1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

115790 Commits

Author SHA1 Message Date
Douglas Bagnall
a7e0741372 s4/pyauth: check ldb argument in py_user_session()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:17 +01:00
Douglas Bagnall
ec1e56989b pygensec: insist on proper AuthContext in start_server
Fixes another segfault.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:17 +01:00
Douglas Bagnall
bdb4132617 pynbt: catch type errors in PyObject_AsNBTName()
This fixes some known segfaults.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:17 +01:00
Douglas Bagnall
e0c0538390 Tests for segfaults in python bindings
These tests run in a child process and are regarded as succeeding if they
don't die by signal.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:17 +01:00
Garming Sam
f00362fb3d cracknames: Change search filter to use the smaller index
In large domains with many users, '(objectClass=User)' may as well not
be specified because it's iterating over the entire database.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:17 +01:00
Tim Beale
5bfad1b2b0 netcmd: Improve error handling of gpo aclcheck as non-admin
Reading the nTSecurityDescriptor attribute over LDAP requires admin
creds. However, if you don't specify admin creds, then you get an error
like this:

bin/samba-tool gpo aclcheck
ERROR(<class 'KeyError'>): uncaught exception - 'No such element'
  File "bin/python/samba/netcmd/__init__.py", line 184, in _run
    return self.run(*args, **kwargs)
  File "bin/python/samba/netcmd/gpo.py", line 1536, in run
    ds_sd_ndr = m['nTSecurityDescriptor'][0]

This patch adds an explicit check/error message to make the problem
clearer.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:17 +01:00
Tim Beale
1e0db9726b selftest: Remove unnecessary tests.py options from proclimit tests
It seems like these extra options were just copy-n-pasted from another
test. The process_limits test doesn't actually try to use these env
variables at all. All the test is doing is creating LDAP connections to
the DC. The SOCKET_WRAPPER_DEFAULT_IFACE may have perhaps been needed,
but we can avoid this by dropping ':local' from the testenv and running
the test as a "client" instead.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:17 +01:00
Tim Beale
b2126cd6f4 selftest: Add comment elaborating on what ENV_DEPS actually does
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:16 +01:00
Tim Beale
6cee31b0ba selftest: Reorder ENV_DEPS so similar testenvs are together
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:16 +01:00
Tim Beale
402715206f selftest: Fix running proclimit tests locally
The dns_hub changes missed a dependency. Fortunately, during an
autobuild, the dns_hub is always up and running by the time the
proclimitdc tests are run. However, the tests were failing if run
locally just on their own.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:16 +01:00
Tim Beale
c649aece90 man pages: Add note about standard process model
Calling this model the 'standard' model made a lot more sense when it
was the default. Add a small note explaining that it has this name for
historical reasons.

(The term 'standard' may have originally been chosen for some other
reason. However, it's hard to find the rationale behind the term from
back in 2005)

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:16 +01:00
Tim Beale
d29853ab0a selftest: Convert backup/restore testenvs to use default
These testenvs shouldn't be dependent on the process model at all, so we
should be able to convert them to the new default without any
repercussions.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:16 +01:00
Tim Beale
4603351544 selftest: Make process_model argument optional in check_or_start()
It's more realistic to *not* always specify a process-model, and rely on
the samba code to use the correct default. This patch changes selftest
so we only use the -M process-model option if a particular process_model
was specified. Otherwise the testenv will use whatever the default is.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:16 +01:00
Tim Beale
3f8d83b753 samba: Change default process model to prefork
Prefork is the more sensible default option now, as it better
handles a large number of client connections.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:16 +01:00
Andrew Bartlett
5e716c0256 ldb: Release ldb 1.5.3
* Avoid inefficient one-level searches (bug 13762)
* The test api.py should not rely on order of entries in dict (bug 13772)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13772

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-02-01 03:36:15 +01:00
Andrew Bartlett
e7f524fd21 ldb: Add even more comments on what strict does to the list intersections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-02-01 03:36:15 +01:00
Tim Beale
57a565b2fd ldb: Rename variable
The old name confused me because it's not really related to the
one-level index at all. It's the result from evaluating the indexed
search specified in the ac->tree.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:15 +01:00
Tim Beale
132600685b ldb: Elaborate on ldb_kv_search_indexed() comments
Disclaimer: this is based on my limited understanding of what the code
is doing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:15 +01:00
Tim Beale
7292844482 ldb: Remove comment that no longer makes sense
This comment was written before the GUID_index_attribute block of code
existed. So we now *do* load the index values and *do* check for a
strict intersect, so the comment is redundant.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:15 +01:00
Tim Beale
9a893f9613 ldb: Avoid inefficient one-level searches
Commit 88ae60ed18 introduced a problem that made one-level
searches inefficient if there were a lot of child objects in the same
level, and the requested object didn't exist. Basically, it ignored the
case where ldb_kv_index_dn() returned LDB_ERR_NO_SUCH_OBJECT, i.e. the
indexed lookup was successful, but didn't find a match. At which point,
there was no more processing we needed to do.

