1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

108064 Commits

Author SHA1 Message Date
Jeremy Allison
fed54ca01d s3: VFS: Remove old traces of smb_vfs_call_llistxattr().
This call doesn't exist anymore.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2017-06-18 02:49:24 +02:00
Stefan Metzmacher
156fe6e4d6 s4:libcli/smb_composite: make the additional gensec_update steps async
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jun 17 20:54:59 CEST 2017 on sn-devel-144
2017-06-17 20:54:59 +02:00
Stefan Metzmacher
664b2ed36b s4:libcli/smb_composite: add early returns to sesssetup.c:request_handler()
This makes it much clearer under which condutions the following code
operates.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-17 16:48:11 +02:00
Stefan Metzmacher
21c088dac6 s4:libcli/smb_composite: make the first round to gensec async
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-17 16:48:11 +02:00
Stefan Metzmacher
043753702c s4:libcli/smb_composite: move gensec_update_ev() out of session_setup_spnego()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-17 16:48:11 +02:00
Stefan Metzmacher
3420a5c391 s4:libcli/smb_composite: move session_setup_spnego_restart() to the callers of session_setup_spnego()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-17 16:48:11 +02:00
Stefan Metzmacher
048ed2926f s4:libcli/smb_composite: split out session_setup_spnego_restart() from session_setup_spnego()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-17 16:48:11 +02:00
Stefan Metzmacher
068817a914 s4:libcli/smb_composite: move chosen_oid to state->chosen_oid
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-17 16:48:11 +02:00
Stefan Metzmacher
4b88f6a88c s4:libcli/smb_composite: simplify gensec_update_ev() handling in session_setup_spnego()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-17 16:48:11 +02:00
Stefan Metzmacher
c3a47ceab4 auth/gensec: add GENSEC_UPDATE_IS_NTERROR() helper macro
This allows us to write clearer code that
checks for NT_STATUS_OK and NT_STATUS_MORE_PROCESSING_REQUIRED.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-17 16:48:11 +02:00
Stefan Metzmacher
67dd9ceee6 auth/gensec: clear the update_busy_ptr in gensec_subcontext_start()
This is required to support async subcontexts.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-17 16:48:11 +02:00
Amitay Isaacs
6ebcba49d0 ctdb-recovery: Delete empty records during recovery
Persistent databases are now always recovered by sequence number.  So
there is no need to keep the empty records in the database since they
will never be recovered record-by-record using RSN.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Jun 17 16:47:55 CEST 2017 on sn-devel-144
2017-06-17 16:47:55 +02:00
Amitay Isaacs
1a2aef042e ctdb-daemon: Delete empty records from persistent database
Persistent databases are now always recovered by sequence number.  So
there is no need to keep the empty records in the database since they
will never be recovered record-by-record using RSN.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-06-17 12:36:16 +02:00
Stefan Metzmacher
bb5c394fde s3:smb2_sesssetup: allow a compound request after a SessionSetup
This is not a full fix yet as we don't allow compound requests
after going async.

With SMB 3.11 requiring signed TreeConnect requests it's pointless
to try to compound requests after a SessionSetup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12845

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 17 10:55:25 CEST 2017 on sn-devel-144
2017-06-17 10:55:25 +02:00
Stefan Metzmacher
f8974bcdbf s3:smb2_tcon: allow a compound request after a TreeConnect
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12844

