1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Commit Graph

116545 Commits

Author SHA1 Message Date
Christof Schmitt
a04ca6f343 memcache: Properly track the size of talloc objects
With memcache_add_talloc, the talloc object becomes part of the pool and
the memcache_element stores a pointer to the talloc object. The
size of the the talloc object was not used when tracking the used space,
allowing the cache to grow larger than defined in the memcache_init
call.

Fix this by adding the size of the talloc object to the used space.

Also record the initial size of the talloc object for proper adjustment
of the used space in the cache later. This is in case the size of the
talloc object is modified while being owned by the cache (e.g.
allocating talloc child objects). This should never happen, but better
be safe than ending up with a broken cache usage counter.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-04-06 05:12:21 +00:00
Christof Schmitt
7c44f2f76e memcache: Introduce struct for storing talloc pointer
This allows extending the additional data stored for talloced objects
later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-04-06 05:12:21 +00:00
Tim Beale
7a410ccb5f netcmd: Fix passwordsettings --max-pwd-age command
The min_pwd_age and max_pwd_age parameters are both optional and default
to None. However, if we just set the max-pwd-age, then the check
'min_pwd_age >= max_pwd_age' will throw a Python exception because it's
trying to compare an int to NoneType (min_pwd_age). This works on Python 2
but is a problem on Python 3.

We could just add a check that min_pwd_age is not None, but that defeats
the point of having the check if you're only setting either the min or
max age indepedently.

This patch gets the current min/max password age from the DB (in ticks).
If either setting is changed, the ticks will be updated. Then at the end
we check the min is still less than the max (to do this, we convert the
ticks back to days in the interests of readability).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr  5 08:03:08 UTC 2019 on sn-devel-144
2019-04-05 08:03:08 +00:00
Tim Beale
940306a24a netcmd: Add some timestamp conversion helper functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-05 07:01:15 +00:00
Tim Beale
b43f997f23 netcmd: Use python constant for -0x8000000000000000
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-05 07:01:15 +00:00
Tim Beale
d247a60084 tests: Add test for setting min/maxPwdAge
Currently setting maxPwdAge doesn't work at all.

While we're adding a test, we might as well assert that minPwdAge
can't be greater than maxPwdAge as well.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-05 07:01:15 +00:00
Douglas Bagnall
2da9d7d130 ldb_kv_search: avoid handling uninitialised dn
If ldb_kv_filter_attrs() fails, we don't know that the dn of filtered_msg
is OK.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr  5 05:46:55 UTC 2019 on sn-devel-144
2019-04-05 05:46:55 +00:00
Douglas Bagnall
dad98d0334 autobuild: attempt authenticated email if environment suggests it
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-05 04:41:25 +00:00
Douglas Bagnall
c5f7b07ad2 dsdb/modules: minor comment typos in samba_dsdb
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-05 04:41:25 +00:00
Douglas Bagnall
927a5e3c9d dsdb mods/extended_dn_store: used the ldb we already have
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-05 04:41:25 +00:00
Douglas Bagnall
c078ea7828 spell "recursive"
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-05 04:41:25 +00:00
Douglas Bagnall
7545eff148 perf-tests: rename paged search test for regex disambiguation
We like to use "TESTS=medley" for the old ad_dc_medley.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-05 04:41:25 +00:00
Volker Lendecke
60e31c5556 rpc: Convert npa_tstream.c to use tstream_u32_read_send
This avoids a bit of code duplication. Overall the last two commits
add a few lines, but that also contains the header file and another GPL
header for tstream_u32_read.c.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr  5 01:00:48 UTC 2019 on sn-devel-144
2019-04-05 01:00:48 +00:00
Volker Lendecke
05c358759c rpc: Add tstream_u32_read
In npa_tstream.c we have two next_vector functions reading a big
endian uin32_t length and then the blob described by the length. This
factors that next_vector out into a central routine.

Why? I'll add another NPA protocol in the future, and this would add
yet another two copies of that next_vector code

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-04-05 00:00:10 +00:00
Ralph Wuerthner
15afc4fb18 s3-messages: add mallinfo() information to pool-usage report
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>

Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Thu Apr  4 23:39:25 UTC 2019 on sn-devel-144
2019-04-04 23:39:25 +00:00
Ralph Wuerthner
b4d4778dd2 s3-messages: modify msg_pool_usage() to allow enhanced memory reports
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2019-04-04 22:39:31 +00:00
Gary Lockyer
00874b6144 python join: Set index transaction cache size.
The default value is too small for joining a large domain.  So we specify a
size of 200,000 which is suitable for domains with up to 100,000 users.

