1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Commit Graph

119691 Commits

Author SHA1 Message Date
Ralph Boehme
c338bdf5a4 s3:mdssvc: add missing mds_ctx deallocation
The mds_ctx object was created in _mdssvc_open() as a talloc child of the pipe
which means as long as the pipe is connected it's not freed.

To ensure we do proper rundown of all resources including backend connections
and pending queries, we must free the mds_ctx object.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
eb740b571d s3:mdssvc: fix a long line
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
ba899694e4 s3:mdssvc: modernize a few DEBUG macros
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:29 +00:00
Ralph Boehme
08cb82d26f s3:mdssvc: remove unused snum from struct sl_query
Looks like this was never used, it's also available via mds_ctx->snum.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:28 +00:00
Ralph Boehme
afc90321ec build: add SAMBA_DATADIR as "samba" subdirectory of DATADIR
DATADIR should have been set to this path from the beginning, too late to change
that now as ut's used as parent for two other directory varialbles: SETUPDIR and
CODEPAGEDIR.

From <https://www.gnu.org/prep/standards/html_node/Directory-Variables.html>:

  datadir

    The directory for installing idiosyncratic read-only
    architecture-independent data files for this program. This is usually the
    same place as ‘datarootdir’, but we use the two separate variables so that
    you can move these program-specific files without altering the location for
    Info files, man pages, etc.

    This should normally be /usr/local/share, but write it as
    $(datarootdir). (If you are using Autoconf, write it as ‘@datadir@’.)

    The definition of ‘datadir’ is the same for all packages, so you should
    install your data in a subdirectory thereof. Most packages install their
    data under $(datadir)/package-name/.

Currently Samba doesn't install any application specific data files, but I'm
going to do just that in a subsequent commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:28 +00:00
Ralph Boehme
213ca6e4cc s3: add mdscli Python bindings
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:28 +00:00
Ralph Boehme
b27d9afa29 s3:rpc_client: add a mdssvc client library
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:28 +00:00
Ralph Boehme
873aa1e6c8 librpc: add Python mdssvc bindings
Not used for now, but soon.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2019-10-09 14:35:28 +00:00
Andreas Schneider
459b43e577 testprogs: Add test for 'net ads join createcomputer='
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Oct  9 08:26:17 UTC 2019 on sn-devel-184
2019-10-09 08:26:17 +00:00
Andreas Schneider
14f320fa1e s3:libads: Just change the machine password if account already exists
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13884

Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2019-10-09 07:06:35 +00:00
Andreas Schneider
39b8c8b30a s3:libnet: Improve debug messages
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2019-10-09 07:06:35 +00:00
Andreas Schneider
ce77629350 s3:libads: Fix creating machine account using LDAP
This implements the same behaviour as Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13884

Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2019-10-09 07:06:35 +00:00
Andreas Schneider
b755a64380 s3:libads: Don't set supported encryption types during account creation
This is already handled by libnet_join_post_processing_ads_modify()
which calls libnet_join_set_etypes() if encrytion types should be set.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2019-10-09 07:06:35 +00:00
Andreas Schneider
4f389c1f78 s3:libads: Fix detection if acount already exists in ads_find_machine_count()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2019-10-09 07:06:35 +00:00
Andreas Schneider
35f3e4aed1 s3:libads: Use a talloc_asprintf in ads_find_machine_acct()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2019-10-09 07:06:35 +00:00
Andreas Schneider
8ed993789f s3:libads: Cleanup error code paths in ads_create_machine_acct()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2019-10-09 07:06:35 +00:00
Andreas Schneider
b84abb3a46 s3:libnet: Require sealed LDAP SASL connections for joining
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2019-10-09 07:06:35 +00:00
Andreas Schneider
456322a613 s3:libads: Use ldap_add_ext_s() in ads_gen_add()
ldap_add_s() is marked as deprecated.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2019-10-09 07:06:35 +00:00
Andreas Schneider
320b5be4dc testprogs: Fix failure count in test_net_ads.sh
There are missing ` at the end of the line.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13884

