Gary Lockyer [Wed, 5 Jun 2019 23:40:08 +0000 (11:40 +1200)]
kcc: default to logging to DBGLVL_WARNING
If the "-d" debug level parameter is not supplied, default to DBGLVL_WARNING.
Overiding the "log level" set in smb.conf.
When samba runs the kcc command stderr output is logged at DBGLVL_ERR,
the default log destination is stderr. As a result any log messages
generated by the kcc command, are effectively logged at DBGLVL_ERR.
This causes issues if auth or audit logging are enabled in smb.conf.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Tim Beale <timbeale@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 2 05:49:43 UTC 2019 on sn-devel-184
Douglas Bagnall [Thu, 20 Jun 2019 00:13:56 +0000 (12:13 +1200)]
docs/smbclient: document -Tcn
BUG:https://bugzilla.samba.org/show_bug.cgi?id=2352 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Mon, 1 Jul 2019 01:41:14 +0000 (13:41 +1200)]
repl_md: Avoid dropping cross-partition links
Cross-partition links could still be dropped if GET_TGT was already
previously set for the replication.
This was due to a slight error in the order of logic. We never want to
ignore cross-partition links (regardless of whether the TARGETS_UPTODATE
/GET_TGT flag is set). We should only be returning early in the
GET_TGT case if the objects are both in the same partition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14022
RN: When the AD domain contained a linked attribute that spanned
partitions, DRS replication could drop the link. This dropped link could
then result in subtle differences in behaviour between DCs, as some DCs
would have the link and others wouldn't. When this issue occurred, the
dropped link would be logged in a warning message:
"<target-dn> is Unknown but up to date. Ignoring link from <source-dn>"
This issue would not always occur - it depended a lot on the database
contents. Typically, it would only potentially occur when joining a new
DC to the domain (doing an ldapcmp after the join would also highlight
the problem, if it occurred). This issue has now been resolved.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Mon, 1 Jul 2019 02:16:13 +0000 (14:16 +1200)]
tests: Add getncchanges test for cross-partition links + TGT
This adds a test-case to highlight a bug in the client side GetNCChanges
handling.
These tests mostly exercise the server-side behaviour of sending the
GetNCChanges, however, there's a bug in the client-side code when we try
to handle a missing cross-partition link target *in combination* with
the GET_TGT flag already having been set.
The test is exercising the client-side code by using the 'samba-tool drs
replicate' command. By adding a one-way link to a deleted target object,
we force the client code to retry with the GET_TGT flag set.
Gary Lockyer [Sun, 30 Jun 2019 23:44:36 +0000 (11:44 +1200)]
WHATSNEW.txt: samba-tool --backend-size-parameter
Document the --backend-store-size option added to the samba-tool sub
commands:
* domain provision
* domain join
* domain dcpromo
* drs clone-dc-database
And the removal os the join subdomain option.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Jul 2 04:19:29 UTC 2019 on sn-devel-184
Add a new "samba-tool domain dcpromo" option "backend-store-size".
This allows the lmdb map size to be set during a promotion, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool domain dcpromo" option "backend-store-size".
This allows the lmdb map size to be set during a promotion, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool drs clone-dc-database" option "backend-store-size".
This allows the lmdb map size to be set during a clone, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>' Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool drs clone-dc-database" option "backend-store-size".
This allows the lmdb map size to be set during a clone, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>' Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool domain join" option "backend-store-size".
This allows the lmdb map size to be set during a provision, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tests for the new "samba-tool domain join" option
"backend-store-size". This allows the lmdb map size to be set during a
provision, instead of hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 25 Jun 2019 04:23:24 +0000 (16:23 +1200)]
provision: Add --backend-store-size option
Add a new "samba-tool domain provision" option "backend-store-size".
This allows the lmdb map size to be set during a provision, instead of
hard-wiring it to 8Gb
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 25 Jun 2019 21:38:35 +0000 (09:38 +1200)]
ldb: Release ldb 2.0.4
* copy the ldb_options passed to ldb_connect onto the ldb_context,
making them more generally available.
* fix index buffering.
As a performance enhancement the indexes are cached in memory during a
transaction, and written to disk as part of the prepare commit. The
indexes could become corrupt in the event of a failed operation.
