Pavel Filipenský [Sun, 13 Oct 2024 19:57:27 +0000 (21:57 +0200)]
smbtorture: Allow debugging output to be configured using smb.conf parameters
It might be useful to see timestamps for some smbtorture tests.
Timestamps can be printed via 'debug syslog format=always'.
It can be specified either in smb.conf or directly via smbtorture option
-T 'OPTION=VALUE' smb.conf option line
However, smbtorture is not evaluating the option. It needs to call
reopen_logs()->debug_set_settings() to copy
'Globals.debug_syslog_format' to 'state->settings.debug_syslog_format'
dbwrap_lock_order_unlock: release lock order 3 for /home/pfilipen/ws/projects/samba/smbtorture/st/client/lockdir/g_lock.tdb
waited
child 2473726 exited with 0
g_lock_lock_retry: watch_recv returned NT_STATUS_OK
After (see 1 sec delay):
2024-10-13T21:26:56.476859+00:00 addc.addom.samba.example.com smbtorture[2473806]: dbwrap_lock_order_unlock: release lock order 3 for /home/pfilipen/ws/projects/samba/smbtorture/st/client/lockdir/g_lock.tdb
waited
child 2473807 exited with 0
2024-10-13T21:26:57.487363+00:00 addc.addom.samba.example.com smbtorture[2473806]: g_lock_lock_retry: watch_recv returned NT_STATUS_OK
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Oct 10 15:17:46 UTC 2024 on atb-devel-224
dcesrv_core: fix the auth3 for large ntlmssp messages
I know finding any real logic in reading the patch,
doesn't really show what's going on. I tried hard
to simplify it, but this is the only way I found
that fixed the test_auth_pad_ntlm_2889_auth3 test
without breaking other tests...
dcerpc_util: let dcerpc_pull_auth_trailer() ignore data_and_pad for bind, alter, auth3
Sometimes Windows sends 3 presentation contexts (NDR32, NDR64,
BindTimeFeatureNegotiation) in the first BIND of an association.
Binding an additional connection to the association seems to
reuse the BIND buffer and just changes the num_contexts field from
3 to 2 and leaves the BindTimeFeatureNegotiation context as padding
in places.
Note, the auth_pad_length field is send as 0 in that case,
which means we need to ignore it completely, as well as any
padding before the auth header.
tests/dcerpc/raw_protocol: test invalid schannel binds
Note the ad_member will keep these as expected failures,
as it doesn't provide the netlogon service,
while the knownfail for the ADDC is only temporary.
tests/dcerpc/raw_protocol: add more test for auth padding during ALTER_CONTEXT/AUTH3
The aim is to keep testing the code paths, which are no longer
testing because allow_bind_auth_pad is false now, which
means the existing tests fail directly at the BIND,
but we also want to test the error handling on
ALTER_CONTEXT (and AUTH3).
dcesrv_core: disconnect after a fault with non AUTH_LEVEL_CONNECT bind
Without an auth context using DCERPC_AUTH_LEVEL_PACKET or higher
the fault to reject requests with an invalid auth level
should trigger a disconnect after sending the fault to
the client.
s4:selftest: only run ad_member with AUTH_LEVEL_CONNECT_LSA=1
We only want to test against
'allow dcerpc auth level connect:lsarpc = yes' once
in order to have the related code tests.
We use the ad_memeber for that special test and
use the default on the tested ADDC.
This reveals some knownfails, which will be fixed in
the next commit...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Oct 10 13:59:18 UTC 2024 on atb-devel-224
s3:smbd: allow reset_share_mode_entry() to handle more than one durable handle
This means that multiple durable handles with RH leases can
co-exist now... Before only the last remaining durable handle
was able to pass the SMB_VFS_DURABLE_DISCONNECT() step.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Oct 8 12:27:17 UTC 2024 on atb-devel-224
Martin Schwenke [Thu, 29 Aug 2024 08:38:58 +0000 (18:38 +1000)]
ctdb-server: Use find_public_ip_vnn() in a couple of extra places
Reorder code to use early returns, modernise debug.
Best reviewed with "git show -w".
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Oct 8 06:42:04 UTC 2024 on atb-devel-224
Martin Schwenke [Fri, 9 Aug 2024 00:53:46 +0000 (10:53 +1000)]
ctdb-daemon: Ensure CTDB_BASE is set, don't fetch it
Uses of CTDB_BASE in the subsequent code are now handled by the path
module, so there is no point getting the value of CTDB_BASE. Instead,
check that the attempt to set it worked, noting that:
[...] if overwrite is zero, then the value of name is not
changed (and setenv() returns a success status).
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Martin Schwenke [Thu, 25 Jul 2024 04:47:06 +0000 (14:47 +1000)]
ctdb-daemon: Add ctdb_vnn_address_string() and use in trivial places
Define a static function to return the string. This clearly doesn't
need a ctdb_ prefix, but it matches ctdb_vnn_iface_string(), so
doesn't look out of place.