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-06-17 06:39:20 +02:00
Jeremy Allison
bd31d538a2 s3: libsmb: Correctly save and restore connection tcon in smbclient, smbcacls and smbtorture3.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2017-06-17 06:39:20 +02:00
Jeremy Allison
50f50256aa s3: libsmb: Correctly do lifecycle management on cli->smb1.tcon and cli->smb2.tcon.
Treat them identically. Create them on demand after for a tcon call,
and delete them on a tdis call.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2017-06-17 06:39:20 +02:00
Jeremy Allison
c9178ed9cc s3: libsmb: Fix cli_state_has_tcon() to cope with SMB2 connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2017-06-17 06:39:20 +02:00
Jeremy Allison
93fa0c8660 s3: libsmb: Widen cli_state_get_tid() / cli_state_set_tid() to 32-bits.
Copes with SMB2 connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2017-06-17 06:39:20 +02:00
Jeremy Allison
5c0efc9a5e s3: smbtorture: Show correct use of cli_state_save_tcon() / cli_state_restore_tcon().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2017-06-17 06:39:20 +02:00
Jeremy Allison
39026f1c5d s3: libsmb: Add cli_state_save_tcon() / cli_state_restore_tcon().
Save and restore tcon pointers in smb1 or smb2 structs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2017-06-17 06:39:19 +02:00
Jeremy Allison
e726b60226 libcli: smb: Add smb2cli_tcon_set_id().
Will be used in test and client code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2017-06-17 06:39:19 +02:00
Jeremy Allison
655e106858 libcli: smb: Add smbXcli_tcon_copy().
Makes a deep copy of a struct smbXcli_tcon *, will
be used later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2017-06-17 06:39:19 +02:00
Andrew Bartlett
60cae0a704 dsdb: Add comment explaining requirements on DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 16 23:43:46 CEST 2017 on sn-devel-144
2017-06-16 23:43:46 +02:00
Andrew Bartlett
5561218d28 dsdb: Do not prevent searches for @ATTRIBUTES because the DB is not set up yet
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-06-16 19:34:17 +02:00
Andrew Bartlett
ec9b1e881c dsdb: Do not run dsdb_replace() on the calculated difference between old and new schema
We can set the database @INDEXLIST and @ATTRIBUTES to the full calculated
values, not the difference, and let the ldb layer work it out under the
transaction lock.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-06-16 19:34:17 +02:00
Andrew Bartlett
5067bceaa2 selftest: confirm that two attributes are also correctly set in the @ records
This shows that the current behaviour in dsdb_schema_set_indices_and_attributes(), while
not ideal, is not actually buggy.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-06-16 19:34:17 +02:00
Andrew Bartlett
cccd5786f0 selftest: Fix failure message in dsdb_schema_info
The rename changes the CN, not the lDAPDisplayName

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-06-16 19:34:17 +02:00
Stefan Metzmacher
b4ae820648 krb5_wrap: handle KRB5_ERR_HOST_REALM_UNKNOWN in smb_krb5_get_realm_from_hostname()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-16 19:34:17 +02:00
Stefan Metzmacher
3d96b093b7 s4:gensec_gssapi: fix CID 1409781: Possible Control flow issues (DEADCODE)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-16 19:34:17 +02:00
Andrew Bartlett
1b88c5d4c0 selftest: Also wait for winbindd to start
This ensures that the posixacl.py test does not race against winbindd starting up and so
give wrong mappings

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12843

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-06-16 19:34:17 +02:00
Andrew Bartlett
8d53ff10f8 selftest: Correctly print message when nbt is not up in 20 seconds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12843

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-06-16 19:34:17 +02:00
Volker Lendecke
1fe7ec237a tevent_threads: Fix a rundown race introduced with 1828011317
The race is easily reproduced by adding a poll(NULL,0,10) in between the two
pthread_mutex_unlock calls in _tevent_threaded_schedule_immediate.

Before 1828011317, the main thread was signalled only after the helper
had already unlocked event_ctx_mutex.

Full explaination follows:
-----------------------------------------------------------------
Inside _tevent_threaded_schedule_immediate() we have:

476         ret = pthread_mutex_unlock(&ev->scheduled_mutex);
477         if (ret != 0) {
478                 abort();
479         }

HERE!!!!

481         ret = pthread_mutex_unlock(&tctx->event_ctx_mutex);
482         if (ret != 0) {
483                 abort();
484         }

At the HERE!!! point, what happens is tevent_common_threaded_activate_immediate(),
which is blocked on ev->scheduled_mutex, get released and does:

514         while (ev->scheduled_immediates != NULL) {
515                 struct tevent_immediate *im = ev->scheduled_immediates;
516                 DLIST_REMOVE(ev->scheduled_immediates, im);
517                 DLIST_ADD_END(ev->immediate_events, im);
518         }

- making an immediate event ready to be scheduled.

This then returns into epoll_event_loop_once(), which then calls:

910         if (ev->immediate_events &&
911             tevent_common_loop_immediate(ev)) {
912                 return 0;
913         }

which causes the immediate event to fire. This immediate
event is the pthread job terminate event, which was previously
set up in pthreadpool_tevent_job_signal() by:

198         if (state->tctx != NULL) {
199                 /* with HAVE_PTHREAD */
200                 tevent_threaded_schedule_immediate(state->tctx, state->im,
201                                                    pthreadpool_tevent_job_done,
202                                                    state);

So we now call pthreadpool_tevent_job_done() - which does:

225         TALLOC_FREE(state->tctx);

calling tevent_threaded_context_destructor():

384         ret = pthread_mutex_destroy(&tctx->event_ctx_mutex); <---------------- BOOM returns an error !
385         if (ret != 0) {
386                 abort();
387         }

as we haven't gotten to line 481 above (the line after
HERE!!!!) so the tctx->event_ctx_mutex is still
locked when we try to destroy it.