* fix read beyond buffer
Calling the "ldb_parse_tree" function with a filter consisting of
exactly a single space (" ") would trigger a read beyond the input
buffer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13900
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 25 Jun 2019 04:17:12 +0000 (16:17 +1200)]
lib ldb: save a copy of the options on the context
Copy the options supplied to to ldb_connect, and place them on the
ldb_context. This allows backend options i.e. lmbd map size to be passed
cleanly from the callers.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 25 Jun 2019 04:12:47 +0000 (16:12 +1200)]
provision: If --targetdir has been specified then we must always reset posix:eadb and xattr_tdb:file
This is required because otherwise this may have been set previously by another
part of selftest thanks to the global loadparm and the running of multiple
samba-tool tests within the same python process.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Fri, 21 Jun 2019 01:12:01 +0000 (13:12 +1200)]
samba-tool: Make the 'bytes' option type avaiable
Allow samba tool to use the custom bytes option type.
Option("--size", type="bytes", metavar="SIZE")
To allow the input of file and memory sizes using unit suffixes i.e. 2Gb,
4KiB ...
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Fri, 21 Jun 2019 01:05:23 +0000 (13:05 +1200)]
python getopt: Add bytes option type
Add a new option type to the python command line options.
Option("--size", type="bytes", metavar="SIZE")
To allow the input of file and memory sizes using unit suffixes i.e.
2Gb, 4KiB ...
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 25 Jun 2019 04:14:34 +0000 (16:14 +1200)]
provision tests: Add --backend-store-size option.
Tests for the new "samba-tool domain provision" option
"backend-store-size". This allows the lmdb map size to be set during a
provision, instead of hard-wiring it to 8Gb
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Thu, 27 Jun 2019 07:38:57 +0000 (09:38 +0200)]
selftest: add a test that itime is not set when setting DOS attrs
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 1 23:21:07 UTC 2019 on sn-devel-184
Ralph Boehme [Tue, 25 Jun 2019 10:07:59 +0000 (12:07 +0200)]
s3:smbd: return inode number, not FileIndex for UNIX query info level
get_FileIndex() returns a stable and unique numerical identifier when "store dos
attributes" is enabled. It is NOT the same as a file's inode number which used
as the key for locking.tdb.
For POSIX clients we should return the inode numbers in the POSIX query info
level and the FileIndex in the corresponding SMB protocol fields (eg SMB2 QFID
create context).
This fix lets test "smbtorture_s3.plain.CLEANUP3" test work with get_FileIndex()
returning something different then the file's inode number.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 27 Jun 2019 16:14:43 +0000 (18:14 +0200)]
s3: add st_ex_itime to struct stat_ex
st_ex_itime is an immutable original birth time aka instantiation time. Set when
a file is created, never changes thereafter. May not be set by the client.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
s3:winbind: Add support for storing KRB5 credential in KCM
This can store crentiials in the Kerberos Credential Manager e.g.
provided by sssd.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 1 19:22:02 UTC 2019 on sn-devel-184
Gary Lockyer [Thu, 6 Jun 2019 02:57:45 +0000 (14:57 +1200)]
lib tdb: memcmp ubsan warning
Fix the ubsan warning
lib/tdb/common/tdb.c:184:9: runtime error: null pointer passed as
argument 2, which is declared to never be null"
memcmp call now guarded by a length check.
