Andrew Bartlett [Wed, 16 Aug 2017 00:51:09 +0000 (12:51 +1200)]
ldb_tdb: Rework ltdb_modify_internal() to use ltdb_search_dn1() internally
This avoids duplicate code and allows us to use the allocation-avoiding
LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC flag.
We can not use LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC as el2->values
is talloc_realloc()ed in the routine.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 29 11:13:50 CEST 2017 on sn-devel-144
Andrew Bartlett [Thu, 10 Aug 2017 23:31:05 +0000 (11:31 +1200)]
ldb: Add LDB_UNPACK_DATA_FLAG_NO_ATTRS
This will allow us to avoid a full unpack in situations where we just want to confirm
if the DN exists
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit bff81a2c9cc43a2cfec822dde94944d0295dd87f)
Once the recovery starts and databases are frozen, then all the record
access is postponed till the recovery is complete except reading the
database sequence number. Database access for reading sequence number
is done via a control which does not check if the databases are frozen
or not.
If the database is frozen and if the freeze transaction is not started
(this can happen when a node is inactive, or during recovery when the
database is frozen but the transaction has not yet started), then trying
to read sequence number will cause ctdb daemon to deadlock.
Before reading the sequence number, check if the database access is
allowed.
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit f57d379446c551bca5906247c622e857c77089b0)
Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Wed Sep 13 19:52:24 CEST 2017 on sn-devel-144
Ralph Boehme [Fri, 8 Sep 2017 10:19:03 +0000 (12:19 +0200)]
s3/smbd: sticky write time offset miscalculation causes broken timestamps
The offset calculation for the offset that got passed to
fetch_write_time_send() in the enumeration loop was wrong as it passed
the offset before smbd_dirptr_lanman2_entry() added required padding.
This resulted in broken timestamps in the find response.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Sep 12 02:45:46 CEST 2017 on sn-devel-144
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit c754f48575a5034242594762d62261a48025cebc)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 5f87a05aa314776135eec1057dd644c0b25a9d14)
to probe for the Intel AES instructions at runtime (only once)
and then call the hardware implementations if so, otherwise
fall back to the software implementations.
Based on original work by Justin Maggard <jmaggard@netgear.com>
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 53ac0f7c59a9192e4fa88bf3d257ad80379ded23)
Jeremy Allison [Thu, 31 Aug 2017 18:41:32 +0000 (11:41 -0700)]
lib: crypt: Prepare the existing code to switch to Intel AES hardware instructions.
Rename the old struct aes_key as an intermediate struct aes_key_rj
and wrap it in a union so we can chose an alternate aes_key struct
when using Intel AES hardware.
Based on original work by Justin Maggard <jmaggard@netgear.com>
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 3324b55bde96d4098df2f1138be5fd243206ceba)
Based on original work by Justin Maggard <jmaggard@netgear.com>
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 11a56768950e1caae302507e15e58eb1c316c30a)
Jeremy Allison [Wed, 6 Sep 2017 16:44:42 +0000 (09:44 -0700)]
third_party: Add the Intel Add support for AES-NI acceleration.
This commit takes the Linux kernel AES-NI code, and puts it into a
third_party private library. The Linux kernel code is under GPLv2+
so is compatible with Samba.
This can result in massive speed improvements (up to 200% on some
platforms), by using Intel AES-NI instructions.
These are the pristine check-ins of Linux kernel files for Intel AESNI crypto.
Based on original work by Justin Maggard <jmaggard@netgear.com>
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 421fa346de575ebbed3496dc203011b80537bd8a)
Volker Lendecke [Mon, 28 Aug 2017 14:38:19 +0000 (16:38 +0200)]
pthreadpool: Fix fork behaviour
glibc's pthread_cond_wait(&c, &m) increments m.__data.__nusers, making
pthread_mutex_destroy return EBUSY. Thus we can't allow any thread waiting for
a job across a fork. Also, the state of the condvar itself is unclear across a
fork. Right now to me it looks like an initialized but unused condvar can be
used in the child. Busy worker threads don't cause any trouble here, they don't
hold mutexes or condvars. Also, they can't reach the condvar because _prepare
holds all mutexes.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13006 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit ff98e3fb666b57b56a1427aa1196948ceebdec66)
Andrew Bartlett [Thu, 3 Aug 2017 23:44:19 +0000 (11:44 +1200)]
s4-drsuapi: Avoid segfault when replicating as a non-admin with GUID_DRS_GET_CHANGES
Users who are not administrator do not get b_state->sam_ctx_system filled in.
