Björn Baumbach [Tue, 28 May 2019 12:52:36 +0000 (14:52 +0200)]
samba-tool: add 'import samba.drs_utils' to fsmo.py
On some systems we're seeing this:
ERROR(<type 'exceptions.AttributeError'>): uncaught exception - 'module' object has no attribute 'drs_utils'
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 185, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 533, in run
transfer_dns_role(self.outf, sambaopts, credopts, role, samdb)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 136, in transfer_dns_role
except samba.drs_utils.drsException as e:
E.g. it happens on debian stretch (9.9) with python 2.7.13 (on 4.10.4)
While it doesn't happen on ubuntu 18.04 with python 2.7.15rc1 or
with python 3.6.7.
There were also some reports on the mailing lists, see:
https://lists.samba.org/archive/samba-technical/2019-May/133624.html
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bbaumbach@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 30 08:27:24 UTC 2019 on sn-devel-184
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bbaumbach@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 27 May 2019 00:56:08 +0000 (12:56 +1200)]
s4 lib rpc pyrpc: Fix error message
Fix the error message returned when unable to initialise an event context.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Calling the "ldb_parse_tree" function with a filter consisting of
exactly a single space (" ") would trigger a read beyond the input
buffer. A unittest is included.
Signed-off-by: Michael Hanselmann <public@hansmi.ch> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Douglas Bagnall [Thu, 23 May 2019 21:58:12 +0000 (09:58 +1200)]
samba-tool dns: use bytes for inet_ntop
From Python's point of view, array.AddrArray is a list of byte-valued
integers. In Python 3 we can convert directly using the likes of
bytes(array.AddrArray[i].MaxSa[8:24])
but in 4.10 we need to support both, so we use struct.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed May 29 11:29:17 UTC 2019 on sn-devel-184
source3/printing/notify.c:94: error: nullPointerArithmetic: Pointer addition with NULL pointer. <--[cppcheck]
/home/samba/samba-pidl/source3/printing/notify.c:96: error: nullPointerArithmetic: Pointer addition with NULL pointer. <--[cppcheck]
/home/samba/samba-pidl/source3/printing/notify.c:103: error: nullPointerArithmetic: Pointer addition with NULL pointer. <--[cppcheck]
flatten_message function depends on behaviour of tdb_pack which will
return the bytes that would be written (without actually writing to the
buffer) if the bufsize passed is <=0. What we need to avoid here is the
default modification of buf (when it is initially NULL)
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
Noel Power [Tue, 21 May 2019 13:08:15 +0000 (13:08 +0000)]
s3/lib: don't write to buffer (which might be NULL) if bufsize <=0
Some code depends that tdb_pack[va] will return the bytes it would
write to 'buf' if the bufsize passed in is <=0, writing to the
buffer is protected by with lines like
if (bufsize && bufsize >= len) {
/* write to 'buf' */
}
however in these instances the local pointer to the buffer is still
modified
buf += len;
It's quite probable if bufsize == 0 that buf itself is NULL,
in this case we should protect against performing pointer arithmetic.
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
Aaron Haslett [Fri, 24 May 2019 03:34:43 +0000 (15:34 +1200)]
ldb: Release ldb 2.0.3
* Default pack format changed to version 2 for GUID Indexed databases
(essentially Samba's sam.ldb). This means faster unpacking for records
with lots of attributes.
* Enforce link between all new database features, following toggling of
GUID indexing. If user toggles GUID indexing on/off, target pack format
is changed. Likewise the special ORDERED_INTEGER index format is used
(when GUID indexing on) or behaves like INTEGER (when GUID indexing off).
* Database repacked if packing format not as expected.
* In the case of MDB, since GUID indexing is mandatory, feature toggling
provided by pack_format_override LDB option.
* Check for errors from ldb_unpack_data() in ldb_tdb
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 29 05:56:59 UTC 2019 on sn-devel-184
Aaron Haslett [Fri, 24 May 2019 02:54:03 +0000 (14:54 +1200)]
downgradedatabase: blackbox: MDB backend
When Samba uses TDB as a backend store, all new database features are
toggled on/off when GUID indexing is toggled. But, GUID indexing can't
be disabled on MDB, so the other features are toggled separately.