memcmp returns zero when called with a zero length parameter.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Jul 1 14:50:54 UTC 2019 on sn-devel-184
Noel Power [Tue, 18 Jun 2019 10:47:29 +0000 (10:47 +0000)]
lib/krb5_wrap: clang: Fix warning: Null pointer passed as an argument
Fixes:
lib/krb5_wrap/krb5_samba.c:3241:3: warning: Null pointer passed as an argument to a 'nonnull' parameter <--[clang]
memcpy(gss_cksum + 28, in_data->data, orig_length);
^
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Noel Power [Tue, 18 Jun 2019 10:42:06 +0000 (10:42 +0000)]
lib/krb5_wrap: clang: Fix warning: Call to function 'mktemp' is insecure
Fixes:
lib/krb5_wrap/krb5_samba.c:2012:2: warning: Call to function 'mktemp' is insecure as it always creates or uses insecure temporary file. Use 'mkstemp' instead <--[clang]
mktemp(tmp_name);
^~~~~~
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Noel Power [Tue, 18 Jun 2019 10:19:09 +0000 (10:19 +0000)]
lib/util: clang: Fix warning: Value stored to 'ret' is never read warning
Fixes:
lib/util/server_id_db.c:181:3: warning: Value stored to 'ret' is never read <--[clang]
ret = tdb_store(tdb, key, talloc_tdb_data(ids), TDB_MODIFY);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Noel Power [Mon, 17 Jun 2019 15:54:32 +0000 (16:54 +0100)]
lib/tdb/common: Fix warning: Null pointer passed as argument to param
Fixes:
lib/tdb/common/rescue.c:299:2: warning: Null pointer passed as an argument to a 'nonnull' parameter <--[clang]
qsort(found.arr, found.num, sizeof(found.arr[0]), cmp_key);
^ ~~~~~~~~~
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Martin Schwenke [Fri, 21 Jun 2019 05:11:49 +0000 (15:11 +1000)]
util: Fix signed/unsigned comparisons by casting
One case needs a variable declared, so it can be compared to -1 and
then cast to size_t for comparison.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 1 08:00:29 UTC 2019 on sn-devel-184
Swen Schillig [Mon, 3 Jun 2019 08:58:11 +0000 (10:58 +0200)]
tests-util: Adding test to verify "allow no conversion" flag
The internal string conversion routines smb_strtoul(l) return
an error if the provided string could not be converted to an integer.
This can be the case if the string is empty or if it starts with non-numeric
characters which cannot be converted.
The standard C library, however, does allow this and simply returns 0 as the
converted value.
If this behaviour is wanted, it can be enabled by using
the "SMB_STR_ALLOW_NO_CONVERSION" flag.
Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun Jun 30 12:47:24 UTC 2019 on sn-devel-184
Swen Schillig [Mon, 3 Jun 2019 08:37:07 +0000 (10:37 +0200)]
tests-util: Adding test to verify "full-string-conversion" flag
The standard string to integer conversion routines stop at the first
character which cannot be converted to a number.
However, if such a character is found, it is not considered an error.
With the flag "SMB_STR_FULL_STR_CONV" enabled, an error will be returned
if the string could not be converted entirely.
Swen Schillig [Mon, 3 Jun 2019 08:13:52 +0000 (10:13 +0200)]
tests-util: Adding test to verify "allow-negative" flag
The standard string to integer conversion routines allow strings
with a leading "-" to indicate a negative number.
However, the returned value is always an unsigned value representing
the bit-pattern of this negative value.
Typically, this behaviour is NOT wanted and therefore the standard
behavior of the internal smb_strtoul(l) return an erros in such situations.
It can be enabled though by using the flag SMB_STR_ALLOW_NEGATIVE.
This test verifies the correct processing.
lib: Add capability to enable standard glibc behaviour for string to int conversion
Adding two addtl. flags SAMBA_STR_ALLOW_NO_CONVERSION and SAMBA_STR_GLIBC_STANDARD
for the wrappers strtoul_err() and strtoull_err() providing the possibility
to get standard glibc behaviour for string to integer conversion.
lib: Add check for full string consumption when converting string to int
Some callers want to have the entire string being used for a
string to integer conversion, otherwise flag an error.
This is possible by providing the SAMBA_STR_FULL_STR_CONV flag.
Swen Schillig [Tue, 25 Jun 2019 08:25:08 +0000 (10:25 +0200)]
lib: Add flag definitions to control the internal string to int conversion routines
The following flags are defined intially
SMB_STR_STANDARD # raise error if negative or non-numeric
SMB_STR_ALLOW_NEGATIVE # allow strings with a leading "-"
SMB_STR_FULL_STR_CONV # entire string must be converted
SMB_STR_ALLOW_NO_CONVERSION # allow empty strings or non-numeric
SMB_STR_GLIBC_STANDARD # act exactly as the standard glibc strtoul
tests-util: Adding test to verify "no-conversion" detection
The standard string to integer conversion routines return zero
if a string was to be converted which did not reflect a number.
It is not flag'ed as an error.
