Michael Tokarev [Tue, 26 Apr 2022 13:14:38 +0000 (16:14 +0300)]
testparm: do not fail if /run/samba does not exist
testparm explicitly fails if $piddir or $lockdir does not exist.
However, the daemons which actually use these directories, will
create it on demand, there is no need to fail even simple testparm
operations if the dirs are not there.
This change lets to (pre)configure samba without bothering to
pre-create the directories which are overwise needed only to fulfil
testparm criteria.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Michael Tokarev [Mon, 26 Feb 2024 11:15:00 +0000 (14:15 +0300)]
Minimal EDNS0 support for built-in DNS client
Currently, samba built-in DNS client is UDP-only (it does
support TCP mode, but not all components use it). In
particular, when winbind queries list of AD DCs (SRV
record) which can be quite large, it uses UDP-only query.
And at the same time, samba DNS client does not support
EDNS0 at all, so the reply is limited to standard DNS
packet size which is 512 bytes.
Add minimal EDNS0 OPT record to ADDITIONAL section when
sending a DNS request out, indicating we can accept
DNS packets up to 4Kb in size.
Since DNSSEC is in wide use today and DNSSEC requires
EDNS0, it is okay to assume ENDS0 is widely supported
these days, so there should be no regressions when
enabling EDNS0.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Michael Tokarev [Mon, 18 Nov 2024 09:45:08 +0000 (12:45 +0300)]
libsamba-errors: eliminate dependency on samba-debug
libsamba-errors is a collection of error codes/descriptions
like strerror(), - it is a set of simple functions converting
error code to string or the like. However, in one single
place there's a DBG_DEBUG() "call" in errmap_unix.c, in
map_errno_from_nt_status(), which is here for a very long time
(since before samba3, initially with debug level 10).
Drop this debugging info, and eliminate extra dependency.
This makes libsamba-errors independent and self-contained,
with a well-known and stable ABI.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Michael Tokarev [Thu, 19 May 2022 17:37:21 +0000 (20:37 +0300)]
specify some deps on private libs actually used directly
Lots of samba libraries has incomplete dependencies listed
in wscript files. This usually is not a problem since the
link line includes dependencies of their dependencies of
their dependencies, and somewhere down that line all immediate
dependencies which are missing are actually present. But
sometimes this becomes a problem when a library does not
declare direct dependency on at least one private library
which it actually uses: in case no private library is
listed as direct dependency, private library directory is
not put into RUNPATH of the resulting binary, so the binary
can not find its own dependencies.
Fix a few such places, including some libraries which are
a part of public abi (libsmbldap, libndr).
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jan 1 19:16:03 UTC 2025 on atb-devel-224
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Dec 30 04:17:46 UTC 2024 on atb-devel-224
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec 20 07:59:51 UTC 2024 on atb-devel-224
Douglas Bagnall [Wed, 11 Dec 2024 02:56:20 +0000 (15:56 +1300)]
samba-tool user: hashlib.sha1 is always present
We maybe thought we were checking that sha1 was in hashlib, but we were
only checking that hashlib is in the Python library (`hashlib.sha1()`
would not raise ImportError).
The documentation says hashlib always contains sha1 -- if that
changes, it is better we know by failing noisily with the import error
at the top of the file.
Douglas Bagnall [Wed, 11 Dec 2024 01:30:15 +0000 (14:30 +1300)]
pyglue: add crypt() function
This wraps talloc_crypt_blob() from lib/util/util_crypt.c which in
turn wraps the system crypt[_r[n]].
We want this because the Python standard library crypt module is going
away. That one also wrapped the system crypt or crypt_r, so there
should be no change.
Douglas Bagnall [Mon, 29 Jul 2024 21:53:14 +0000 (09:53 +1200)]
samba-tool: no traceback for unauthenticated rootdse access
Under some circumstances rootdse returns an operations error with
"Operation unavailable without authentication" instead of insufficient
access rights.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Dec 20 00:00:02 UTC 2024 on atb-devel-224
The index code (lib/ldb_key_value/ldb_kv_index.c) recapitulates LDB
expression logic, and it seemed less than completely obvious that it
would never make a mistake and return a different result than an
unindexed search.
Here we run the same search on an unindexed database and on some that
have been indexed with a variety of options. We assert that the
results are identical over a number of searches.
By default, when run from the command line, that number is 495161,
which takes a couple of minutes. But if the SKIP_SLOW_TESTS
environment variable is set, the number is 33569, which takes 20
seconds or so. In selftest we set the variable and run the smaller
number.
The tests will print the cumulative search time for each database for
each testsuite, like this:
Like all benchmarks it is interesting but misleading. One caveat here
is that you have (probably) compiled tdb in developer mode without
optimisation, while lmdb is probably a system package compiled with -O2,
though perhaps not tuned to your exact architecture.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Filipenský [Mon, 16 Dec 2024 13:39:54 +0000 (14:39 +0100)]
s3:winbindd: Remove unused set_routing_domain()
Commit 9a613f4 winbindd: add routing_domain as parameter to add_trusted_domain
deleted all calls of set_routing_domain().