Use it in the places where review is trivial.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Martin Schwenke [Thu, 25 Jul 2024 04:40:18 +0000 (14:40 +1000)]
ctdb-daemon: Store public address string in VNN
These are currently converted to strings constantly in log messages
and other places. This clutters the code and probably has a minor
performance impact.
Add a new string field to the VNN structure. Populate it when a
public address is added and the VNN structure is allocated. This is
consistent with how node addresses are handled.
Don't use it yet, or this commit becomes huge.
A short-term goal is that each VNN public address will be converted to
a string only once. A longer-term goal is to reduce use of
ctdb_addr_to_str().
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Martin Schwenke [Tue, 18 Jun 2024 05:38:18 +0000 (15:38 +1000)]
ctdb-daemon: Improve error handling when releasing all IPs
Currently, event failures are completely ignored in favour of checking
if the IP is on an interface. This misses the case where event
scripts up to and including 10.interface succeed, but something later
fails. When that occurs, count is incremented, so the failure is
counted as a success in the summary that is logged.
Fail when releaseip fails even though 10.interface succeeded in
releasing the IP. This may result in the IP address coming back, but
that's a different problem.
Underlying this is a design question about when releaseip is
successful. Should releaseip be a distinct operation, with subsequent
reconfigurations considered separately?
Update logging to clearly identify each of the 3 possible errors.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Martin Schwenke [Thu, 3 Oct 2024 05:13:30 +0000 (15:13 +1000)]
ctdb-tcp: Modernise a DEBUG
This is last old-style one in this file.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Oct 7 17:12:18 UTC 2024 on atb-devel-224
Martin Schwenke [Thu, 3 Oct 2024 05:07:40 +0000 (15:07 +1000)]
ctdb-tcp: Only attempt to automatically bind to local IPs
Automatic node address selection in the TCP transport does not work if
net.ipv4.ip_nonlocal_bind=1 because all nodes will be able to bind()
to the first address in the nodes list.
Before getting to the bind() step, add a check to see if an address is
local (i.e. on an interface). If not, it is not considered.
This is defensively coded so that this step is skipped if local
addresses can not be retrieved.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Martin Schwenke [Sun, 29 Sep 2024 04:10:22 +0000 (14:10 +1000)]
ctdb-server: Optimise local IP verification
It is more efficient calling ctdb_sys_local_ip_check() inside a loop
compared to calling ctdb_sys_have_ip(). There is a chance that this
is premature optimisation... but it sure is easy. Fall back to
checking with bind().
Martin Schwenke [Sun, 29 Sep 2024 04:06:51 +0000 (14:06 +1000)]
ctdb-server: Add some local variables
Improve readability by not repeating the complex expression now
assigned to addr. ctdb_sys_have_ip() is called in both arms of the
if/else, so call it once when declaring the new variable.
Modernise debug macros while touching lines.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Martin Schwenke [Sun, 29 Sep 2024 01:57:58 +0000 (11:57 +1000)]
ctdb-common: Add functions for local IP address checking
This is a wrapper around getifaddrs(2), which is in libreplace, so
should always be available.
Some users want to set net.ipv4.ip_nonlocal_bind = 1. So, CTDB needs
a way of testing if public IPs are present, without using bind(2).
Doing all of this unconditionally in ctdb_sys_have_ip() will be
inefficient in the recovery daemon's local IP verification if there
are a lot of IP addresses. Split it this way so the interface
information can be retrieved once and used multiple times.
This doesn't appear to need IP canonicalisation for IPv4-mapped IPv6
addresses.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Anoop C S [Tue, 17 Sep 2024 18:28:50 +0000 (23:58 +0530)]
vfs_glusterfs: Retrieve fs capabilities using vfs_get_fs_capabilities
vfs_glusterfs is supposed to be the last entry when listed with
other vfs modules. This is due to the fact that the connection path
is not local to the server but relative to the virtual remote file
system beneath it. Especially SMB_VFS_FS_CAPABILITIES implementation
from vfs_default is likely to return incorrect results based on the
connection path assumed to be local to the server which might not be
the case with glusterfs module stacked. Therefore it doesn't make sense
to pass through any vfs interface implementations further down the line
to vfs_default.
Instead make use of get_fs_capabilties to start with already known fs
capabilties from connect phase.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Oct 7 13:36:11 UTC 2024 on atb-devel-224
Anoop C S [Thu, 3 Oct 2024 06:59:58 +0000 (12:29 +0530)]
vfs_ceph_new: Populate fs capabilities within vfs_ceph_statvfs
SMB_VFS_STATVFS implementation for vfs_ceph_new failed to fill in the
FsCapabilities field for vfs_statvfs_struct. Insert the minimum
required values for defining the capabilties of a ceph file system.
