Volker Lendecke [Tue, 11 Feb 2020 21:10:32 +0000 (22:10 +0100)]
lib: Fix a shutdown crash with "clustering = yes"
This is a bit confusing now, sorry for that:
register_msg_pool_usage() in the ctdb case uses
messaging_ctdb_register_tevent_context(), which talloc_reference()s
the central struct messaging_ctdb_fde_ev of the
messaging_ctdb_context. In messaging_reinit(), we talloc_free only one
of those references and allocate a new messaging_ctdb_fde_ev. The
remaining messaging_ctdb_fde_ev should have been deleted as well, but
due to the second reference this does not happen. When doing the
shutdown messaging_ctdb_fde_ev_destructor() is called twice, once on
the properly reinitialized fde_ev, and once much later on the leftover
one which references invalid data structures.
By the way, this is not a problem with talloc_reference(), this would
have happened with explicit refcounting too.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Tue Feb 18 13:05:53 UTC 2020 on sn-devel-184
Consolidate "msg_dgm_ref" and "msg_ctdb_ref": The only purpose of
those pointers was to TALLOC_FREE() them in messaging_reinit(). We'll
have a third entity to talloc_free() in the next commit, make that
simpler.
Martin Schwenke [Wed, 12 Feb 2020 23:09:08 +0000 (10:09 +1100)]
ctdb-docs: Provide example commands for "ctdb event ..."
The example output doesn't tell a user what command generated it.
Adding the command makes the examples much more useful.
Reported-by: Stefan Kania <stefan@kania-online.de> Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Feb 18 04:22:56 UTC 2020 on sn-devel-184
Martin Schwenke [Wed, 11 Dec 2019 10:44:28 +0000 (21:44 +1100)]
ctdb-tests: Rationalise node stop/start/restart
Separate functions are not needed for stopping/starting/restarting
individual nodes. The stop and start functions essentially just use
onnode, though for local daemons this is embedded in local_daemons.sh.
So, just provide one stop and one start function that takes an
optional nodespec, defaulting to all nodes.
Restarting becomes common.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 10 Feb 2020 06:50:30 +0000 (17:50 +1100)]
ctdb-daemon: Fix signed/unsigned comparison
csbuild says:
ctdb/server/ctdb_lock.c: scope_hint: In function ‘ctdb_find_lock_context’
ctdb/server/ctdb_lock.c:671:33: warning: comparison of integer expressions of different signedness: ‘int’ and ‘uint32_t’ {aka ‘unsigned int’} [-Wsign-compare]
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The module makes use of the new io_uring infrastructure
(intruduced in linux 5.1), see https://lwn.net/Articles/778411/ and
http://git.kernel.dk/cgit/liburing/
Currently this only implements SMB_VFS_{PREAD,PWRITE,FSYNC}_SEND/RECV
and avoids the overhead of our userspace threadpool.
In future we'll hopefully make more use of more advanced io_uring
features.
For now we don't have automated tests as our test infrastructure
doesn't use a recent kernel. At least we're able to do compile tests
on fedora31.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Feb 15 11:37:45 UTC 2020 on sn-devel-184
s3:tests: Add smbclient test for 'force create mode = 0664'
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 14 20:16:04 UTC 2020 on sn-devel-184
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Fri Feb 14 17:13:33 UTC 2020 on sn-devel-184
Volker Lendecke [Wed, 12 Feb 2020 14:42:28 +0000 (15:42 +0100)]
gensec: Fix CID 1458419 Control flow issues (NO_EFFECT)
socklen_t can be unsigned
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Feb 14 13:42:26 UTC 2020 on sn-devel-184
Martin Schwenke [Tue, 28 Jan 2020 05:49:14 +0000 (16:49 +1100)]
ctdb-tcp: Make error handling for outbound connection consistent
If we can't bind the local end of an outgoing connection then
something has gone wrong. Retrying is better than failing into a
zombie state. The interface might come back up and/or the address my
be reconfigured.
While here, do the same thing for the other (potentially transient)
failures.
The unknown address family failure is special but just handle it via a
retry. Technically it can't happen because the node address parsing
can only return values with address family AF_INET or AF_INET6.
