema and then had its functional
level manually raised to 2008 or greater. This issue has now been
resolved.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This sorts out the idl list into the parts that actually need --python and --client specified
and so speeds up the compile and clarifies the code behaviour.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
We can now dump public structures using ndrdump, so helper dump functions
are not required any more.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
We only need librpc/rpc/rpc_common.h
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
These were removed in eb15acdd35 but the
header declarations were not removed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
These likely became unused once other untested parts of the NTVFS file server were
removed in 2017e291a2,
ee8b48df0f,
679227d606,
31de52ed2e
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This came about because in py2 we had to check for strings and unicode.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Jun 24 18:48:53 UTC 2019 on sn-devel-184
We no longer need Samba to be py2/py3 compatible so we choose to return to the standard
function names.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
We no longer need Samba to be py2/py3 compatible so we choose to return to the standard
function names.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
We no longer need Samba to be py2/py3 compatible so we choose to return to the standard
function names.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
We no longer need Samba to be py2/py3 compatible so we choose to return to the standard
function names.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
We no longer need Samba to be py2/py3 compatible so we choose to return to the standard
function names.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jun 24 07:27:21 UTC 2019 on sn-devel-184
The endian changes are needed in order to get the following result
from the blobs Windows generated (see the torture test):
AddrArray: ARRAY(3)
AddrArray: struct dnsp_dns_addr
family : 0x0002 (2)
port : 0x0035 (53)
ipv4 : 172.31.99.33
ipv6 : 0000:0000:0000:0000:0000:0000:0000:0000
[MS-DNSP] states that the port is supposed to be ignored, but it's still
good to decode it as port '53' (0x0035) instead of '13568' (0x3500).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
In future we should use ipv4address, but that would result in a much
larger change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This improves Samba AD DC performance as a DNS server dramatically, because NS records do not
need to be looked up and there is less risk the response will have to fall back
to TCP, doubling the cost again.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 21 00:52:19 UTC 2019 on sn-devel-184
So that we don't dereference result->msgs[0] when it doesn't exist.
This can happen when the object has changed in such a way that it no
longer matches the original search query.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13951
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Wed Jun 19 08:16:39 UTC 2019 on sn-devel-184
We still want to return DOES_NOT_EXIST when request_filter is not 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We still want to return DOES_NOT_EXIST when request_filter is not 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Tue Jun 18 16:54:22 UTC 2019 on sn-devel-184
This allows using the unclist option to specify multiple targets, e.g.
for testing against multiple nodes in a clustered Samba environment.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 12 20:02:26 UTC 2019 on sn-devel-184
We should make clear that this is a function for testing only,
with possible strange side effects.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This test is supposed to test which signing keys are used on
each of the channels, so it's important to require signing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Remove the decode_* functions as they are no longer needed, and this
will reduce the amount of untested automatically generated code.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Remove the decode_* functions as they are no longer needed, and this
will reduce the amount of untested automatically generated code.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Remove the decode_* functions as they are no longer needed, and this
will reduce the amount of untested automatically generated code.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Fixes
source4/torture/unix/unix_info2.c:300: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Fixes
source4/torture/smb2/notify.c:974: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:994: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1002: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1011: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1025: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1040: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1048: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1062: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1081: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1096: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1112: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/notify.c:1125: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Fixes
source4/torture/smb2/create.c:197: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/create.c:234: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/smb2/create.c:265: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Fix
source4/torture/raw/open.c:1009: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/open.c:1048: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Fix
source4/torture/raw/notify.c:831: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:838: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:849: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:861: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:869: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:882: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:892: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:903: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:914: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:929: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:941: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:951: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:961: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:972: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
source4/torture/raw/notify.c:982: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Insert unreachable return to satisfy the following warnings
source4/smbd/server.c:692: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