So doing an additional:

        ret = pthread_mutex_lock(&tctx->event_ctx_mutex);
        ret = pthread_mutex_unlock(&tctx->event_ctx_mutex);

(error checking elided) forces tevent_threaded_context_destructor()
to wait until tctx->event_ctx_mutex is unlocked before it locks/unlocks
and then is guaranteed safe to destroy.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-06-16 19:34:17 +02:00
Andrew Bartlett
aafc1c2828 dsdb: Remember the last ACL we read during a search and what it expanded to
It may well be the same as the next one we need to check, so we can
avoid parsing it again.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 16 07:39:24 CEST 2017 on sn-devel-144
2017-06-16 07:39:24 +02:00
Andrew Bartlett
f7bcf7b972 dsdb: Cache the result of checking the parent ACL
This should help a lot for large one-level searches and for subtree searches that are of
flat tree structures

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-06-16 03:21:29 +02:00
Stefan Metzmacher
dda4c89126 WHATSNEW: change the default for "map untrusted to domain" to "auto"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-16 03:21:29 +02:00
Stefan Metzmacher
bcd558eb50 docs-xml: change the default for "map untrusted to domain" to "auto"
This makes the behaviour much more robust, particularly with forest child
domains over one-way forest trusts.

Sadly we don't support this kind of setup with our current ADDC, so
there's no way to have automated tests for this behaviour, but
at least we know it doesn't break any existing tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-16 03:21:29 +02:00
Stefan Metzmacher
b6e2ddaee1 docs-xml: document "map untrusted to domain = auto"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-16 03:21:29 +02:00
Stefan Metzmacher
ab36c1d152 docs-xml: improve documentation of "map untrusted to domain"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-16 03:21:29 +02:00
Stefan Metzmacher
bd69a3e2e9 auth3: prepare the logic for "map untrusted to domain = auto"
This implements the same behavior as Windows,
we should pass the domain and account names given
by the client directly to the auth backends,
they can decide if they are able to process the
authentication pass it to the next backend.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-16 03:21:29 +02:00
Stefan Metzmacher
a4839defc2 auth3: call is_trusted_domain() as the last condition make_user_info_map()
We should avoid contacting winbind if we already know the domain is our
local sam or our primary domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-16 03:21:29 +02:00
Douglas Bagnall
2a92cc1962 gitignore: ignore .gpg-* generated files (for ubuntu 16.04)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 15 21:40:08 CEST 2017 on sn-devel-144
2017-06-15 21:40:07 +02:00
Douglas Bagnall
ece7a75a42 repl_meta_data: single valued error codes depend on change type
A replace leads to CONSTRAINT_VIOLATION while an add causes
ATTRIBUTE_OR_VALUE_EXISTS. For this we need to check the mod type
before the replmd_modify_la_* calls because they change everything
into a replace.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 17:33:11 +02:00
Douglas Bagnall
e150697a1e replmd: special-case member return value in replmd_add_fix_la()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 17:33:11 +02:00
Douglas Bagnall
567848498f replmd: check duplicate linked attributes
This is simple enough because we already have the sorted list.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 17:33:10 +02:00
Garming Sam
990b23d7b6 replmd: check single values in replmd_add_fix_la
repl_meta_data knows whether linked attributes are appropriately
[un-]duplicated, and this is how it tells ldb_tdb that.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 17:33:10 +02:00
Douglas Bagnall
6f956cce62 ldb: 1.1.31
* Add efficient function to find duplicate values in ldb messages
  (this makes large multi-valued attributes in ldb_tdb more efficient)

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2017-06-15 17:33:10 +02:00
Douglas Bagnall
7d6f36aae3 ldb: relatively efficient functions for finding duplicate values
ldb backends need to make sure they are not adding duplicate values to
multi-valued attributes in ADD and MODIFY operations. Until now they
have done this inefficiently using nested loops. Here we add common
functions that deal with large numbers of values in O(n log n) time,
but continue to use the simple methods for small numbers of values.

These functions take a struct ldb_context pointer and an options flag
arguments, although the ldb is not used, and only one bit of the
options has meaning. This is to allow further patches to switch on
schema-aware comparisons.

This entails an ABI jump to add the two new functions.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 17:33:10 +02:00
Douglas Bagnall
f3703c1727 dsdb/tests/ldap: test single valued linked attributes
This fails, so we add it to selftest/knownfail.d/

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 17:33:10 +02:00
Douglas Bagnall
ccf61f9878 s4/linked_attribute tests: test duplicate values
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-15 17:33:10 +02:00