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Dec 17 13:30:25 UTC 2024 on atb-devel-224
Pavel Filipenský [Mon, 16 Dec 2024 13:12:22 +0000 (14:12 +0100)]
s4:torture: Remove test for deprecated WINBINDD_SHOW_SEQUENCE
torture_winbind_struct_show_sequence() is failing if run as:
make -j8 test TESTS="samba4.rpc.lsa.trusted.*ad_dc samba4.winbind.struct.ad_dc"
The reason is that the test constructs two lists of domains and assumes
that the list contain same domains in the same order.
However:
- the list based on DO_STRUCT_REQ_REP(WINBINDD_SHOW_SEQUENCE, &req, &rep) contains 51 domains
- the list based on DO_STRUCT_REQ_REP(WINBINDD_LIST_TRUSTDOM, &req, &rep) contains 39 domains
and we got:
failure: show_sequence [ ../../source4/torture/winbind/struct_based.c:824: domlist[i].netbios_name was TORTURE201, expected TORTURE200: inconsistent order of domain lists
]
Both list are based on full domain list, however the smaller one filters
out domain without trust_type in winbindd_list_trusted_domains():
Volker Lendecke [Fri, 6 Dec 2024 08:19:08 +0000 (09:19 +0100)]
smbd: Streamline recursive_rmdir()
By factoring out recursive_rmdir_fsp() we can do the recursion using
openat_pathref_fsp_lcomp(). This makes strace for a recursive
directory removal look a *lot* cleaner.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Volker Lendecke [Thu, 5 Dec 2024 15:50:12 +0000 (16:50 +0100)]
smbd: Make can_delete_directory_fsp() look cleaner in strace
I'm not sure, but it might be that we don't have a full fd coming into
can_delete_directory_fsp() without O_PATH. We open a real fd for
readdir() in all cases, which we can use for sure in openat &
friends. Use that as dirfsp for openat.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Volker Lendecke [Wed, 4 Dec 2024 15:30:03 +0000 (16:30 +0100)]
printing: Remove a few obsolete openat_pathref_fsp() calls
driver_convert_unix calls filename_convert_dirfsp, which these days
fills smb_fname->fsp. So openat_pathref_fsp() will immediately return
success as it finds smb_fname->fsp != NULL.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Volker Lendecke [Wed, 4 Dec 2024 07:54:19 +0000 (08:54 +0100)]
smbd: Simplify smb_q_posix_acl()
Ensure it's called with a valid fsp. In the pathinfo case, use
get_posix_fsp() in the caller, in the fileinfo case the client has
sent us the fid. A client-visible fid is always a fsa fsp.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Volker Lendecke [Fri, 29 Nov 2024 12:06:03 +0000 (13:06 +0100)]
libcli: Make handling implicit_owner_rights bit easier to read
The first time I came across this I missed the "FALL_THROUGH" and had
to look closely at what happens. I had expected
IMPLICIT_OWNER_READ_CONTROL_AND_WRITE_DAC_RIGHTS to grant two rights,
which to me is now more obvious. It was correct before, but to me this
is now more obvious. YMMV.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Pavel Filipenský [Wed, 11 Dec 2024 21:33:17 +0000 (22:33 +0100)]
s3:open.c: Fix a typo
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Dec 17 11:23:50 UTC 2024 on atb-devel-224
Jones Syue [Thu, 26 Sep 2024 09:17:14 +0000 (17:17 +0800)]
s3:vfs_crossrename: add back checking for errno ENOENT
strace gives a clue: samba try to remove 'file.txt' in the dst folder but
actually it is not existed yet, and got an errno = ENOENT,
renameat(32, "file.txt", 31, "file.txt") = -1 EXDEV (Invalid cross-device link)
unlinkat(31, "file.txt", 0) = -1 ENOENT (No such file or directory)
Commit 5c18f074be92 ("s3: VFS: crossrename. Use real dirfsp for
SMB_VFS_RENAMEAT()") seems unintentionally removed errno ENOENT checking,
so add it back could address 1st issue.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Dec 16 19:32:32 UTC 2024 on atb-devel-224
Martin Schwenke [Wed, 28 Jun 2023 04:01:44 +0000 (14:01 +1000)]
ctdb-scripts: Support storing statd-callout state in cluster filesystem
CTDB_STATD_CALLOUT_SHARED_STORAGE is a new configuration variable
indicating where statd-callout should store its NFS client locking
data. See the update to ctdb-script.options(5) for details.
This adds back functionality that was removed in commit 12cc82623150ca4a83482f1b7165401cbdecd3de. The commit message doesn't
say why this was changed but it was most likely due to a cluster
filesystem hanging at inopportune times. Hence, this is re-added as a
non-default option. There are 2 justifications for re-adding it:
* The existing method (persistent_db) relies on dequeuing data during
the monitor event, which loses any queued data on node crash.
* NFS-Ganesha writes NFSv4 client locking data to a cluster
filesystem, by default. Something similar might as well exist for
NFSv3.
Note that this could create the files for sm-notify in add-client.
However, this would require an alternate implementation of
send_notifies() (or a change to the implementation for persistent_db
too). It seems better to leave add-client lightweight and do the work
in notify, since add-client is a more frequent operation.
Unconditionally create the state directory on startup. This is
currently implicitly created for persistent_db when the queue
directory is created. However, it isn't created anywhere else for
shared_dir, so do it in a common place.
In test mode, the shared storage location has a prefix added so files
are created within the test environment.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
projects / thirdparty / samba.git / log