source4/smbd/server.c:694: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
source4/smbd/server.c:699: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
source4/smbd/server.c:758: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
source4/smbd/server.c:789: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
source4/smbd/server.c:849: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
source4/smbd/server.c:866: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Fixes the following errors (note: existing code is safe the way it is
currently all accesses to the structure are 'after' it is assigned)
source4/smb_server/smb/negprot.c:447: error: uninitvar: Uninitialized variable: blob <--[cppcheck]
source4/smb_server/smb/negprot.c:453: error: uninitStructMember: Uninitialized struct member: blob.data <--[cppcheck]
source4/smb_server/smb/negprot.c:447: error: uninitStructMember: Uninitialized struct member: blob.length <--[cppcheck]
source4/smb_server/smb/negprot.c:453: error: uninitStructMember: Uninitialized struct member: blob.length <--[cppcheck]
source4/smb_server/smb/negprot.c:454: error: uninitStructMember: Uninitialized struct member: blob.length <--[cppcheck]
source4/smb_server/smb/negprot.c:455: error: uninitStructMember: Uninitialized struct member: blob.length <--[cppcheck]
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Fix the following warnings
source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1021: error: uninitvar: Uninitialized variable: answer_integer <--[cppcheck]
source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1723:4: warning: Value stored to 'status' is never read <--[clang]
status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1881:4: warning: Value stored to 'status' is never read <--[clang]
status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A,
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
source4/rpc_server/dnsserver/dcerpc_dnsserver.c:715: error: uninitvar: Uninitialized variable: answer_integer <--[cppcheck]
This error is benign and somewhat false because the code pointed to does
not run (due to a different check) if answer_integer is not actually
initialsed. It is easy to squash it though by just initialising the var.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
The domain join with VMWare Horizon Quickprep seems to use
netr_ServerAuthenticate3() with just the NEG_STRONG_KEYS
(and in addition the NEG_SUPPORTS_AES) just to verify a password.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13464 (maybe)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973
Signed-off-by: Björn Baumbach <bbaumbach@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bbaumbach@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Fix the error message returned when unable to initialise an event context.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Though this script was initially written for undoing GUID indexing on
TDB databases, we're repurposing it to do a full downgrade of any
database. MDB databases can't be DN indexed, but they can have pack
format version 2 and ORDERED_INTEGER data types, which must be removed
during a downgrade.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
For TDB databases, the new ORDERED_INTEGER type is disabled along with
repacking at format version 1 if GUID indexing is disabled, so all the new
database features are toggled together. This scheme doesn't work with
MDB because GUID indexing is mandatory when using MDB. However, a
downgrade path is still required so in a previous commit we added
a pack_format_override option which allows a downgrade script to force
the database to use an earlier packing format. But, the new
ORDERED_INTEGER type would still be present in MDB databases so this
patch reads the pack_format_override opaque and converts ORDERED_INTEGER
types in @ATTRIBUTES to INTEGER and doesn't write any indexes of that
type to @INDEXLIST. The @INDEXLIST will be refreshed later, on the first
transaction.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
To reduce the number of potential combinations of database features in
ldb, we want to link all new database features since 4.7. GUID indexing,
ordered integers, and pack format changes will all upgrade together.
This patch makes ordered integers only function if GUID indexing is
enabled. If GUID indexing is disabled, ORDERED_INTEGER will not be
written to @ATTRIBUTES and a syntax's index_format_fn will never be
used.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This test confirms that running downgradedatabase causes all GUID keys to be
replaced with DN keys at the KV level
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
In forthcoming commits we're going to repurpose this script to do an
entire downgrade of a database, disabling all new database features.
downgradedatabase is a more appropriate name.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Quick fix running this script with -s instead of -H. samdb_url() returns
a url with a protocol prefix, which causes issues further down in the
script.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
We better print "... remote host [Unknown] SID [S-1-5-18] ..."
in 'dsdb_audit' message, this matches what we print for
'dsdb_json_audit'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13916
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Fix ubsan warning null pointer passed as argument 2 when the source
pointer is NULL. The calls to memcpy are now guarded by an
if (len > 0)
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon May 27 01:29:48 UTC 2019 on sn-devel-184
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 24 05:12:14 UTC 2019 on sn-devel-184
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This ensures the resource fork is not deleted as part of the AppleDouble file
conversion for the option fruit:wipe_intentionally_left_blank_rfork=yes.
This is currently not a problem in selftest, as we don't enable the option, but
a subsequent commit will run all vfs.fruit tests against a share with this
option enabled.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This ensures the resource fork is not deleted as part of the AppleDouble file
conversion for the option fruit:wipe_intentionally_left_blank_rfork=yes.
This is currently not a problem in selftest, as we don't enable the option, but
a subsequent commit will run all vfs.fruit tests against a share with this
option enabled.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
In py3 we need to add an extra str() around the returned ldb value to
enable .split() to be used.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed By: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu May 23 14:25:52 UTC 2019 on sn-devel-184
It had a note:
WARNING: All file access is done as user root!!!
Only use this module for testing, with only test data!!!
