Jeremy Allison [Thu, 13 Jun 2019 16:44:27 +0000 (09:44 -0700)]
s3: smbd: Ensure open for security descriptor access actually opens an fd.
Change test to check two things:
1) Open a symlink for SD read or write access should fail.
2) Request attribute open. Getsd/Setsd on this handle should
fail.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Andrew Bartlett [Sat, 15 Jun 2019 11:14:49 +0000 (23:14 +1200)]
py3: Remove duplicated PyUnicode_Check() after the py3 compat macros were removed
This came about because in py2 we had to check for strings and unicode.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Jun 24 18:48:53 UTC 2019 on sn-devel-184
s4:ntp_signd: Use gnutls_error_to_ntstatus() in ntp_signd
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jun 24 07:27:21 UTC 2019 on sn-devel-184
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 21 11:02:21 UTC 2019 on sn-devel-184
Gary Lockyer [Fri, 21 Jun 2019 02:32:08 +0000 (14:32 +1200)]
lib ldb key value: use TALLOC_FREE() per README.Coding
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 21 05:45:02 UTC 2019 on sn-devel-184
Gary Lockyer [Wed, 6 Mar 2019 02:28:45 +0000 (15:28 +1300)]
lib ldb key value: fix index buffering
As a performance enhancement the key value layer maintains a cache of
the index records, which is written to disk as part of a prepare commit.
This patch adds an extra cache at the operation layer to ensure that the
cached indexes remain consistent in the event of an operation failing.
Add test to test for index corruption in a failed modify.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Fri, 21 Jun 2019 02:52:24 +0000 (14:52 +1200)]
lib ldb key value: Remove check_parent from ldb_kv_index_idxptr()
The callers will soon have two possible parents for this pointer, so
we need to remove this check, which was added out of caution given
the rather strange pattern of putting an active memory pointer into a
TDB (as a hash map).
That is, the only callers that did call this with "true" would
have to call this with "false", so just remove the complexity.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Use the nested transaction support added to the key value back ends to
make key value operations atomic. This will ensure that rename
operation failures, which delete the original record and add a new
record, leave the database in a consistent state.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 6 Mar 2019 21:18:00 +0000 (10:18 +1300)]
lib ldb key value backends: Add nested txn support
Add limited nested transaction support to the back ends to make the key value
operations atomic (for those back ends that support nested transactions).
Note: that only the lmdb backend currently supports nested transactions.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 19 Jun 2019 17:11:41 +0000 (05:11 +1200)]
provision: Suggest "minimal-responses yes;" by default
This improves Samba AD DC performance as a DNS server dramatically, because NS records do not
need to be looked up and there is less risk the response will have to fall back
to TCP, doubling the cost again.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 21 00:52:19 UTC 2019 on sn-devel-184
Assertions should only be used when there's absolutely no recovery or to
verify data structure invariants. In this case the supplied registry
hive file may have a malformed block with a size of zero. Such a block
should not terminate the whole program.
Signed-off-by: Michael Hanselmann <public@hansmi.ch> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Thu, 20 Jun 2019 18:58:42 +0000 (20:58 +0200)]
smbd: Remove struct blocking_lock_record
Forgot that one in the last patches
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 20 23:39:34 UTC 2019 on sn-devel-184
Volker Lendecke [Thu, 20 Jun 2019 11:42:12 +0000 (13:42 +0200)]
vfs: Remove SMB_VFS_BRL_CANCEL_WINDOWS
This is not called anymore, bump the VFS version number in a separate
commit
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 20 18:34:20 UTC 2019 on sn-devel-184
Volker Lendecke [Thu, 13 Jun 2019 10:58:02 +0000 (03:58 -0700)]
smbd: Ping dbwrap_watch on locking.tdb for in smbd_do_unlocking()
smbd_smb1_do_locks_send() watches the file's locking.tdb record for
changes, like the oplock code does. Unlocking a byte range thus must
trigger a retry.
With the share mode cache get_existing_share_mode_lock() is pretty
cheap. We have to write out the share mode record with the current
code, but an obvious optimization will be a share_mode_do_locked doing
all this without actually unmarshalling the locking.tdb entry. And --
there's precedence for this pattern in downgrade_lease()...
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 13 Jun 2019 10:38:57 +0000 (03:38 -0700)]
smbd: Add smbd_smb1_do_locks_send/recv()
This contains the SMB1-specific brlock logic. Right now our core
brlock code has specialized code to deal with pending locks. For
dealing with pending requests waiting for something nowadays we
recommend to use tevent_req. This code also provides the basis to
remove the SMB1 special case handling from the core logic, isolating
protocol features specific to SMB1 and not exposed in SMB2 in
SMB1-specific code.
The core brlock code will not see blocking locks anymore. Instead, the
code in this patch will always immediately fail and take care of the
retries and timeouts.
Retries are implemented by a dbwrap_watch_record_send on the
corresponding locking.tdb entry. A later commit will make unlocks
trigger wakeups there. I chose locking.tdb and not brlock itself to
simplify the implementation. We already have oplock break watchers on
locking.tdb, this will only add one more. This might lead to spurious
wakeups, but they are taken care of by careful retries. An advantage
of doing that is the implicit handling of a killed blocker PID through
dbwrap_watch, obsoleting brl_revalidate.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 20 Jun 2019 10:42:23 +0000 (12:42 +0200)]
smbd: Add some paranoia against NULL dereference
Quite a few callers set "psmblctx" to NULL, and I could not really
follow 100% that brl_lock only assigns that in the blocking lock
case. Too many layers :-)
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 20 Jun 2019 10:05:30 +0000 (12:05 +0200)]
smbd: Add "blocker_pid" to brl_lock()
Soon we will wait on a conflicting lock to become free via
dbwrap_watched_watch_send. That routine can take a server_id that
blocks us, watching it to go away. To use that, we need to know which
PID it is that blocks us.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 19 Jun 2019 15:50:54 +0000 (17:50 +0200)]
torture3: Run a blocking lock&x call with a subsequent read
Samba aborts the read&x after a blocked, but eventually successful
locking&x call. Both Windows and source4/ntvfs do the read properly,
source3/smbd does not. With later code, this will become possible much
easier. Lets see if it's worth it given that we've got away with this
forever.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 14 Jun 2019 11:39:04 +0000 (04:39 -0700)]
smbd: Add "lock_flav" to smbd_do_unlocking()
The next commits will pass all direct "do_unlock" calls through
smbd_do_unlocking(). Why? Unlocking will later on require that we take
the share mode lock for the file in question while the unlock is
happening, and this should be in one central place.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
projects / thirdparty / samba.git / log