The behaviour after 88ae60ed18 was to fall-through and run the
ldb_kv_index_filter() function over *all* the children. This still
returned the correct result, but could be costly if there were a lot of
children.

The case 88ae60ed18 was trying to fix was where we could not do
an indexed search (e.g. trying to match on a 'attribute=*' filter). In
which case we want to ignore the LDB_ERR_OPERATIONS_ERROR and just run
ldb_kv_index_filter() over all the children. This is still more
efficient than the fallback of doing a full database scan.

This patch adds in a short-circuit for the NO_SUCH_OBJECT case, so we
can skip the unnecessary ldb_kv_index_filter() work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:15 +01:00
Tim Beale
b4211f6923 selftest: Add dns_hub to selftest/target/README
Add a description explaining what dns_hub does and why we need it.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:15 +01:00
Tim Beale
a094e16fd5 selftest: Move dns_hub.py into selftest directory
As dns_hub.py is now integral to the selftest environments, it seems to
make sense for it to live under the selftest/ directory.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:15 +01:00
Tim Beale
5d5a790bd3 dns_hub: Fix flake8 warnings
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-01 03:36:15 +01:00
Gary Lockyer
4ecdcc4b46 man pages: document prefork process model
Document the process model options -M

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13765

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Thu Jan 31 04:25:14 CET 2019 on sn-devel-144
2019-01-31 04:25:13 +01:00
Jeremy Allison
abbaa629c6 s3: smbd: smb2-posix: Add NFS_SPECFILE_XXX defines.
Sub-types for NFS reparse point.

https://msdn.microsoft.com/en-us/library/dn617178.aspx

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 31 00:50:10 CET 2019 on sn-devel-144
2019-01-31 00:50:10 +01:00
Jeremy Allison
dc9a2c05a2 s3: smbd: smb2-posix: Add IO_REPARSE_TAG_NFS.
https://msdn.microsoft.com/en-us/library/dn617178.aspx

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2019-01-30 21:21:10 +01:00
Stefan Metzmacher
d03991f569 selftest:Samba4: use 'smbcontrol samba shutdown'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 30 01:51:48 CET 2019 on sn-devel-144
2019-01-30 01:51:48 +01:00
Stefan Metzmacher
832776c0fc s4:server: add support for 'smbcontrol samba shutdown'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
2019-01-29 22:09:08 +01:00
Stefan Metzmacher
5bd7a8e568 s4:server: avoid using pid=0 for the parent 'samba' process
It confuses the 'samba-tool processes' output and log messages.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
2019-01-29 22:09:08 +01:00
Stefan Metzmacher
3a0c1da432 s4:messaging: add support 'smbcontrol <pid> debug/debuglevel'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
2019-01-29 22:09:08 +01:00
Stefan Metzmacher
12b9adec3f manpages/samba.7.xml: smbcontrol can also work with 'samba'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
2019-01-29 22:09:07 +01:00
Lukas Slebodnik
7a7a5ccf50 ldb: The test api.py should not rely on order of entries in dict
Test failed on s390x but there is a simple reproducer for any
architecture.

The built-in function repr returns the canonical string representation
of the object. We needn't care about order attributes in string
representation. Therefore test should pass for any order.

    for i in {1..30}; do
        PYTHONHASHSEED=random \
        python2 -c 'import ldb; msg = ldb.Message(); msg.dn = ldb.Dn(ldb.Ldb(), "dc=foo29"); msg["dc"] = b"foo"; print(repr(msg)) '
    done

  ======================================================================
  FAIL: test_repr (__main__.LdbMsgTests)
  ----------------------------------------------------------------------
  Traceback (most recent call last):
    File "tests/python/api.py", line 2322, in test_repr
      "Message({'dn': Dn('dc=foo29'), 'dc': MessageElement(['foo'])})")
  AssertionError: "Message({'dc': MessageElement(['foo']), 'dn': Dn('dc=foo29')})" != "Message({'dn': Dn('dc=foo29'), 'dc': MessageElement(['foo'])})"
  ----------------------------------------------------------------------
  Ran 1025 tests in 29.146s
  FAILED (failures=1)