The wrapper functions strtoul_err() and strtoull_err() are expected
to exactly do this.
tests-util: Adding strtoul(l)_err() test leaving errno untouched
The wrapper functions strtoul_err() and strtoull_err() trigger
other functions/routines which modify errno.
However, callers of those wrapper functions expect errno to be unchanged.
This test verifies the expectation.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 28 18:48:49 UTC 2019 on sn-devel-184
Volker Lendecke [Wed, 26 Jun 2019 15:43:44 +0000 (17:43 +0200)]
vfs_preopen: TALLOC_FREE(fde) before closing the underlying fd
Without that we might get wrong stuff out of epoll
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun 28 16:42:42 UTC 2019 on sn-devel-184
Volker Lendecke [Wed, 26 Jun 2019 15:42:54 +0000 (17:42 +0200)]
vfs_preopen: Fix for O_NOFOLLOW
Since 4301505d977449d core smbd code passes O_NOFOLLOW together with
[O_RDONLY|O_RDWR] as flags. This breaks activating vfs_preopen, we
need to look at *just* the access mode.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Michael Adam [Thu, 20 Jun 2019 13:14:57 +0000 (15:14 +0200)]
vfs:glusterfs_fuse: treat ENOATTR as ENOENT
The original implementation of the virtual xattr get_real_filename
in gluster was misusing the ENOENT errno as the authoritative anwer
that the file/dir that we were asking the real filename for does not
exist. But since the getxattr call is done on the parent directory,
this is a violation of the getxattr API which uses ENOENT for the
case that the file/dir that the getxattr call is done against does
not exist.
Now after a recent regression for fuse-mount re-exports due to
gluster mapping ENOENT to ESTALE in the fuse-bridge, the gluster
implementation is changed to more correctly return ENOATTR if the
requested file does not exist.
This patch changes the glusterfs_fuse vfs module to treat ENOATTR as
ENOENT to be fully functional again with latest gluster.
- Without this patch, samba against a new gluster will work correctly,
but the get_real_filename optimization for a non-existing entry
is lost.
- With this patch, Samba will not work correctly any more against
very old gluster servers: Those (correctly) returned ENOATTR
always, which Samba originally interpreted as EOPNOTSUPP, triggering
the expensive directory scan. With this patch, ENOATTR is
interpreted as ENOENT, the authoritative answer that the requested
entry does not exist, which is wrong unless it really does not exist.
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jun 28 12:52:03 UTC 2019 on sn-devel-184
Michael Adam [Thu, 20 Jun 2019 13:14:57 +0000 (15:14 +0200)]
vfs:glusterfs: treat ENOATTR as ENOENT
The original implementation of the virtual xattr get_real_filename
in gluster was misusing the ENOENT errno as the authoritative anwer
that the file/dir that we were asking the real filename for does not
exist. But since the getxattr call is done on the parent directory,
this is a violation of the getxattr API which uses ENOENT for the
case that the file/dir that the getxattr call is done against does
not exist.
Now after a recent regression for fuse-mount re-exports due to
gluster mapping ENOENT to ESTALE in the fuse-bridge, the gluster
implementation is changed to more correctly return ENOATTR if the
requested file does not exist.
This patch changes the glusterfs vfs module to treat ENOATTR as ENOENT
to be fully functional again with latest gluster.
- Without this patch, samba against a new gluster will work correctly,
but the get_real_filename optimization for a non-existing entry
is lost.
- With this patch, Samba will not work correctly any more against
very old gluster servers: Those (correctly) returned ENOATTR
always, which Samba originally interpreted as EOPNOTSUPP, triggering
the expensive directory scan. With this patch, ENOATTR is
interpreted as ENOENT, the authoritative answer that the requested
entry does not exist, which is wrong unless it really does not exist.
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
s3:notifyd: Handle sigup in notifyd to reparse smb.conf
At present, SIGHUP is blocked on notifyd. So, if parent smbd
is started with "log level" 10 in smb.conf, and later changed
to 0, the SIGHUP will not change the log level to 0 in notify
smbd process and it will keep printing verbose logs in the
corresponding log files.
Proposed fix is to write a SIGHUP handler for notifyd and set
it to reload services.
s4:torture: Use GnuTLS RC4 in rpc forest_trust test
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 27 14:11:39 UTC 2019 on sn-devel-184
projects / thirdparty / samba.git / log