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2019-10-09 07:06:35 +00:00
Andreas Schneider
4a24d94997 libcli:smb: Use gnutls_aead_cipher_decryptv2() for AES GCM or CCM
This is a new call which has been added with GnuTLS 3.6.10 and will
recuduce memory allocations and copying of data.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct  8 14:12:44 UTC 2019 on sn-devel-184
2019-10-08 14:12:44 +00:00
Andreas Schneider
70fdd4821a libcli:smb: Use gnutls_aead_cipher_encryptv2() for AES GCM or CCM
This is a new call which has been added with GnuTLS 3.6.10 and will
recuduce memory allocations and copying of data.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
2019-10-08 12:50:38 +00:00
Andreas Schneider
fa255a36df waf: Check for gnutls_aead_cipher_encryptv2()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
2019-10-08 12:50:38 +00:00
Alexander Bokovoy
5a08499414 samba-tool: create working private krb5.conf
DNS update tool uses private krb5.conf which should have enough details
to authenticate with GSS-TSIG when running nsupdate.

Unfortunately, the configuration we provide is not enough. We set
defaults to not lookup REALM via DNS but at the same time we don't
provide any realm definition. As result, MIT Kerberos cannot actually
find a working realm for Samba AD deployment because it cannot query DNS
for a realm discovery or pick it up from the configuration.

Extend private krb5.conf with a realm definition that will allow MIT
Kerberos to look up KDC over DNS.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-08 12:50:38 +00:00
Anoop C S
0abd1189a6 s3: VFS: Use SMB_VFS_FCNTL to set fd flags in open_file()
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct  8 09:57:19 UTC 2019 on sn-devel-184
2019-10-08 09:57:19 +00:00
Anoop C S
5084a69de1 s3: VFS: Add SMB_VFS_FCNTL
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-10-08 08:38:32 +00:00
Andreas Schneider
c9d302f20b gitlab-ci: Add CentOS 8 to CI
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct  8 08:27:50 UTC 2019 on sn-devel-184
2019-10-08 08:27:50 +00:00
Andreas Schneider
9cd0d15370 bootstrap: We can only build docker images on gitlab shared runners
Our rackspace runners don't provide a running docker.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2019-10-08 07:10:41 +00:00
Andreas Schneider
42edab7bd7 bootstrap: Remove pyhton2 packages
We dropped support for python2 in Samba already.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2019-10-08 07:10:41 +00:00
Noel Power
7bceafe840 s3/passdb: clang: Fix 'Value stored during initialization is never read'
Fixes:

source3/passdb/pdb_ldap.c:1933:11: warning: Value stored to 'ret' during its initialization is never read <--[clang]
        NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
                 ^~~   ~~~~~~~~~~~~~~~~~~~~~~
source3/passdb/pdb_ldap.c:4094:11: warning: Value stored to 'ntstatus' during its initialization is never read <--[clang]
        NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL;
                 ^~~~~~~~   ~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct  8 02:40:24 UTC 2019 on sn-devel-184
2019-10-08 02:40:24 +00:00
Gordon Ross
78161550ba torture: Allow running on FS that does not support EAs
Signed-off-by: Gordon Ross <gordon.w.ross@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Oct  7 22:05:59 UTC 2019 on sn-devel-184
2019-10-07 22:05:59 +00:00
Andreas Schneider
222f253863 replace: Improve sys/sysctl.h check to catch warning on glibc >= 2.30
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct  7 11:48:24 UTC 2019 on sn-devel-184
2019-10-07 11:48:24 +00:00
Günther Deschner
7c2745d41e libcli/auth: add gnutls test for aes-128-cfb8 cipher bug
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct  7 09:31:35 UTC 2019 on sn-devel-184
2019-10-07 09:31:35 +00:00
Günther Deschner
f988756599 auth/gensec: fix AES schannel seal and unseal
Workaround bug present in gnutls 3.6.8:

gnutls_cipher_decrypt() uses an optimization
internally that breaks decryption when processing
buffers with their length not being a multiple
of the blocksize.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-07 08:13:44 +00:00
Günther Deschner
709d54d68a auth/gensec: fix non-AES schannel seal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14134

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-07 08:13:44 +00:00
Günther Deschner
7eae4280d2 libcli/auth: add test for gensec_schannel code
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-07 08:13:44 +00:00
Jeremy Allison
ea82bca8ce s3: smbclient: Stop an SMB2-connection from blundering into SMB1-specific calls.
Fix in the same way this was done in SMBC_opendir_ctx() for libsmbclient.
This fix means the admin no longer has to remember to set 'min client protocol ='
when connecting to an SMB2-only server (MacOSX for example) and trying to
list shares.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14152

