Volker Lendecke [Wed, 24 May 2017 14:22:34 +0000 (16:22 +0200)]
tevent: Fix a race condition in tevent context rundown
We protect setting tctx->event_ctx=NULL with tctx->event_ctx_mutex.
But in _tevent_threaded_schedule_immediate we have the classic
TOCTOU race: After we checked "ev==NULL", looking at
tevent_common_context_destructor the event context can go after
_tevent_threaded_schedule_immediate checked. We need to serialize
things a bit by keeping tctx->event_ctx_mutex locked while we
reference "ev", in particular in the
DLIST_ADD_END(ev->scheduled_immediates,im);
I think the locking hierarchy is still maintained, tevent_atfork_prepare()
first locks all the tctx locks, and then the scheduled_mutex. Also,
I don't think this will impact parallelism too badly: event_ctx_mutex
is only used to protect setting tctx->ev.
Found by staring at code while fixing the FreeBSD memleak due to
not destroying scheduled_mutex.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 9 00:45:26 CEST 2017 on sn-devel-144
messaging: fix net command failure due to unhandled return code
messaging_init_internal() blanket returned NT_STATUS_INTERNAL_ERROR
instead of correctly changing the return code to an NTSTATUS code. Also
return more appropriate mem error.
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Jun 8 08:04:05 CEST 2017 on sn-devel-144
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 8 00:27:24 CEST 2017 on sn-devel-144
Amitay Isaacs [Thu, 1 Jun 2017 06:03:43 +0000 (16:03 +1000)]
ctdb-client: Document ctdb client API
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Jun 7 20:19:06 CEST 2017 on sn-devel-144
Richard Sharpe [Tue, 6 Jun 2017 20:34:51 +0000 (13:34 -0700)]
Log the actual error returned when creating a pipe for client logging in CTDB fails. Helps with debugging issues.
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 7 09:22:29 CEST 2017 on sn-devel-144
Garming Sam [Wed, 15 Mar 2017 03:40:16 +0000 (16:40 +1300)]
selftest/rodc: Do not run in single mode, this causes deadlocks
Attempting to 'ls' the file server against a single process AD will get
stuck. This also appears as the KDC being busy.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Jun 7 05:14:17 CEST 2017 on sn-devel-144
Noel Power [Fri, 2 Jun 2017 14:50:48 +0000 (15:50 +0100)]
s3/utils: Add warning to testparm for "client ipc signing" param values
We should warn about security sensitive settings where we can,
client ipc signing has 2 values that can allow connections to proceed
without SMB signing. This may be unavoidable (e.g. connecting to legacy
systems) but nevertheless it is worthwhile to warn.
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 6 22:40:12 CEST 2017 on sn-devel-144
Anoop C S [Mon, 5 Jun 2017 16:40:44 +0000 (22:10 +0530)]
wscript: Fix some typos
Signed-off-by: Anoop C S <anoopcs@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 6 05:26:37 CEST 2017 on sn-devel-144
Douglas Bagnall [Thu, 1 Jun 2017 03:26:48 +0000 (15:26 +1200)]
selftest: use an additional directory of knownfail/flapping files
This makes it easier to add a temporary knownfail to cover a patch
series.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jun 3 13:55:41 CEST 2017 on sn-devel-144
vfs_gpfs: Fix compile error in gpfsacl_sys_acl_set_fd
../source3/modules/vfs_gpfs.c: In function ‘gpfsacl_sys_acl_set_fd’:
../source3/modules/vfs_gpfs.c:1280:6: error: passing argument 2 of ‘gpfsacl_sys_acl_set_file’ from incompatible pointer type [-Werror]
SMB_ACL_TYPE_ACCESS, theacl);
^
../source3/modules/vfs_gpfs.c:1235:12: note: expected ‘const struct smb_filename *’ but argument is of type ‘char *’
static int gpfsacl_sys_acl_set_file(vfs_handle_struct *handle,
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 3 05:52:32 CEST 2017 on sn-devel-144
s4:torture: Fix comparison between pointer and zero character constant
Fixes building with GCC 7.1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 1 23:42:58 CEST 2017 on sn-devel-144
waf: Do not trhow a format-truncation error for test/snprintf.c
This fixes building with GCC 7.1
Error:
../lib/replace/test/testsuite.c:355:6: error: ‘%d’ directive output
truncated writing 1 byte into a region of size 0
[-Werror=format-truncation=]
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Garming Sam [Thu, 1 Jun 2017 02:36:07 +0000 (14:36 +1200)]
dnsserver: Stop dns_name_equal doing OOB read
This has been the cause of a large number of flakey autobuilds. Every
now and again dns_name_equal would not be equal between two empty
strings, thus causing failures.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12813
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 1 19:34:38 CEST 2017 on sn-devel-144
Martin Schwenke [Thu, 1 Jun 2017 04:37:40 +0000 (14:37 +1000)]
ctdb-common: Fix crash in logging initialisation
Setting CTDB_LOGGING to syslog:nonblocking or syslog:udp will cause
ctdbd to crash at startup due to NULL pointer dereference.
Refactoring in commit c9124a001f5abf7bb577a8f5341da4cc7411ed22
introduced this regression.
mit_samba: Fix the MIT KDC build with the latest changes
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Jun 1 07:12:47 CEST 2017 on sn-devel-144
Jeremy Allison [Thu, 25 May 2017 23:42:04 +0000 (16:42 -0700)]
s3: VFS: Change SMB_VFS_GETXATTR to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 1 02:58:53 CEST 2017 on sn-devel-144
Jeremy Allison [Tue, 30 May 2017 18:46:49 +0000 (11:46 -0700)]
s3: lib: Add new utility function cp_smb_filename_nostream().