We should probably use the 'sam_ctx' variable in all cases (instead of
b_state->sam_ctx*), but I'll make this change in a separate patch, so
that the bug fix remains independent from other tidy-ups.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit dd863b604984c1504895f376ec64f58e27e53efa)
Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Thu Aug 31 14:02:51 CEST 2017 on sn-devel-144
Ensure fake_snap.pl can be run in taint mode (-T), by sanitizing paths
and the PATH env. This fixes the following samba3.rpc.fsrvp selftest
failures:
Insecure dependency in mkdir while running setgid at (eval 2) line 4.
snap create failed: NT_STATUS_UNSUCCESSFUL
snap create failed for shadow copy of /home/ddiss/isms/samba/st/nt4_dc/share
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 29 04:54:51 CEST 2017 on sn-devel-144
Christof Schmitt [Wed, 23 Aug 2017 21:37:28 +0000 (14:37 -0700)]
vfs_default: Fix passing of errno from async calls
Current code assigns errno from async pthreadpool calls to the
vfs_default internal vfswrap_*_state. The callers of the vfs_*_recv
functions expect the value from errno in vfs_aio_state.error.
Correctly assign errno to vfs_aio_state.error and remove the unused
internal err variable.
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Aug 25 13:32:58 CEST 2017 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 4a4bfcb539b4489f397b2bc9369215b7e03e620e)
s3:utils: Make sure we authenticate against our SAM name in smbpasswd
If a local user wants to change his password using smbpasswd and the
machine is a domain member, we need to make sure we authenticate against
our SAM and not ask winbind.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit dc129a968afdac8be70f9756bd18a7bf1f4c3b02)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit b483340639157fe95777672f5723455c48c3c616)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 41a31a71abe144362fc7483fabba39aafa866373)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit c773844e7529b83b2633671c7bcf1e7b84ad7950)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
(cherry picked from commit 7a554ee7dcefdff599ebc6fbf4e128b33ffccf29)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 18 10:04:57 CEST 2017 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 37e49a2af5bb1c40c17eab18ff9412f2ce79ef71)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 18 04:45:03 CEST 2017 on sn-devel-144
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 428fc22e8bb7b7a74ba9e29bf962ebfbfd50c47b)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 11 22:09:27 CEST 2017 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit b81ca4f9dcbb378a95fb3ac31bfd9a1cbe505d7d)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 21 23:29:39 CEST 2017 on sn-devel-144
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 2901ed0deb1324cacdc804fe5a09468a91661f9d)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ecca95736d3994011de2d3fd882b58ab9b450a83)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 379e5c1c2fa75c30b08bea7079cf1e9c46db0b26)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3111463e743dfda89002f1047d1030ab617e5277)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0f9d10246071160dc736205af234ab0ca456d0dc)
s3:libsmb: Print the kinit failed message with DBGLVL_NOTICE
The default debug level of smbclient is set to 'log level = 1'. So we
need to use at least NOTICE to not get the message when we do not force
kerberos.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 6d7681c73dc68930dc39f05d58c2679b7c84ad97)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 95e30b081f273f2d156792577179c5220c0a10cc)
Andrew Bartlett [Wed, 9 Aug 2017 04:44:24 +0000 (16:44 +1200)]
s4/lib/tls: Use SHA256 to sign the TLS certificates
The use of SHA-1 has been on the "do not" list for a while now, so make our
self-signed certificates use SHA256 using the new
gnutls_x509_crt_sign2 provided since GNUTLS 1.2.0
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12953
(cherry picked from commit 5bb341fb9ceb943b4a72108edee9046b60f070b0)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 11 18:08:04 CEST 2017 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 9 13:37:47 CEST 2017 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 1c3b678e7dc7481cf2e97cdf136358d5fe53d9d3)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b5283c70e3924730b567772105ec6056831a6b53)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 15 08:06:40 CEST 2017 on sn-devel-144
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 27 01:34:12 CEST 2017 on sn-devel-144
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit dbd32932463935cd47c55a9e1afdaccd7f6daf4d)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 4cc104d015bdfeb631c7c8f5252fc31727a128ca)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 74b589799e794cc8872a7d3845ced9f5087a8366)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit b1450af1c3c7ddc0573510706d605eedecaff61c)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1d6b98cdab4f0a400673cf967225214e858ab1ee)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1fb46b76dbcf28d8c71ff1096c402953a90bcf5f)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 5c8a98c2dae92c71873798eb37f506093700a14c)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit c27a6438cb3dd98fc300311a951b91be91610a90)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 99e4bea89e82327e6de3adf7e8411eb9a89f54db)
Jeremy Allison [Mon, 24 Jul 2017 19:11:03 +0000 (12:11 -0700)]
lib: ldb: Use NULL to allocate modules not talloc_autofree_context().
