Jeremy Allison [Wed, 17 Jul 2019 22:21:21 +0000 (15:21 -0700)]
s3: smbd: Now we're using OpenDir_fsp() all the time, make sure we don't leak file handles.
We must always set dir_hnd->fsp, even in the fallback to
SMB_VFS_OPENDIR() case. Remember if we had to fall back
and fix the destructor to close the additional file
descriptor if we did.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 15 Jul 2019 23:06:09 +0000 (16:06 -0700)]
s3: smbd: Change dptr_closecnum() to use dptr_close() instead of dptr_close_internal().
This will allow us to close any outstanding handles on
an SMB1 connection as later commits move us to using directory
handles instead of pathname directory opens.
This is inefficient, as it means walking the list twice,
but this will only be called with active dptrs in the
OS/2 -1 case, in the connection shutdown case the
directory handles will already have been closed.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 17 Jul 2019 19:57:00 +0000 (12:57 -0700)]
s3: smbd: Make dptr_close() safe to call with an fsp handle stored in dptr->dir_hnd.
SMB1 doesn't currently do this, but subsequent changes will add handle based
calls to SMB1 so dptr_close() has to be able to cleanly remove any back pointers.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 17 Jul 2019 18:00:06 +0000 (11:00 -0700)]
s3: smbd: Add dptr_fsp() to return any stored files_struct pointer.
Will allow [find/search]_next() calls to find and close any associated
fsp. This function is temporary and will eventually go away once I
modify dptr_fetch() to return an fsp.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
wafsamba: change --picky-developer into --disable-warnings-as-errors
By default we're using -Werror now if --enable-developer is
specified.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 6 07:50:14 UTC 2019 on sn-devel-184
Use iterate_range kv op to skip the index section of the database when
running a full search. Quick local testing showed 18% improved throughput
on a full search with no results on a 50k database. With more results,
improvement is smaller but still noticeable.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 2 02:29:42 UTC 2019 on sn-devel-184
Günther Deschner [Wed, 31 Aug 2016 13:55:10 +0000 (15:55 +0200)]
tests/dcerpc/raw_protocol: Add more tests for DCERPC_AUTH_LEVEL_PACKET
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 1 16:59:02 UTC 2019 on sn-devel-184
smbd: Fix use-after-free from exit_server_common()
We need to keep the smbXsrv_connection structures around until all
pending requests have had their chance to clean up behind them. If you
look at srv_send_smb(), it's exactly prepared already to just drop
anything on the floor when the transport has been declared dead:
if (!NT_STATUS_IS_OK(xconn->transport.status)) {
/*
* we're not supposed to do any io
*/
return true;
}
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 1 15:39:13 UTC 2019 on sn-devel-184
Note: Unlike the current documentation, the utf16 string
is not null-terminated, that matches Windows Server 1903
as a client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14055
RN: Add the target server name of SMB 3.1.1 connections
as a hint to load balancers or servers with "multi-tenancy"
support.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Aurelien Aptel <aaptel@suse.com>
Michael Adam [Wed, 31 Jul 2019 22:47:29 +0000 (00:47 +0200)]
vfs:glusterfs_fuse: build only if we have setmntent()
FreeBSD and other platforms that don't have setmntent() and friends can
not compile this module. This patch lets changes the build to only
compile this module if the setmntent() function is found.
This is the a follow-up fix to the actual fix for bug #13972.
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Aug 1 09:49:04 UTC 2019 on sn-devel-184
To run: make test TESTS="samba3.smbtorture_s3.plain.TLDAP"
Reverting the above commit makes this test fail:
'GUID format in control (no hyphens) doesn't match output
tldap_search with extended dn (no val) failed: LDAP error 0 (TLDAP_SUCCESS),
TEST TLDAP FAILED!'
