Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov 24 05:16:10 CET 2017 on sn-devel-144
Uri Simchoni [Wed, 22 Nov 2017 20:48:23 +0000 (20:48 +0000)]
pam_wrapper: Use a constant string format specifier in test
This fixes a warning about non-constant format specifier.
clang 4.0.0 warns against non-constant format specifier since
it cannot validate the format against the parameters.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(ported from pam_wrapper 9265da3857e9cfa7a00d1ab35aae1e0b0286efad)
Uri Simchoni [Sun, 19 Nov 2017 13:08:30 +0000 (13:08 +0000)]
pam_wrapper: use uintptr_t as base for const-discarding
Seems like HAVE_INTPTR_T is not available on FreeBSD. Use
the uintptr_t-base const discarding to avoid picky compiler
warnings (other places in Samba also use uintptr_t).
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(ported from pam_wrapper c611121eec7b5f2c39cab7b1c0295eddefdddb1d)
Uri Simchoni [Sun, 19 Nov 2017 18:44:06 +0000 (18:44 +0000)]
vfs_full_audit: make do_log() printf-aware
Add PRINTF_ATTRIBUTE() to do_log(). This removes
picky compiler warning about printf with variable
format string, and adds compiler checks for the format
strings supplied to do_log. This in turn spurred some
warnings which are fixed.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Tue, 21 Nov 2017 23:46:31 +0000 (12:46 +1300)]
schema_set: Add comment about set schema from ldif in a transaction
This is normally called with a transaction or before access is shared.
The python code and some tests may also cause an issue, but as these are
fixed at runtime, this is only a temporary issue that resolves itself.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Tue, 21 Nov 2017 23:34:01 +0000 (12:34 +1300)]
schema: Make writing indices flag an enum for a new state
In schema_load_init, we find that the writing of indices is not locked
in any way. This leads to race conditions. To resolve this, we need to
have a new state (SCHEMA_COMPARE) which can report to the caller that we
need to open a transaction to write the indices.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Mon, 20 Nov 2017 20:53:12 +0000 (20:53 +0000)]
build: ensure compiler flags are properly detected
While checking for compiler flag availability, treat warnings
as errors. Thus if the compiler only warns about unsupported flag,
it will fail the test and the flag shall be marked as unsupported.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 22 14:19:20 CET 2017 on sn-devel-144
Uri Simchoni [Tue, 21 Nov 2017 18:53:30 +0000 (20:53 +0200)]
build: allow specifying prerequisite flags when checking flags
In gcc, "-Wformat-security" is ignored unless "-Wformat" is also
specified. This patch allow adding a "prerequisite flag" to a flag
we're testing during configuration.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Mon, 20 Nov 2017 08:17:16 +0000 (10:17 +0200)]
build: disable format-zero-length warning
format-zero-length warns against printf-style calls with
zero-length format string. vfs_full_audit module has such
calls, and up until now there was no warning against it because
the do_log in vfs_full_audit is not recognized as printf-style
function. In a following commit the do_log will be converted to
a printf-style function, hence the need to disable this warning.
(an alternative would be to disable only for vfs_full_audit, but that
would complicate things needlessly).
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 18:34:58 +0000 (18:34 +0000)]
smbspool_krb5_wrapper: fix some error messages
Make cups_smb_debug declaration printf-aware to
avoid picky warning about printf with variable
format string. This in turn revealed some formatting
errors.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 11:34:01 +0000 (11:34 +0000)]
librpc-build: ignore unused functions in generated code
Some pidl-generated code includes static functions that are
to be optimized-away by the compiler if not used. When
running picky developer with clang that breaks the build. This
change ignores this warning for the pidl-generated python binding
files.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Sun, 19 Nov 2017 07:19:03 +0000 (07:19 +0000)]
ldb: silence some clang warnings in picky developer mode
Avoid const in casting since it doesn't increase code
safety in this case and causes clang to generate const-qual
warning. Also initialize a pointer to NULL to silence clang
uninitialized variable warning.