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-07 08:13:44 +00:00
Volker Lendecke
4b62c4f7ad lib/replace: Remove libaio support
io_uring is the way to go these days, libaio was never really useful
for Samba

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct  4 18:18:41 UTC 2019 on sn-devel-184
2019-10-04 18:18:40 +00:00
Volker Lendecke
bcbadeb826 ntvfs: Remove pvfs_aio.c
This uses the Linux libaio that does not meet Samba's needs. If
someone wanted to add async I/O to ntvfs, the io_uring API is the way
to go. Second option would be to use a pthreads-based API.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-10-04 17:01:39 +00:00
Martin Schwenke
0bddee8dac ctdb-tests: Rename functions to test_header() and test_footer()
That's all they do now.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Oct  4 10:58:10 UTC 2019 on sn-devel-184
2019-10-04 10:58:10 +00:00
Martin Schwenke
435d903ad8 ctdb-tests: Move test duration calculation to ctdb_test_run()
It makes sense to do this in one place in case other headers/footers
are added.

Reindent ctdb_test_begin() while touching this function.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2019-10-04 09:41:29 +00:00
Martin Schwenke
23982477f3 ctdb-tests: Add handling for skipped tests
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2019-10-04 09:41:28 +00:00
Martin Schwenke
473a6fed11 ctdb-tests: Add a special failure code when a test error occurs
Use it when a test is not executable.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2019-10-04 09:41:28 +00:00
Martin Schwenke
55dd0f047f ctdb-tests: Move test status interpretation to ctdb_test_run()
It makes sense to do this in one place in case other headers/footers
are added.

Simplify ctdb_test_end() accordingly, reindenting because nearly all
lines are modified.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2019-10-04 09:41:28 +00:00
Martin Schwenke
47c9b79262 ctdb-tests: Move use of show_progress() into ctdb_test_run()
This allows more variables to be set in this function because they are
no longer in a sub-shell.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2019-10-04 09:41:28 +00:00
Martin Schwenke
e7e6f4067e ctdb-tests: Simplify ctdb_test_run()
Only the test file name is ever passed.

Reindent while touching many existing lines.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2019-10-04 09:41:28 +00:00
Martin Schwenke
dc8ddbb084 ctdb-tests: Switch TEST_CLEANUP and TEST_TIMEOUT to script variables
These are not used outside this script so they do not need to be
environment variables.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2019-10-04 09:41:28 +00:00
Martin Schwenke
0ec83f32fa ctdb-tests: Add new test functions for running commands on nodes
* ctdb_onnode()
* testprog_onnode()
* function_onnode()

These encapsulate familiar patterns found when running
try_command_on_node().  The new function names are more concise and
encourage more readable tests.  Test writers can do less thinking
about the subtleties of running different types of commands on nodes.
For example, these functions ensure that $CTDB and $VALGRIND are used
in the correct contexts.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2019-10-04 09:41:28 +00:00
Martin Schwenke
38b838b59c ctdb-tests: try_command_on_node() should return status of command
There is no point folding this down to 1.  Tests should be able to see
the original value, if required.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2019-10-04 09:41:28 +00:00
Martin Schwenke
e494eb3e8c ctdb-tests: Drop unused function ctdb_test_check_real_cluster()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2019-10-04 09:41:28 +00:00
Martin Schwenke
38138b42f7 ctdb-tests: Update preamble for CLUSTER tests
The main change is to source cluster.bash instead of integration.bash.

While touching the preamble, the following additional changes are also
made:

* Drop test_info() definition and replace it with a comment

  The use of test_info() is pointless.

* Drop call to ctdb_test_check_real_cluster()

  cluster.bash now does this.

* Drop call to cluster_is_healthy()

  This is a holdover from when the previous test would restart daemons
  to get things ready for a test.  There was also a bug where going
  into recovery during the restart would sometimes cause the cluster
  to become unhealthy.  If we really need something like this then we
  can add it to ctdb_test_init().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2019-10-04 09:41:28 +00:00