ldb modules are not (yet) unloaded and are only loaded once (there is a check
that makes sure of this). Allocate off the NULL context. We never want this
to be freed until process shutdown. If eventually we add the ability to
unload ldb modules we can add a deregister function that walks and frees the list.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 41b1f8a20c7db6b79706a4aebcc7074149a6ab62)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fe2ac3e304201d18ca15d388b622a4f15f72ad0a)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1c1fce74142f1ba982fee045cdb72938faabe5d5)
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 34ca1b3af46d0e647f1094a75844128a30f61330)
Tim Beale [Tue, 4 Jul 2017 05:27:27 +0000 (17:27 +1200)]
selftest: Add test for password change when NTLM is disabled
When NTLM is disabled, the server should reject NTLM-based password
changes. Changing the password is a bit complicated from python, but
because the server should reject the password change outright with
NTLM_BLOCKED, the test doesn't actually need to provide valid
credentials.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 21 13:54:35 CEST 2017 on sn-devel-144
Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 90487259e365d5b966ccc47ac51eadb4733f3197)
Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Mon Aug 14 14:35:34 CEST 2017 on sn-devel-144
Ralph Boehme [Wed, 24 May 2017 07:17:19 +0000 (09:17 +0200)]
vfs_fruit: factor out common code from ad_get() and ad_fget()
As a result of the previous changes ad_get() and ad_fget() do completey
the same, so factor out the common code to a new helper function. No
change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug 9 22:33:36 CEST 2017 on sn-devel-144
Ralph Boehme [Tue, 23 May 2017 15:44:16 +0000 (17:44 +0200)]
vfs_fruit: return fake pipe fd in fruit_open_meta_netatalk()
Do not open the basefile, that conflict with "kernel oplocks = yes". We
just return a fake file fd based on dup'ing a pipe fd and ensure all VFS
functions that go through vfs_fruit and work on the metadata stream can
deal with it.
Ralph Boehme [Tue, 23 May 2017 15:31:47 +0000 (17:31 +0200)]
vfs_fruit: don't open basefile in ad_open() and simplify API
We never need an fd on the basefile when operating on the metadata, as
we can always use path based syscalls. Opening the basefile conflicts
with "kernel oplocks" so just don't do it.
Additional changes:
- remove the adouble_type_t argument to ad_open(), the type is passed
and set when allocating a struct adouble with ad_alloc()
- additionally pass an optional fsp to ad_open() (so the caller can pass
NULL). With this change we can move the fd inheritance from fsp to ad
into ad_open() itself where it belongs and remove it from the caller
ad_fget()
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit e92a39255e66f655e2758f0a71a01eaf258cf711)
Ralph Boehme [Thu, 18 May 2017 11:17:38 +0000 (13:17 +0200)]
s4/torture: additional tests for kernel-oplocks
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit bbc225de83e7b0e5eaeb1b843532d1f0fca91a3c)
Ralph Boehme [Wed, 10 May 2017 09:38:06 +0000 (11:38 +0200)]
s4/torture: reproducer for kernel oplocks issue with streams
test_smb2_kernel_oplocks3() wouldn't have failed without the patches,
I'm just adding it to have at least one test that tests with 2
clients. All other tests use just one client.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit a334fff8a8c779704ee04ae784024efb67a6e9c9)
Ralph Boehme [Thu, 11 May 2017 16:08:56 +0000 (18:08 +0200)]
vfs_streams_xattr: return a fake fd in streams_xattr_open()
The final step in changing vfs_streams_xattr to not call open() on the
basefile anymore. Instead, we just return a fake file fd based on
dup'ing a pipe fd. Previous commits ensured all calls to VFS API
functions use pathname based versions to do their work.
This ensures we don't trigger kernel oplock breaks for client "open
stream" requests when needlessly opening the basefile.
Ralph Boehme [Thu, 11 May 2017 16:05:18 +0000 (18:05 +0200)]
vfs_streams_xattr: implement all missing handle based VFS functions
Implement all missing handle based VFS function. If the call is on a
named stream, implement the appropriate action for the VFS function, in
most cases a no-op.
projects / thirdparty / samba.git / log