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed May 22 07:15:43 UTC 2019 on sn-devel-184
While this could have been a very interesting idea (particularly
if it allowed our main SMB server to disable SMB1), it has never
been enabled in our testsuite so relying on it would be quite
brave.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
A pass-though NTVFS module to write nbench files is a cute idea,
but this is untested and almost certainly unused.
Found by looking at the LCOV results.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This is unsued since a87dea2a08 in 2007
when we moved to using LDB for LDAP in this area of the code.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This has been unused since it was introduced by
5673e2cec9 in 2011.
Found by callcatcher
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
The callers moved to dsdb_class_by_cn_ldb_val() with
43aa546ecc in 2009.
Found by callcatcher
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This became unused after eba8799514 in 2012
Found by callcatcher
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Pack function for new pack format with values separated from other data
so that while unpacking, the value section (which is probably large)
doesn't have to be loaded into cache/memory.
The new format is disabled for now.
Two tests are added that operate on a detailed binary breakdown of the
new format.
NOTE: Configure with --abi-check-disable to build this commit. This
patch is part of a set of LDB ABI changes, and the version update is
done on the last commit.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Unpack function for new pack format with values separated from other
data so that while unpacking, the value section (which is probably large)
doesn't have to be loaded into cache/memory.
Additionally, width of length field can now vary per-element to save space.
The old unpack routine is still present and is called if the old pack
format version number is found.
LDB torture suite is modified to run relevant tests on both old and new
pack format.
NOTE: Configure with --abi-check-disable to build this commit. This
patch is part of a set of LDB ABI changes, and the version update is
done on the last commit.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Commit d65b7641c8 had the parameters to
talloc_reparent reversed. This caused the dcerpc.bare tests to flap.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13932
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed May 22 03:03:43 UTC 2019 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 21 01:18:08 UTC 2019 on sn-devel-184
NT_STATUS_CONNECTION_DISCONNECTED and NT_STATUS_CONNECTION_RESET are
equivilent for the purposes of this test, both come from the server
shutting down the connection, the difference comes from two different
unix error numbers that can come from this.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon May 20 05:17:42 UTC 2019 on sn-devel-184
Based on earlier work by Garming Sam.
This allows the server to stop working on a reply that will never
be sent to the client as it is too large.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This should limit the amount we send to GENSEC at a
time where it may help avoid large realloc or memcpy calls.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This allows us to replace the implicit limit via data_blob_append()
removed in the previous commit.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This avoids a the implicit 256MB limit on LDAP replies (allowing this
to be increased in the future) and means we copy less memory around.
However because we can only have 1024 entries in a struct iovec (on Linux)
we will need to call tstream_writev_queue_send() multiple times.
Calling it in chunks of 1024 seems a reasonable compromise, the
gensec layer will chunk it out smaller if required.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This avoids holding the memory for the response twice,
by the time the result is queued it is only ASN.1 encoded.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This was always set to 0 so was poinless. Any LDAP scope can return 0 entries,
even a SCOPE_BASE if the filter does not match.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This made it much harder to watch under wireshark and is not required (no password setting).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
metadata.tdb was being locked during transactions, but not during read, and
we should ensure we take all our locks in order for consistency
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13950
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This changes variables that are not the responsiblity of this function, the unlock
implied by partition_del_trans() needs to be done carefully in the right spot.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This allows metadata.tdb to be locked in the correct place in
in the lock order, as partition_reload_if_required() implicitly
calls partition_lock_read().
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This test is run agianst multiple DCs in the same domain, so there can
be a race with replication. Therefore avoid using the same name twice
by adding a random suffix.
This is an improvement to a demonstrator for this bug in TDB:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13952
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This behaviour is Samba-specific, we have not traditionally cut of responses at 1000
or so as Windows does, and we need to change that behaviour carefully.