This behaviour couldn't be tested via LDB libraries because they never
deal with the underlying DN string.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14029
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 1 06:20:28 UTC 2019 on sn-devel-184
Garming Sam [Wed, 31 Jul 2019 03:29:07 +0000 (15:29 +1200)]
tests/tldap: Actually check the paging return code
The test never worked correctly because the code was overlooked. It was
also the case that the connection was never authenticated, and so an
LDAP BIND call has now been added.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14029
Garming Sam [Wed, 31 Jul 2019 01:39:13 +0000 (13:39 +1200)]
tldap: Paged searches fail when they get to the end
The normal case hit the goto label, and should have just returned.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14029
Garming Sam [Wed, 31 Jul 2019 01:08:23 +0000 (01:08 +0000)]
tldap: Make memcpy of no controls safe
Static analyzers sometimes complain about this case.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14029
Douglas Bagnall [Tue, 30 Jul 2019 22:20:07 +0000 (10:20 +1200)]
CID 1452121: dsdb/mod/partition: protect whole function with NULL check
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 31 04:08:48 UTC 2019 on sn-devel-184
Garming Sam [Wed, 24 Jul 2019 02:53:33 +0000 (14:53 +1200)]
tests/drs_no_dns: Check dbcheck and ldapcmp pass
When joining a DC without DNS partitions, make sure that the alternate
flow of creating them afterwards results in a database with everything
that is necessary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14051
RN: Allow a DC join without DNS partitions, to add them later
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 24 Jul 2019 03:18:40 +0000 (15:18 +1200)]
netcmd: Allow drs replicate --local to create partitions
Currently, neither the offline (--local) or online (normal replica sync)
methods allow partition creation post-join. This overrides the Python
default to not create the DB, which allows TDB + MDB to work.
This now removed comment describes the bug correctly:
/*
* As this timer event is owned by req, it will
* disappear if req it talloc_freed.
*/
In smb1, "req" disappears once the reply_whatever routine is done. Thus
the timer goes away and we never look at "req" again.
This change moves the valid data (xconn and mid) to
deferred_open_record, and changes the talloc hierarchy such that the
timer is now a child of open_rec, which is a child of the deferred
message.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14060 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 31 00:12:34 UTC 2019 on sn-devel-184
Martin Schwenke [Thu, 27 Jun 2019 06:14:26 +0000 (16:14 +1000)]
ctdb-mutex: Add support for exiting if the lock file disappears
If the lock file is inaccessible or the inode number changes then the
lock is lost, so exit. This allows the recovery daemon to trigger an
election. The ensuing recovery will re-take the lock.
By default the lock file is checked every 60 seconds. A lot can
happen in 60 seconds but being more aggressive and accessing the lock
too often could result in a performance issue for the cluster
filesystem.
An new optional 2nd argument is added, which is the lock file re-check
time in seconds.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 27 Jun 2019 03:45:01 +0000 (13:45 +1000)]
ctdb-mutex: Change parent checking to use an asynchronous computation
Put the checking for the process being immediately re-parented into
the computation too. This will be very rare and doing it
consistently makes testing saner.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 5 Jul 2019 05:39:23 +0000 (15:39 +1000)]
ctdb-mutex: Exit immediately if the lock isn't taken
There is no need to wait until the parent kills the helper. The
parent will get the initial response, indicating contention or
similar, and will then get a separate event indicating that the pipe
is gone.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 5 Jul 2019 03:13:16 +0000 (13:13 +1000)]
ctdb-mutex: Update to use modern debug macro
One of these had a missing space, so this implicitly fixes it. It
also drops the need to unnecessarily include common.h, which comes
with some dependency baggage.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 15 Jul 2019 22:58:33 +0000 (08:58 +1000)]
ctdb-recoverd: Periodically log recovery master of incomplete cluster
Only do this if the recovery lock is unset. Log every minute for the
first 10 minutes, then every 10 minutes, then every hour.
This is useful for determining whether a split brain occurred. It is
particularly useful if logging failed or was throttled at startup, so
there is no evidence of the split brain when it began.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
In tini, allow_empty_value=false causes the parser to ignore the lines
without '=' sign, but lines with nothing after '=' sign are allowed and
cause empty string ("") to be passed as a value.
This is counter-intuitive, so conf requires special handling for empty
values (which are treated as invalid).
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
s3:rpc_server: Only dump passwords in developer builds
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 26 03:05:01 UTC 2019 on sn-devel-184
David Disseldorp [Fri, 12 Jul 2019 15:29:23 +0000 (17:29 +0200)]
netlogon: Fix potential use of uninitialized variable
The _netr_NetrEnumerateTrustedDomains()->dcerpc_lsa_open_policy2() error
path checks the policy handle and closes it if non-empty. The policy
handle may be uninitialized in this code-path - fix this.
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib:crypto: Don't build RC4 if we have GnuTLS >= 3.4.7
We have a GnuTLS DCEPRC backupkey implementation for the server and the
test. However this is only working with GnuTLS >= 3.4.7. So we need to
keep this around till we can require at least GnuTLS in a newer version.
projects / thirdparty / samba.git / log