Consequently, the downgradedatabase script behaves differently depending
on the database backend. This patch adds testing for the MDB behaviour.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Aaron Haslett [Thu, 23 May 2019 08:06:56 +0000 (20:06 +1200)]
downgradedatabase: adding special case for MDB
Though this script was initially written for undoing GUID indexing on
TDB databases, we're repurposing it to do a full downgrade of any
database. MDB databases can't be DN indexed, but they can have pack
format version 2 and ORDERED_INTEGER data types, which must be removed
during a downgrade.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Aaron Haslett [Thu, 23 May 2019 08:13:05 +0000 (20:13 +1200)]
dsdb: disable ORDERED_INTEGER with MDB pack format v1
For TDB databases, the new ORDERED_INTEGER type is disabled along with
repacking at format version 1 if GUID indexing is disabled, so all the new
database features are toggled together. This scheme doesn't work with
MDB because GUID indexing is mandatory when using MDB. However, a
downgrade path is still required so in a previous commit we added
a pack_format_override option which allows a downgrade script to force
the database to use an earlier packing format. But, the new
ORDERED_INTEGER type would still be present in MDB databases so this
patch reads the pack_format_override opaque and converts ORDERED_INTEGER
types in @ATTRIBUTES to INTEGER and doesn't write any indexes of that
type to @INDEXLIST. The @INDEXLIST will be refreshed later, on the first
transaction.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Aaron Haslett [Thu, 23 May 2019 07:49:39 +0000 (19:49 +1200)]
ldb: pack_format_override option
For TDB databases, toggling GUID indexing mode will also toggle
pack format version 2. This provides a convenient downgrade path for
Samba databases, but the process doesn't work for MDB databases because
GUID indexing cannot be disabled when the MDB backend is used. This patch
addresses that corner case by providing support for a pack_format_override
option which will force the database to use pack format version 2.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Aaron Haslett [Thu, 23 May 2019 02:42:35 +0000 (14:42 +1200)]
downgradedatabase: blackbox: database repacked
Now that the database is repacked when GUID indexing is toggled on TDB,
test that downgradedatabase repacks a TDB-backed database with V2 pack
format database with V1.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Aaron Haslett [Mon, 20 May 2019 05:59:33 +0000 (17:59 +1200)]
ldb: python test for repack
Python test to confirm that after enabling or disabling GUID indexing,
the database is repacked on the next transaction with V1 if GUID
indexing was disabled, or V2 if it was enabled.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Aaron Haslett [Mon, 13 May 2019 04:37:25 +0000 (16:37 +1200)]
ldb: repack old format database if GUID indexing enabled
VERY IMPORTANT PATCH
Now that we have a new packing format, we need to enable it by repacking
the database. We've decided to link all new database features together,
so once GUID indexing is enabled, the database will be repacked with
version 2 format. Repacking is done following the same iterate pattern as
reindexing.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Aaron Haslett [Wed, 22 May 2019 02:07:19 +0000 (14:07 +1200)]
ldb: binding ordered indexes to GUID indexing
To reduce the number of potential combinations of database features in
ldb, we want to link all new database features since 4.7. GUID indexing,
ordered integers, and pack format changes will all upgrade together.
This patch makes ordered integers only function if GUID indexing is
enabled. If GUID indexing is disabled, ORDERED_INTEGER will not be
written to @ATTRIBUTES and a syntax's index_format_fn will never be
used.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Aaron Haslett [Tue, 28 May 2019 01:00:43 +0000 (13:00 +1200)]
ldb: only used a->syntax->index_format_fn if GUID indexing is enabled
Only enable ORDERED_INTEGER and index_format_fn functionality if GUID
indexing is enabled. This is in line with the rest of ldb_kv which binds
the new ORDERED_INTEGER to GUID indexed databases, and allows a practical
way to create the old index format (by disabling the GUID index).
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Aaron Haslett [Fri, 24 May 2019 02:37:50 +0000 (14:37 +1200)]
sambaundoguididx: renamed to downgradedatabase
In forthcoming commits we're going to repurpose this script to do an
entire downgrade of a database, disabling all new database features.
downgradedatabase is a more appropriate name.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 22 May 2019 04:38:08 +0000 (16:38 +1200)]
ldb: Fix segfault parsing new pack formats
We need to check for the errors given by ldb_unpack() et al by preserving
the error code from kv_ctx->parser() called by tdb_parse_record() in
ltdb_parse_record().
Otherwise we will silently accept corrupt records and segfault later.
Likewise new pack formats will confuse the parser but not be
detected except by the incomplete struct ldb_message.
With this patch, the user will see a message like:
Invalid data for index DN=@BASEINFO
Failed to connect to 'st/ad_dc/private/sam.ldb' with backend 'tdb': Unable to load ltdb cache records for backend 'ldb_tdb backend'
Failed to connect to st/ad_dc/private/sam.ldb - Unable to load ltdb cache records for backend 'ldb_tdb backend'
This can be refined in the future by a specific check for
pack format versions in a higher caller, but this much is
needed regardless to detect corrupt records.
Volker Lendecke [Mon, 27 May 2019 14:21:12 +0000 (16:21 +0200)]
smbd: Adapt brl_pending_overlap to README.Coding
Just reformatting, no behaviour change. This just looked too ugly to me.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 28 22:22:28 UTC 2019 on sn-devel-184
Volker Lendecke [Fri, 24 May 2019 13:58:09 +0000 (15:58 +0200)]
smbd: Simplify fsp_lease_update()
We don't need a share mode lock from a data dependency point of view
anymore, the leases data moved to leases.tdb. However, from a
coherency point of view it's probably wise to do this under a share
mode lock.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Looks like the dirty redefine trick doesn't work anymore with newer flex
versions. According to the flex manual the right thing to do is to provide own
functions for yyalloc and yyrealloc when passing the options "noyyalloc
noyyrealloc".