Gary Lockyer [Mon, 10 Feb 2020 21:05:08 +0000 (10:05 +1300)]
samba-tool domain join: remove sub domain join code
Remove the unused sub domain join code, the option was removed by commit 5583208aed0e4647269e48aa1d3c5c48a73001ac. This commit completely removes
the now unused code.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Feb 11 17:41:32 UTC 2020 on sn-devel-184
Volker Lendecke [Fri, 7 Feb 2020 12:47:25 +0000 (14:47 +0200)]
smbclient4: Remove unused code
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb 10 19:26:37 UTC 2020 on sn-devel-184
krb5_wrap: map KRB5_REALM_UNKNOWN to NT_STATUS_NO_SUCH_DOMAIN
This is much better than mapping it to NT_STATUS_UNSUCCESSFUL.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Feb 10 17:59:34 UTC 2020 on sn-devel-184
krb5_wrap: map KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN to NT_STATUS_INVALID_COMPUTER_NAME
KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN is already mapped to
NT_STATUS_INVALID_ACCOUNT_NAME and we need a way to
distinguish between client and server principal
at the NTSTATUS layer too.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
gensec/spnego: fallback on INVALID_{ACCOUNT,COMPUTER}_NAME and NO_SUCH_DOMAIN
I think it's better to handle them in spnego.c, instead of squashing
them already in the gssapi/gse modules. This is related to
KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN and KRB5_REALM_UNKNOWN.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
s3:libads: prefer ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ads_keytab_add_entry()
This is currently not critical as we only use keytabs
only as acceptor, but in future we'll also use them
for kinit() and there we should prefer the newest type.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
lib/krb5_wrap: prefer new enctyptes in ms_suptypes_to_ietf_enctypes()
This is currently not critical as we only use keytabs
only as acceptor, but in future we'll also use them
for kinit() and there we should prefer the newest type.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Martin Schwenke [Fri, 7 Feb 2020 05:11:23 +0000 (16:11 +1100)]
ctdb-tools: When in test mode set process group in top-level ctdb tool
If ctdbd hangs when shutting down in post-test clean-up then killing
the process group can kill the test. When in test mode, create a
process group but only in the top-level ctdb tool - the natgw and lvs
helpers also run the ctdb tool.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 29 Jan 2020 05:28:46 +0000 (16:28 +1100)]
ctdb-daemon: Fork when not interactive and test mode is enabled
There is no sane way of keeping stdin open when using the shell to
background ctdbd in local_daemons.sh. Instead, have ctdbd fork when
not interactive and when test mode is enabled. become_daemon() can't
be used for this: if it forks then it also closes stdin.
For the interactive case, become_daemon() wasn't doing anything
special, so do nothing instead.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 29 Jan 2020 05:26:03 +0000 (16:26 +1100)]
ctdb-daemon: Make some conditions more explicit
These don't need to depend on do_fork. Child logging should be set up
whenever the daemon is not interactive. The stdin handler should be
setup whenever test mode is enabled.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Volker Lendecke [Wed, 5 Feb 2020 13:43:43 +0000 (15:43 +0200)]
smbd: Remove overriding file_attributes with unix_mode in the VFS
Internally to open.c this is still used, but that can go away next.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 7 22:27:48 UTC 2020 on sn-devel-184
Jeremy Allison [Thu, 6 Feb 2020 21:36:41 +0000 (13:36 -0800)]
s3: lib: Now remote_machine is static, we can depend on it being non-NULL.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 7 18:26:15 UTC 2020 on sn-devel-184
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Feb 7 13:48:27 UTC 2020 on sn-devel-184
Douglas Bagnall [Thu, 6 Feb 2020 22:27:32 +0000 (11:27 +1300)]
samba-tool gpo: tighter matching for ini names
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Feb 7 12:03:34 UTC 2020 on sn-devel-184
Douglas Bagnall [Thu, 6 Feb 2020 22:25:27 +0000 (11:25 +1300)]
python: use raw string for regex with escape
Python regards 'GPT\.INI$' as a string containing an invalid escape
sequence '\.', which is ignored (i.e. treated as the literal sequence
of those 2 characters), but only after Python has grumbled to itself,
and to you if you enabled DeprecationWarnings.
The proper thing to do here is use r-strings, like r'GPT\.INI$', which
tell Python that all backslashes are literal. Alternatively (as we do
once in this patch), the backslash can itself be escaped ('\\').