Signed-off-by: Lukas Slebodnik <lslebodn@fedoraproject.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-01-29 22:09:07 +01:00
Stefan Metzmacher
29f9618e38 dns.idl: fix DNS_RCODE from 0xF to 0x1F
commit 74206984da introduced
TSIG related error codes up to DNS_RCODE_BADALG   = 0x15

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-01-29 22:09:07 +01:00
Stefan Metzmacher
0b66cf93f2 python/tests/dns*: make use of dns.DNS_RCODE/dns.DNS_OPCODE
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-01-29 22:09:07 +01:00
David Mulder
8e7b63a171 'articles' variable causes a dependency loop
This 'articles' variable contains
'smbdotconf/parameters.all.xml' and causes a
dependency loop when creating parameters.all.xml

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-01-29 22:09:07 +01:00
Stefan Metzmacher
c0ed5bd050 third_party/resolv_wrapper: fix HAVE_RESOLV_IPV6_NSADDRS for struct __res_state
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-01-29 22:09:07 +01:00
Stefan Metzmacher
b2050db67b wafsamba/replace: move __STDC_WANT_LIB_EXT1__ to CFLAGS
This fixes the build of python bindings, which use memset_s()
(via ZERO_STRUCT).

In python bindings Python.h needs to be the first header, which means
is already includes string.h. Defining __STDC_WANT_LIB_EXT1__ in
replace.h is too late in that case.

This fixes the --check-c-compiler=gcc --picky-developer on FreeBSD 12.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-01-29 22:09:07 +01:00
Stefan Metzmacher
e49df24e80 replace: only include <sys/capability.h> with HAVE_POSIX_CAPABILITIES
On FreeBSD <sys/capability.h> is a legacy wrapper to <sys/capsicum.h>,
which implements something different. With FreeBSD 12 including
<sys/capability.h> generates a compiler warning/error.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-01-29 22:09:07 +01:00
Stefan Metzmacher
8061983d48 wscript: separate embedded_heimdal from system_heimdal
This allows to default (embedded_heimdal) to build even with a
broken krb5-config file from Heimdal.

In the system_heimdal case we parse the content of krb5-config
instead of just executing it. This fails on FreeBSD 12 as
krb5-config contains iso-8859-1 characters, which can't be parsed
as unicode python buffers when using python3.

Fixing the system_heimdal case is a task for another day,
I guess it will only work once we imported a current heimdal version
and actually tested the system_heimdal case.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-01-29 22:09:07 +01:00
Volker Lendecke
60b062d614 vfs_gpfs: Fix the 32-bit build
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>

Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Tue Jan 29 22:06:59 CET 2019 on sn-devel-144
2019-01-29 22:06:59 +01:00
Douglas Bagnall
ca93b1e15a s4/param/provision py_dom_sid_FromSid: avoid python memleak
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Jan 29 16:54:48 CET 2019 on sn-devel-144
2019-01-29 16:54:48 +01:00
Douglas Bagnall
a3aa5af3d5 s4/pyrpc_util: catch alloc failure in py_dcerpc_interface_init_helper()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2019-01-29 13:45:32 +01:00
Douglas Bagnall
e23b9f88cc s4/pyrpc_util: appropriately decrement refcounts on failure
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2019-01-29 13:45:32 +01:00
Douglas Bagnall
3584fe46d9 s3/py_passdb: maintain correct refcount on allocation failure
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2019-01-29 13:45:32 +01:00
Douglas Bagnall
1f07c478ec python/modules: maintain correct refcount for path items
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2019-01-29 13:45:32 +01:00
David Disseldorp
e132458039 tests: don't rely on implicit int return type
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Jan 29 03:47:27 CET 2019 on sn-devel-144
2019-01-29 03:47:27 +01:00
David Disseldorp
f1b43dfe4a s3/lib: clean up have_syscall() formatting
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-01-29 00:29:17 +01:00
David Disseldorp
45a202a197 s3/lib: don't rely on implicit int return type
C99 removed this behaviour.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-01-29 00:29:17 +01:00
Justin Stephenson
232273bfac s4:torture: Enforce Printer Class
Ensure that the provided inf defines Class=Printer for driver installation
to succeed.

Some driver packages(HP Universal Print Driver) include inf files with
other device types such as Class=USB. Attempting to install these will fail
when tested against Windows Server 2016 Print server using
iremotewinspool RPC calls.

Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>

Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Mon Jan 28 19:34:41 CET 2019 on sn-devel-144
2019-01-28 19:34:41 +01:00
Justin Stephenson
669b135b49 s4:torture: Uninstall driver and cleanup
Uninstall and remove the print driver packages to cleanup
after the install. Cleanup and remove smb directory created
inside print$.

Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
2019-01-28 15:44:19 +01:00