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue May 28 11:49:06 UTC 2019 on sn-devel-184
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 28 08:32:10 UTC 2019 on sn-devel-184
python/ntacls: we only need security.SEC_STD_READ_CONTROL in order to get the ACL
We should avoid security.SEC_FLAG_MAXIMUM_ALLOWED otherwise
we may get NT_STATUS_SHARING_VIOLATION when we run
'samba-tool domain backup online' against a Windows DC.
Windows DCs have hidden folders for the NtFrs or Dfsr services,
which are locked by the running service.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon May 27 14:29:36 UTC 2019 on sn-devel-184
Jeremy Allison [Thu, 23 May 2019 20:33:21 +0000 (13:33 -0700)]
s3: winbind: Fix crash when invoking winbind idmap scripts.
Previously the private context was caching a pointer to
a string returned from lp_XXX(). This string can change
on config file reload. Ensure the string is talloc_strup'ed
onto the owning context instead.
Reported by Heinrich Mislik <Heinrich.Mislik@univie.ac.at>
Gary Lockyer [Thu, 23 May 2019 23:00:05 +0000 (11:00 +1200)]
Fix ubsan null pointer passed as argument 2
Fix ubsan warning null pointer passed as argument 2 when the source
pointer is NULL. The calls to memcpy are now guarded by an
if (len > 0)
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon May 27 01:29:48 UTC 2019 on sn-devel-184
Volker Lendecke [Thu, 23 May 2019 09:11:11 +0000 (11:11 +0200)]
lib: Only compile resolvconftest if fmemopen exists
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13961 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 25 00:05:25 UTC 2019 on sn-devel-184
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 24 20:12:02 UTC 2019 on sn-devel-184
Jeremy Allison [Fri, 17 May 2019 04:45:21 +0000 (21:45 -0700)]
lib: popen: Prepare to remove sys_popen().
Add sys_popenv(char * const argl[]) that uses a NULL
terminated vector array of args. Change sys_popen() to
split up its command string and call sys_popenv().
Once all callers are converted to sys_popenv() we
can remove sys_popen().
Karolin Seeger [Tue, 21 May 2019 08:41:22 +0000 (10:41 +0200)]
docs: Add another dns forwarder in the example.
Clarify how to list several dns forwarders.
Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Björn Baumbach <bb@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Fri May 24 11:02:18 UTC 2019 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Gary Lockyer <gary@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 24 07:23:42 UTC 2019 on sn-devel-184
Gary Lockyer [Tue, 21 May 2019 01:17:22 +0000 (13:17 +1200)]
ldap server: generate correct referral schemes
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 24 05:12:14 UTC 2019 on sn-devel-184
Gary Lockyer [Tue, 21 May 2019 01:14:08 +0000 (13:14 +1200)]
ldap tests: test scheme for referrals
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
Tim Beale [Thu, 23 May 2019 04:58:20 +0000 (16:58 +1200)]
selftest: Use scalar variable for new daemon_ctx hashmap
The selftest code typically stores hashmaps as scalar variables (i.e.
it only ever uses references to hashmaps). So much so that using a regular
hashmap (and passing it by reference via \%daemon_ctx) looks out of
place.
Using the hashmap directly made more sense when it was only being used
locally, but now the hashmap is being passed by reference into a function
anyway, so storing it as a scalar doesn't make much difference.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Thu, 23 May 2019 04:35:07 +0000 (16:35 +1200)]
selftest: Add common fork_and_exec() function
Now the code has been refactored, we can move it into a common function.
This reduces code duplication and means we have a common place where we
start samba daemons from.
Note that some daemons behave slightly different, but the $daemon_ctx
allows us to customize their behaviour a bit.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Thu, 23 May 2019 03:47:46 +0000 (15:47 +1200)]
selftest: Rework setting env variables for other forked binaries
Final refactor to merge the fork-and-exec code into a common function.
We can now use $daemon_ctx{ENV_VARS} to customize differences between
the forked binaries:
- samba: add in extra env variables on top of the defaults.
- dns_hub: there are no ENV variables we need to export.
- winbindd/smbd: these use the defaults, so they pass through an
undefined $daemon_ctx{ENV_VARS} (purely to make the code common across
all 5 places).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Thu, 23 May 2019 03:47:46 +0000 (15:47 +1200)]
selftest: Rework setting env variables for nmbd
Instead of having a special $skip_resolv_conf parameter just for nmbd,
use the get_env_for_process() API and customize the hashmap returned.
Pass the customized hashmap in as an optional part of the daemon_ctx.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Thu, 23 May 2019 01:45:49 +0000 (13:45 +1200)]
selftest: Store fork-and-exec daemon info in a hashmap
This intermediary refactor adds a hashmap that stores the values needed
to run each samba daemon. This adds a bit more code in the short term,
but it basically means the code in 5 different places now becomes
identical, and we can extract it out to a common function.
The converting FULL_CMD from an array reference back to an array is a
bit ugly, but we can clean this up a bit once the code is all in one
place.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
projects / thirdparty / samba.git / log