Will be needed when we migrate lower-level VFS functions to
take an struct smb_filename *, especially the SYS_ACL and
XATTR modification modules, as these must ignore a passed-in
stream name.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Bartlett [Thu, 11 May 2017 23:55:45 +0000 (01:55 +0200)]
dsdb: Use ldb_handle_use_global_event_context for rootdse modifies
The modify operations on the rootDSE turn into IRPC messages, and these need
to be handled on the global event context, not the per-operation context
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 31 10:47:46 CEST 2017 on sn-devel-144
Andrew Bartlett [Thu, 30 Mar 2017 00:25:35 +0000 (13:25 +1300)]
schema: Use ldb_schema_set_override_indexlist for faster index selection
This allows Samba to provide a binary tree lookup for the existance of an index on the attribute
rather than the O(n) lookup that was being done for each attribute during a search or modify
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 30 Mar 2017 00:54:58 +0000 (13:54 +1300)]
ldb: Version 1.1.30
* let ldbdump parse the -i option
* don't allow the reveal_internals control for ldbedit
* only allow --show-binary for ldbsearch
* don't let ldbsearch create non-existing files
* fix ldb_tdb search inconsistencies
* add cmocka based tests
* provide an interface for improved indexing for callers
like Samba, which will allow much better performance.
* Makes ldb access to tdb:// databases use a private event context
rather than the global event context passed in by the caller.
This is because running other operations while locks are held
or a search is being conducted is not safe.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 5 May 2017 06:25:40 +0000 (08:25 +0200)]
ldb: Add ldb_handle_use_global_event_context()
This will allow the IRPC to be processed in the main event loop of the
server, not the private event context for this request
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 12 May 2017 00:30:01 +0000 (02:30 +0200)]
ldb: Use the private event context in ldb_tdb and ldb_wait()
This enables the previous commits, and ensures that ldb_tdb is safe from operations while locks
are held
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 12 May 2017 00:28:02 +0000 (02:28 +0200)]
ldb: Force use of a private event context in ldb_tdb
ldb_tdb holds locks while making callbacks, so force the use of a per-request event context
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 12 May 2017 00:26:04 +0000 (02:26 +0200)]
ldb: Create private event contexts in top level requests, chain to children
We must ensure that the ldb_request we call ldb_wait() will share an event context with all
the eventual request that the ldb backend creates events on
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 12 May 2017 00:21:28 +0000 (02:21 +0200)]
ldb: Add ldb_set_require_private_event_context()
This will allow us to force use of the global event context for use when Samba
must make an IRPC call from within the ldb stack, to another part of the same
process
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 4 May 2017 09:39:21 +0000 (11:39 +0200)]
ldb: Add ldb_handle_get_event_context()
This will allow us to obtain a private event context for use while we hold
locks in ldb_tdb, that is not shared with the global state of the application.
This will ensure we do not perform other operations while we hold the lock
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 4 May 2017 20:27:24 +0000 (22:27 +0200)]
ldb: Add ldb_build_req_common() helper function
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 30 Mar 2017 00:10:22 +0000 (13:10 +1300)]
ldb_tdb: Avoid reading the index list from the DB if we are already set to override it
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 30 Mar 2017 00:23:44 +0000 (13:23 +1300)]
ldb: Allow a caller (in particular Samba) to handle the list of attributes with an index
By doing that, Samba will use a binary search to locate the attributes
rather than an O(n) search, during every search or modify of the database.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 30 Mar 2017 00:21:34 +0000 (13:21 +1300)]
ldb_tdb: consistently use ltdb->cache->attribute_indexes to determine if we have indexes
This is instead of checking the number of elements via ltdb->cache->indexlist->num_elements
In turn, this allows us to avoid fetching ltdb->cache->indexlist in the future
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 30 Mar 2017 00:07:16 +0000 (13:07 +1300)]
ldb_tdb: change the arguments to ldb_is_indexed() to provide the ltdb_private
By doing this, we can be more efficient in locating if we have an index in
the future.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 30 Mar 2017 00:10:08 +0000 (13:10 +1300)]
ldb_tdb: Split index load out into a sub-funciton: ltdb_index_load
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-With: Ralph Boehme <slow@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 31 06:33:00 CEST 2017 on sn-devel-144
Volker Lendecke [Mon, 29 May 2017 14:15:50 +0000 (16:15 +0200)]
lib: Remove use of MSG_NOSIGNAL
According to susv4 sendmsg, NOSIGAL is effective for stream-oriented sockets.
Datagram sockets won't send SIGPIPE anyway. Looking at Linux kernel sources,
this is only looked at in stream functions. I guess this is a left-over from my
tmsgd attempts, which was based on stream sockets. messaging_dgm still only
uses datagram sockets, so MSG_NOSIGNAL is not needed here.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue May 30 16:39:12 CEST 2017 on sn-devel-144
This is completely untested and from reading the code it doesn't really
do anything beside always returning None from the get_class_object() method.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 30 12:16:57 CEST 2017 on sn-devel-144
Garming Sam [Tue, 11 Apr 2017 03:51:50 +0000 (15:51 +1200)]
netlogon: Implement SendToSam along with its winbind forwarding
This allows you to forward bad password count resets to 0. Currently,
there is a missing access check for the RODC to ensure it only applies
to cached users (msDS-Allowed-Password-Replication-Group).
(further patches still need to address forcing a RWDC contact)
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 20 Apr 2017 04:55:58 +0000 (16:55 +1200)]
netlogon_creds_cli: Do not corrupt authenticator state on application level errors
If the NETLOGON response was an error e.g. NT_STATUS_NOT_IMPLEMENTED, any subsequent
calls failed with NT_STATUS_ACCESS_DENIED. This is likely to be the cause of RODC DNS
updates falling off and never continuing.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
projects / thirdparty / samba.git / log