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 22 02:03:17 CET 2017 on sn-devel-144
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Nov 21 19:42:22 CET 2017 on sn-devel-144
Amitay Isaacs [Fri, 17 Nov 2017 01:38:47 +0000 (12:38 +1100)]
ctdb-common: Add async version of shutdown in sock_daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Nov 21 08:58:45 CET 2017 on sn-devel-144
Garming Sam [Sun, 19 Nov 2017 21:28:33 +0000 (10:28 +1300)]
Fix formating of sources to be less than 80 lines
Signed-off-by: David Mulder <dmulder@suse.com> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Nov 21 01:51:59 CET 2017 on sn-devel-144
Andrew Bartlett [Tue, 24 Oct 2017 03:48:13 +0000 (16:48 +1300)]
python: Convert gop.GROUP_POLICY_OBJECT to pytalloc
This avoids PyCapsule calls not available in Python 2.6
We remove the __init__ function as it is useless, the
object is created by py_ads_get_gpo_list() which now
returns a python list rather than an iterator.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
David Mulder [Thu, 8 Jun 2017 17:47:57 +0000 (11:47 -0600)]
gpo: Add GPO unapply
Keep a log of applied settings, and add an option to samba_gpoupdate to allow unapply. An unapply will revert settings to a state prior to any policy application.
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 9 Aug 2017 02:17:09 +0000 (14:17 +1200)]
gpo: Create the gpo update service
Split from "Initial commit for GPO work done by Luke Morrison" by David Mulder
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Luke Morrison <luke@hubtrek.com> Signed-off-by: David Mulder <dmulder@suse.com>
Then adapted to current master
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
David Mulder [Sat, 11 Feb 2017 14:53:07 +0000 (07:53 -0700)]
gpo: Make the gpoupdate script much more reliable
Using a static file blanks the file when samba_gpoupdate crashes. Transformed
to a tdb file and added transactions. Add info logging to monitor gpo changes,
etc. Also handle parse errors and log an error message, then recover. Modified
the parsing code to use ConfigParser. Also, use the backslash in path names
when opening smb files, otherwise it fails against a windows server.
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Luke Morrison [Fri, 31 Jan 2014 00:27:05 +0000 (13:27 +1300)]
gpo: Initial commit for GPO work
Enclosed is my Summer of Code 2013 patch to have vital password GPO always applied to the Samba4 Domain Controller using a GPO update service.
To try it out "make -j" your samba with the patch, apply a security password GPO and see the difference in ~20 seconds. It also takes GPO hierarchy into account.
Split from "Initial commit for GPO work done by Luke Morrison" by David Mulder
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Luke Morrison <luke@hubtrek.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Fri, 3 Nov 2017 00:35:41 +0000 (13:35 +1300)]
source3: remove sock_exec
Remove the sock_exec code which is no longer needed and additionally has been
used by exploit code.
This was originally test support code, the tests relying on the sock_exec
code have been removed.
Past exploits have used sock_exec as a proxy for system() matching a talloc
destructor prototype.
See for example:
Exploit for Samba vulnerabilty (CVE-2015-0240) at
https://gist.github.com/worawit/051e881fc94fe4a49295
and the Red Hat post at
https://access.redhat.com/blogs/766093/posts/1976553
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 20 07:20:13 CET 2017 on sn-devel-144
Ralph Boehme [Sat, 18 Nov 2017 14:14:15 +0000 (15:14 +0100)]
winbindd: tdb_exists returns 1 if a record is found
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Nov 19 15:14:13 CET 2017 on sn-devel-144
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 18 04:07:24 CET 2017 on sn-devel-144
This fixes a bug analysed by Peter Somogyi <PSOMOGYI@hu.ibm.com>: If a
parent winbind forks, it only called reinit_after_fork on
winbind_messaging_context. On the other hand, deep in dbwrap_open we use
server_messaging_context(). This is not reinitialized by
winbind_reinit_after fork, so the parent and child share a ctdb
connection. This is invalid, because replies from ctdb end up in the
wrong process.
projects / thirdparty / samba.git / log