This triggers this bug in TDB:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13952
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
To avoid warning above produced by using
-Wcast-function-type we;
+ ensure PyCFunctions of type METH_NOARGS defined dummy arg
+ ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG
macro
+ ensure PyCFunctions of type METH_KEYWORDS really actually use the
problematic kargs param, if not remove it
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Where possible make PyCFunction definition signature match. Sometimes
this is not possible (e.g. when the c-function is associated with a
python method definition with 'METH_VARARGS|METH_KEYWORDS' in this
case we use the PY_DISCARD_FUNC_SIG macro.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Fix various PyCFunction definitions to avoid
'cast between incompatible function types' warnings when compiled
with -Wcast-function-type
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Fix use after free detected by AddressSanitizer
AddressSanitizer: heap-use-after-free on address 0x61400026a4a0
at pc 0x7fd555c52f12 bp 0x7ffed7231180 sp 0x7ffed7231170
READ of size 1 at 0x61400026a4a0 thread T0
#0 0x7fd555c52f11 in ldb_should_b64_encode
../../lib/ldb/common/ldb_ldif.c:197
#1 0x7fd539dc9417 in dsdb_audit_add_ldb_value
../../source4/dsdb/samdb/ldb_modules/audit_util.c:491
#2 0x7fd539dc9417 in dsdb_audit_attributes_json
../../source4/dsdb/samdb/ldb_modules/audit_util.c:651
#3 0x7fd539dc6a7e in operation_json
../../source4/dsdb/samdb/ldb_modules/audit_log.c:305
The problem is that at the successful end of these functions
el->values is overwritten with new_values. However get_parsed_dns()
points p->v at the supplied el and it effectively gets used
as a working area by replmd_build_la_val(). So we must duplicate it
because our caller only called ldb_msg_copy_shallow().
The reason this matters is that the audit_log module is
above repl_meta_data in the stack, and tries to log the
ldb_message it saw after the reply (to include the error code).
If that ldb_message is changed it is not only misleading,
it can point to memory that has since gone away.
In this case the memory for the full extended DN in the
member attribute ended up on 'ac', a context lost by
the time repl_meta_data has finished processing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13941
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 15 05:35:47 UTC 2019 on sn-devel-184
Lower down in this function new_values is assigned over el->values and is
filled in with the values of all the parsed DNs. Therefore it is the natural
talloc parent.
This will allow el->values to be allocated on tmp_ctx in the next commit for
a working area during the function call.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Removing this (system) database open from the later auth stack results
in a 15-30% improvement in different types of binds and on different
hardware (presumably better with slower disk speeds).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Unpack functions currently take an attribute list to restrict the set of
attributes to be returned in the constructed message. This
functionality is never used and complicates implementation of
forthcoming new pack format. This patch removes that functionality.
Using the unpack function then filtering the result turns
out not to be any slower.
NOTE: Configure with --abi-check-disable to build this commit. This
patch is part of a set of LDB ABI changes, and the version update is
done on the last commit.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This patch moves ldb_kv's filter code into the pack code to replace
'only attr list' functionality which will be removed in forthcoming
commit. Unpacking data then filtering the result is not any slower
than the removed 'only attr list' approach.
'only attr list' test repurposed to test unpack -> filter flow.
NOTE: Configure with --abi-check-disable to build this commit. This
patch is part of a set of LDB ABI changes, and the version update is
done on the last commit.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Performance test for pack function and unpack function run with flag
LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC. Run this test before and after
forthcoming pack format changes to test throughput improvement. On my
machine, the unpack improvement is around 50%.
The test doesn't really belong in LDB torture but it's the only place
where all the required functions are available.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Making unpack flag LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC required
behaviour, since allocating data during unpack is slow and unnecessary
in all current usages. In any future unpack usage, if editing of
returned memory is required, some function that duplicates the message
should be used, such as one of the filter_attrs functions, or msg_copy.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue May 14 11:45:13 UTC 2019 on sn-devel-184
Fix use after free detected by AddressSanitizer
AddressSanitizer: heap-use-after-free on address 0x60f0002b2738
at pc 0x7f89b1a213b5 bp 0x7ffce9528810 sp 0x7ffce9528800
READ of size 8 at 0x60f0002b2738 thread T0
#0 0x7f89b1a213b4 in samldb_rename_search_base_callback
../../source4/dsdb/samdb/ldb_modules/samldb.c:4203
#1 0x7f89d3a0db4a in ldb_module_send_entry
../../lib/ldb/common/ldb_modules.c:793
#2 0x7f89b6f27356 in es_callback
../../source4/dsdb/samdb/ldb_modules/encrypted_secrets.c:1418
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13942
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ensure that the tevent_context is deleted after the connection, to
prevent a use after free.
Note: Py_DECREF calls dcerpc_interface_dealloc so the
TALLOC_FREE(ret->mem_ctx) calls in the error paths of
py_dcerpc_interface_init_helper needed removal.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13932
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
While running samba python tests with `coverage.py`, `make test` failed
to start ad_dc env since dns_update_cache stays empty.
Flush the file after write fix the issue.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
When filtering out multiple elements, we end up memmove()ing the same
elements many times over. It is simpler to not do that by keeping track
of how many elements we are keeping.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The bare memmove is not strictly safe at the end of the list.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
ldb_msg_new() is currently the same as talloc_zero(), but it might
not always be.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