At a later date this could be added as a parameter to the join, but
200,000 should be suitable for now.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr  4 07:45:03 UTC 2019 on sn-devel-144
2019-04-04 07:45:03 +00:00
Gary Lockyer
69408654b7 lib ldb key_value: Set index cache size on open
Set the default index cache from the passed option
"transaction_index_cache_size" on open.  This allows the default cache
size to be overridden when processing large transactions i.e. joining a
large domain.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-04 06:40:17 +00:00
Gary Lockyer
0952f98e41 lib ldb key_value: set the cache size for re-indexing
Set the index cache size to the number of records in the databse when
reindexing.

This significantly improves reindex performance.  For a domain with
100,000 users the reindex times are reduced from 17 minutes to 45
seconds.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-04 06:40:17 +00:00
Gary Lockyer
6129a05ca0 lib ldb key_value: Add get_size method
Add the get_size method to the ldb_key_value layer, this will allow the
reindexing code to get an estimate of the number of records in the
database.

The lmdb backend returns an accurate count of the number of records in
the database withe the mdb_env_stat call.

The tdb backend does not provide a low cost method to determine the
number of records on the database.  It does provide a tdb_summary call
however this this walks the entire database.

So for tdb we use the map size divided by 500, this over estimates the counts
for small domains, but the extra memory allocated for the cache should
not be significant.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-04 06:40:17 +00:00
Gary Lockyer
8f7bf13b96 lib ldb key_value: Pass index cache size
Pass the index cache size to ldb_kv_index_transaction_start.  This will
allow it to be set for reindex and join operations, where the current
defaults result in a significant performance penalty on large databases.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-04 06:40:16 +00:00
Gary Lockyer
267cc71f5d lib ldb key_value: Remove index cache lazy initialisation
Remove the lazy initialisation of the index cache. This make setting
the size of the cache for re-indexing easier, which will be done in
later commits.

Performance testing shows that the removal of lazy initialisation makes
no appreciable difference to performance.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-04 06:40:16 +00:00
Gary Lockyer
5ba049b599 flapping tests: Add samba3.smb2.notify
Add samba3.smb2.notify until Metze gets time to follow it up.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-04 06:40:16 +00:00
Günther Deschner
377d27359c s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join
When a non-DNS and non-default admin domain is provided during the join
sometimes we might not be able to kinit with 'user@SHORTDOMAINNAME'
(e.g. when the winbind krb5 locator is not installed). In that case lets
fallback to NTLMSSP, like we do in winbind.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr  3 18:57:31 UTC 2019 on sn-devel-144
2019-04-03 18:57:31 +00:00
Günther Deschner
68121f46c7 s3-libnet_join: setup libnet join error string when AD connect fails
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-04-03 17:54:25 +00:00
Günther Deschner
ea29aa27cb s3-libnet_join: always pass down admin domain to ads layer
Otherwise we could loose the information that a non-default domain name
has been used for admin creds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-04-03 17:54:25 +00:00
Volker Lendecke
a80ea6bf4f rpc: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr  3 17:53:30 UTC 2019 on sn-devel-144
2019-04-03 17:53:30 +00:00
Volker Lendecke
a0f03be77f auth: Add necessary decoration to auth/auth_util.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-04-03 16:55:27 +00:00
Volker Lendecke
2a926231ab rpc: Don't crash if npa_accept fails
We can only rely on session_info_transport to be filled correctly upon
success of the accept_existing_recv function

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-04-03 16:55:27 +00:00
Philipp Gesang
7a413a6dab python/samba: ignore encoding errors while reading files
Provisioning fails on C locale due to the Unicode quotes in ldif
data. Patch read_and_sub_file() to read the files as UTF-8.

Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Apr  3 11:33:38 UTC 2019 on sn-devel-144
2019-04-03 11:33:38 +00:00
Philipp Gesang
d01c5bc9fb provision: use ASCII quotes
Remove some Unicode quotes that cause problems under the C
locale.

Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-04-03 10:11:49 +00:00
Andreas Schneider
c7f403d373 lib:util: Include talloc_keep_secret.h in samba_util.h
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr  3 07:50:03 UTC 2019 on sn-devel-144
2019-04-03 07:50:03 +00:00
Andreas Schneider
c4baf2f685 lib:util: Add test for talloc_keep_secret()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2019-04-03 06:48:21 +00:00
Andreas Schneider
b7f7e5a37b lib:util: Add support to keep talloc chunks secret
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2019-04-03 06:48:21 +00:00
Michael Hanselmann
29d7c80ee4 oLschema2ldif: Resolve multiple parsing bugs
The "oLschema2ldif" program contained multiple bugs triggered by
malformed inputs:

* Iteration beyond list of recognized dsdb syntax OIDs when value wasn't
  found (bug 9567)
* NULL pointer dereference when input didn't define a name
* Heap buffer overflows for unterminated token values

Tests are added to reproduce all identified bugs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9567

Signed-off-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Then adapted to use ARRAY_SIZE() consistently as suggested by
metze.

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr  3 02:43:07 UTC 2019 on sn-devel-144
2019-04-03 02:43:07 +00:00
Mathieu Parent
4ae2fb2e74 Relax GPGME version check
The current method require at least the same version as during the build. This is not needed.

Used symbols indicate the minimum is 1.2.0

Bug-Debian: http://bugs.debian.org/886333

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13880

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-04-03 01:40:22 +00:00
Gary Lockyer
ea3b4d6abc prefork tests: disable restart tests MIT
The prefork restart tests use the kdc to test restart back off.  These
tests need to use a process that has not been restarted to ensure that
the process restart counters are sitting at 0 when the tests start.

As MIT kerberos is experimental the heimdal builds will still ensure
that this functionality is tested.

At some stage the echo server should be converted to run in pre-fork and
this process can then be used to test the restart backoff.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-04-03 01:40:22 +00:00
Björn Baumbach
3378a561ef s4:rpc_server: add missing newline to error debug message
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr  3 00:13:10 UTC 2019 on sn-devel-144
2019-04-03 00:13:10 +00:00
Michael Hanselmann
47278bfaa6 waf: Simplify condition for undefined symbol detection
There's no need to check for OpenBSD twice.

Signed-off-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Apr  2 17:28:40 UTC 2019 on sn-devel-144
2019-04-02 17:28:40 +00:00
Joe Guo
9314bd0b25 samba_dnsupdate: small tweaks to make code more pythonic
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2019-04-02 16:09:25 +00:00
Kristján Valur
92c726dc7a make some auth functions return an NTSTATUS like other similar functions for better diagnostics.
Signed-off-by: Kristján Valur <kristjan@rvx.is>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr  2 02:12:48 UTC 2019 on sn-devel-144
2019-04-02 02:12:48 +00:00
Mathieu Parent
959a4837b5 Spelling fixes s/verson/version/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2019-04-02 01:12:11 +00:00
Mathieu Parent
882d8a5bf4 Spelling fixes s/conficts/conflicts/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2019-04-02 01:12:11 +00:00
Mathieu Parent
6064543d64 Spelling fixes s/overrided/overridden/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2019-04-02 01:12:11 +00:00
Mathieu Parent
720396f0fb Spelling fix s/informations/information/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2019-04-02 01:12:10 +00:00
Guenther Deschner
2044ca0e20 s3:ldap: Leave add machine code early for pre-existing accounts
This avoids numerous LDAP constraint violation errors when we try to
re-precreate an already existing machine account.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-02 01:12:10 +00:00
Andreas Schneider
c016afc832 s3:libads: Make sure we can lookup KDCs which are not configured
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-02 01:12:10 +00:00
Andreas Schneider
b7f0c64514 s3:libnet: Use more secure name for the JOIN krb5.conf
Currently we create krb5.conf..JOIN, use krb5.conf._JOIN_ instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-02 01:12:10 +00:00
Andreas Schneider
5c7f0a6902 auth:creds: Prefer the principal over DOMAIN/username when using NTLM
If we want to authenticate using -Wadmin@otherdomain the DC should do
take care of the authentication with the right DC for us.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-02 01:12:10 +00:00
Guenther Deschner
9e92654899 auth:ntlmssp: Add back CRAP ndr debug output
This got lost somehow during refactoring. This is still viable
information when trying to figure out what is going wrong when
authenticating a user over NTLMSSP.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-04-02 01:12:10 +00:00