Anoop C S [Tue, 17 Sep 2024 18:20:25 +0000 (23:50 +0530)]
vfs_ceph: Retrieve fs capabilties using vfs_get_fs_capabilities
vfs_ceph is supposed to be the last entry when listed with other vfs
modules. This is due to the fact that the connection path is not local
to the server but relative to the virtual remote file system beneath
it. Especially SMB_VFS_FS_CAPABILITIES implementation from vfs_default
is likely to return incorrect results based on the connection path
assumed to be local to the server which might not be the case with
ceph module stacked. Therefore it doesn't make sense to pass through
any vfs interface implementations further down the line to vfs_default.
Instead make use of get_fs_capabilties to start with already known fs
capabilties from connect phase.
Anoop C S [Mon, 23 Sep 2024 09:25:59 +0000 (14:55 +0530)]
vfs_ceph: Populate fs capabilities within cephwrap_statvfs
SMB_VFS_STATVFS implementation for vfs_ceph failed to fill in the
FsCapabilities field for vfs_statvfs_struct. Insert the minimum
required values for defining the capabilties of a ceph file system.
Anoop C S [Tue, 24 Sep 2024 05:36:58 +0000 (11:06 +0530)]
s3/smbd: Add a helper to fetch fs capabilities
We create a new helper function to retrieve the fs capabilties via
STATVFS call. Additionally set other capabilities based on specific
parametric options. This is 99.9% taken from SMB_VFS_FS_CAPABILITIES
implementation of vfs_default in preparation to be called from any
required vfs module.
Martin Schwenke [Wed, 4 Sep 2024 10:20:20 +0000 (20:20 +1000)]
ctdb-tests: Fix test failure when tests are installed
This currently works when tests are run in-tree.
However, when installed, use of an incorrect variable means it fails
to find statd_callout in the tests/ subdirectory. Switch to using the
correct variable.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sun Oct 6 11:07:05 UTC 2024 on atb-devel-224
Martin Schwenke [Wed, 4 Sep 2024 10:10:43 +0000 (20:10 +1000)]
ctdb-tests: Add missing quotes in test output
These should have caused test failure since commit ef921bdbdbacecf39ee2a1851f16dbba62175fcc. However, the test failure
occurred in a sub-shell, which covered the failure. So, add an error
exit if the sub-shell fails.
While here, add an error exit for another potential uncaught
sub-shell-related failure in a related test.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sun Oct 6 02:25:09 UTC 2024 on atb-devel-224
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Sat Oct 5 14:44:46 UTC 2024 on atb-devel-224
netcmd:domain:policy: Fix missing conversion from tgt_lifetime minutes to 10^(-7) seconds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15692 Signed-off-by: Andréas Leroux <aleroux@tranquil.it> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Oct 4 04:01:22 UTC 2024 on atb-devel-224
This should fix a few Coverity Resource Leak findings. Coverity does
not understand that SMB_ASSERT aborts the program, so it believes if
realloc fails we leak the previous allocation. Those are false
positives, but doing it this way does not cost much.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
ADD_TO_ARRAY with an explicit NULL mem_ctx is only used in 3
places. I've checked the other places, and I think I made sure that the
mem_ctx being passed in is non-NULL everywhere else.
This makes the "legacy" use with SMB_REALLOC more obvious.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
d1846452e96 vfs: Add VFS_OPEN_HOW_WITH_BACKUP_INTENT introduced
VFS_OPEN_HOW_WITH_BACKUP_INTENT for files opened with
FILE_OPEN_FOR_BACKUP_INTENT. shadow_copy2 refuses the open on a file if
any flage in how.resolve is set. Change the check in shadow_copy2 to
allow opening of files with VFS_OPEN_HOW_WITH_BACKUP_INTENT.
This fixes a O(n²) performance regression in notifyd. The problem was
that we had a watcher per notify instance. This changes the code to have
a watcher per notify db entry.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 1 14:22:43 UTC 2024 on atb-devel-224
s3:winbindd: let store_current_dc_in_gencache() take the dcaddr directly
We could avoid relying on smbXcli_conn_remote_sockaddr() as much as
possible, because we aim to remove domain->conn.cli same day...
Also note that find_dc() always filled domain->dcaddr already
when cm_open_connection() calls store_current_dc_in_gencache().
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Oct 1 11:01:35 UTC 2024 on atb-devel-224
s3:passdb: ENCTYPE_DES_CBC_MD5 is not longer used in secrets_domain_info_kerberos_keys()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 30 17:03:55 UTC 2024 on atb-devel-224
system_mitkrb5: require 1.16 as we use ENCTYPE_AES256_CTS_HMAC_SHA384_192
commit 8e931fce126e8c1128da893c806702731c08758a introduced that
implicit dependency, we better make it more clear, which might
allow relying on more modern stuff in future...
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sun Sep 29 11:49:13 UTC 2024 on atb-devel-224
projects / thirdparty / samba.git / log
