selftest: add some basic testing for the io_uring vfs module
We're now able to build it on all linux systems and
the ci runners have at least a 5.4 kernel. That's
all the current vfs_io_uring requires.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Sep 17 18:04:18 UTC 2023 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Kalugin <pkalugin@inno.tech> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 14 22:30:06 UTC 2023 on atb-devel-224
Pavel Kalugin [Sun, 20 Aug 2023 20:50:38 +0000 (23:50 +0300)]
s3:netapi: Fix a leak in libnetapi_net_init()
Allow libnetapi_net_init() to be called more than once without
leaking libnetapi_ctx allocated on a previous call, which is
currently the case in the `net rpc` code.
Signed-off-by: Pavel Kalugin <pkalugin@inno.tech> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pavel Kalugin [Sun, 20 Aug 2023 20:06:56 +0000 (23:06 +0300)]
libnetapi: Use lpcfg_set_cmdline()
Replace lp_set_cmdline() with lpcfg_set_cmdline() in netapi.c.
For this purpose:
1. Add loadparm_context to the libnetapi_ctx because we need it
in libnetapi_set_debuglevel() and libnetapi_set_logfile().
2. Move loadparm_context creation from libnetapi_net_init()
to libnetapi_init() and add the lp_ctx parameter to the former.
Signed-off-by: Pavel Kalugin <pkalugin@inno.tech> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 13 Sep 2023 20:02:50 +0000 (08:02 +1200)]
build: Remove -Wno-error=missing-field-initializers from Heimdal build
This allows this warning (error) to be used in Samba for cases where a
non-designated initialiser is under-specified. We can do this now as
the GCC versions we build on do not regard foo = {} as an error.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Wed, 6 Sep 2023 01:09:24 +0000 (13:09 +1200)]
s4:kdc: Don’t prepend useless colon to MIT KDC logging messages
If we pass an empty string as the ‘whoami’ parameter, MIT’s logging
facilities will prepend a mysterious colon to the message. Printing
“mitkdc: ” ought at least to be more sensible, and perhaps more closely
to match our behaviour prior to commit dd8138236bec3635c25e5b482b7a14faa0a9c36b.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 5 Sep 2023 23:03:02 +0000 (11:03 +1200)]
s4:wrepl_server: Correctly read ‘type’ element
winsdb_message() stores this element as hexadecimal, which format
ldb_msg_find_attr_as_uint() cannot cope with. Permit this element to be
in either decimal or hexadecimal format.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 5 Sep 2023 04:38:23 +0000 (16:38 +1200)]
s4:dsdb: Switch to using smb_krb5_princ_component()
This function has the handy feature of being able to be called twice in
succession without mysteriously breaking your code. Now, doesn’t that
sound useful?
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 5 Sep 2023 02:08:25 +0000 (14:08 +1200)]
s4:kdc: Rename ‘status’ variables to ‘reply_status’
This makes it clearer what these variables are used for, and avoids
confusion with the similarly‐named ‘nt_status’ variables — also used in
these functions.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 5 Sep 2023 01:23:35 +0000 (13:23 +1200)]
s4:kdc: Make ‘struct pac_blobs’ memory handling safer and more consistent
Having pac_blobs::type_blobs be managed both by talloc and by the
‘pac_blobs’ structure itself (with pac_blobs_destroy()) is very prone to
error. So is the current situation of having the other ‘pac_blobs’
functions each take in a memory context.
Improve these circumstances by requiring ‘pac_blobs’ to be managed by
talloc. Now the other functions can dispense with their ‘mem_ctx’
parameters, being instead able to allocate on to the ‘pac_blobs’
structure itself. pac_blobs_init() no longer must be a separate
function; inline it into pac_blobs_from_krb5_pac(). pac_blobs_destroy(),
being no longer of use, can go too.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 4 Sep 2023 22:44:55 +0000 (10:44 +1200)]
s4:kdc: Don’t corrupt domain groups structure if talloc_realloc() fails
Introduce a temporary variable instead of assigning the result of
talloc_realloc() directly to samr_RidWithAttributeArray::rids. In this
way we avoid having a structure with a non‐zero ‘count’ but with ‘rids’
set to the NULL pointer.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 4 Sep 2023 01:20:34 +0000 (13:20 +1200)]
s4:kdc: Add correct Asserted Identity SID in response to an S4U2Self request
I’m not sure exactly how this check was supposed to work. But in any
case, within fast_unwrap_request() the Heimdal KDC replaces the outer
padata with the padata from the inner FAST request. Hence, this check
does not accomplish anything useful: at no point should the KDC plugin
see the outer padata.
A couple of unwanted consequences resulted from this check. One was that
a client who sent empty FX‐FAST padata within the inner FAST request
would receive the *Authentication Authority* Asserted Identity SID
instead of the *Service* Asserted Identity SID. Another consequence was
that a client could in the same manner bypass the restriction on
performing S4U2Self with an RODC‐issued TGT.
Overall, samba_wdc_is_s4u2self_req() is somewhat of a hack. But the
Heimdal plugin API gives us nothing better to work with.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
nsswitch/wb_common.c: fix socket fd and memory leaks of global state
When we are called in wb_atfork_child() or winbind_destructor(),
wb_thread_ctx_destructor() is not called for the global state
of the current nor any other thread, which means we would
leak the related memory and socket fds.
Now we maintain a global list protected by a global mutex.
We traverse the list and close all socket fds, which are no
longer used (winbind_destructor) or no longer valid in the
current process (wb_atfork_child), in addition we 'autofree'
the ones, which are only visible internally as global (per thread)
context.
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Sep 14 18:53:07 UTC 2023 on atb-devel-224
nsswitch/wb_common.c: don't operate on a stale wb_global_ctx.key
If nss_winbind is loaded into a process that uses fork multiple times
without any further calls into nss_winbind, wb_atfork_child handler
was using a wb_global_ctx.key that was no longer registered in the
pthread library, so we operated on a slot that was potentially
reused by other libraries or the main application. Which is likely
to cause memory corruption.
So we better don't call pthread_key_delete() in wb_atfork_child().
Reported-by: Krzysztof Piotr Oledzki <ole@ans.pl> Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
projects / thirdparty / samba.git / log