There are more problems of this nature in the build scripts.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
Douglas Bagnall [Sun, 19 Jan 2020 02:08:58 +0000 (15:08 +1300)]
nmblib: avoid undefined behaviour in handle_name_ptrs()
If *offset is length - 1, we would read ubuf[(*offset)+1] as the lower
bits of the new *offset. This value is undefined, but because it is
checked against the valid range, there is no way to read further
beyond that one byte.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 7 10:19:39 UTC 2020 on sn-devel-184
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Feb 6 16:24:25 UTC 2020 on sn-devel-184
Andrew Bartlett [Thu, 30 Jan 2020 03:41:39 +0000 (16:41 +1300)]
dsdb: Correctly handle memory in objectclass_attrs
el->values is caller-provided memory that should be thought of as constant,
it should not be assumed to be a talloc context.
Otherwise, if the caller gives constant memory or a stack
pointer we will get an abort() in talloc when it expects
a talloc magic in the memory preceeding the el->values.
I regularly get requests for my simple script to print the
password from the secrets.tdb (or secrets.ldb on the AD DC).
This removes the old script that only reads the secrets.ldb.
Neither new nor old script has tests, however it seems
better to have it in the tree where it can be found rather
that me digging it out of my outbound e-mail.
Originally posted here:
https://lists.samba.org/archive/samba/2017-November/212362.html
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
We always now how many bytes our caller requires,
so there's no need to use tstream_pending_bytes().
This makes it possible to read socket_wrapper generated
captures again, as wireshark requires the fixed (16 bytes) DCERPC
header to be in one TCP packet.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
connect samr pipe1
use assoc_group_id[0x00000001] for new connections
connect lsa pipe2
got assoc_group_id[0x00000001] for p2
samr_Connect to open a policy handle on samr p1
use policy handle on lsa p2 - should fail
closing policy handle on samr p1
connect samr pipe3 - should fail
Failed to bind to uuid 12345778-1234-abcd-ef00-0123456789ac for ncacn_np:localdc[\pipe\samr,validate,assoc_group_id=0x00000001,abstract_syntax=12345778-1234-abcd-ef00-0123456789ac/0x00000001] NT_STATUS_UNSUCCESSFUL
connect lsa pipe4 - should fail
Failed to bind to uuid 12345778-1234-abcd-ef00-0123456789ab for ncacn_np:localdc[\pipe\lsarpc,validate,assoc_group_id=0x00000001,abstract_syntax=12345778-1234-abcd-ef00-0123456789ab/0x00000000] NT_STATUS_UNSUCCESSFUL
connect samr pipe5 with assoc_group_id[0xFFFFFFFF]- should fail
Failed to bind to uuid 12345778-1234-abcd-ef00-0123456789ac for ncacn_np:localdc[\pipe\samr,validate,assoc_group_id=0xffffffff,abstract_syntax=12345778-1234-abcd-ef00-0123456789ac/0x00000001] NT_STATUS_UNSUCCESSFUL
connect lsa pipe6 with assoc_group_id[0x00000000]- should fail
UNEXPECTED(failure): samba4.rpc.handles on ncacn_np with validate.mixed-shared(ad_dc_ntvfs)
REASON: Exception: Exception: ../../source4/torture/rpc/handles.c:500: status was NT_STATUS_OK, expected NT_STATUS_UNSUCCESSFUL: opening lsa pipe6
FAILED (1 failures, 0 errors and 0 unexpected successes in 0 testsuites)
A summary with detailed information can be found in:
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
While at it, simplify the logging logic: if chdir() fails in this core function,
just always log is as error including the unix token.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14256
RN: smbd does a chdir() twice per request
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Feb 6 11:44:07 UTC 2020 on sn-devel-184
Ralph Boehme [Sat, 18 Jan 2020 07:09:22 +0000 (08:09 +0100)]
s3/auth: use set_current_user_info() in auth3_check_password_send()
This delays reloading config slightly, but I don't see how could affect
observable behaviour other then log messages coming from the functions in
between the different locations for lp_load_with_shares() like
make_user_info_map() are sent to a different logfile if "log file" uses %U.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
projects / thirdparty / samba.git / log
