Michael Adam [Mon, 24 Sep 2018 23:10:31 +0000 (01:10 +0200)]
WIP: add test smb2.lock.replay-persistent
Michael Adam [Tue, 16 Oct 2018 09:40:59 +0000 (11:40 +0200)]
torture:smb2:util: use smb2_util_share_access in torture_smb2_testfile_access()
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Fri, 21 Sep 2018 10:49:51 +0000 (12:49 +0200)]
torture: rename smb2.lock.replay to smb2.lock.replay-resilient
In preparation for adding a variant of the test for persistent
file handles.
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Mon, 22 Feb 2016 16:41:52 +0000 (17:41 +0100)]
selftest:knownfail: smb2.lock.*replay succeed now
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Thu, 20 Sep 2018 16:17:35 +0000 (18:17 +0200)]
smbd: enable lock sequence checking only if the server has multi-channel enabled
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Thu, 20 Sep 2018 16:23:44 +0000 (18:23 +0200)]
torture: skip the smb2.lock.replay for samba if multi-channel is not enabled
The server currently only enables lock sequence checking when
multi channel is activated.
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Thu, 20 Sep 2018 16:55:10 +0000 (18:55 +0200)]
selftest: run the smb2.lock tests against the nt4_dc_multichannel env
So the replay test can succeed.
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Thu, 20 Sep 2018 16:54:35 +0000 (18:54 +0200)]
selftest: Add a new test environment with multi-channel enabled
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Thu, 20 Sep 2018 16:36:02 +0000 (18:36 +0200)]
torture: make special treatment samba case more obvious
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Thu, 20 Sep 2018 16:35:26 +0000 (18:35 +0200)]
torture: add explaining comment for non-samba block in smb2.lock.replay
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Thu, 20 Sep 2018 16:34:22 +0000 (18:34 +0200)]
torture: exit early for samba3 with too old protocol in smb2.lock.replay
Signed-off-by: Michael Adam <obnox@samba.org>
Günther Deschner [Mon, 25 Jan 2016 17:56:47 +0000 (18:56 +0100)]
s3-smbd: enable SMB2 lock sequence checking when SMB3 is enabled.
While windows enables it only for resilient and persistent handles a SMB server
SHOULD (according to MS-SMB2 section 3.3.5.14 ) activate processing of lock
sequence numbers for EITHER
- protocol dialect 2.1 and resilient handles OR
- protocol dialect 3.x.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Günther Deschner [Mon, 25 Jan 2016 17:55:37 +0000 (18:55 +0100)]
s4-torture: in smb2.lock.replay try testing lock sequence checking against SMB3 samba servers.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Michael Adam [Thu, 20 Sep 2018 10:45:17 +0000 (12:45 +0200)]
torture: fix and improve the smb2.lock.replay test
The test was wrong in that it used an invalid
lock sequence bucket (65) where it actually wanted
to use a valid on (64), and hence the test results
(which were adapted to the real responses) were not
quite logical.
This patch fixes this and also improves some of
the comments so that the flow of the patch becomes
a little more obvious.
Signed-off-by: Michael Adam <obnox@samba.org>
Günther Deschner [Mon, 25 Jan 2016 13:54:30 +0000 (14:54 +0100)]
s4-torture: make smb2.lock.replay test work against Windows 2012 R2.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Wed, 24 Oct 2012 13:55:20 +0000 (15:55 +0200)]
s3:smb2_lock: implement lock_sequence replay detection
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 24 Oct 2012 12:53:05 +0000 (14:53 +0200)]
s3:smb2_lock: pass in_lock_sequence to smbd_smb2_lock_send()
Take the value from the client if the dialect is SMB2_10 or higher,
otherwise default to 0.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Wed, 24 Oct 2012 13:17:56 +0000 (15:17 +0200)]
s3:smbXsrv_open: initialize smbXsrv_open_global->lock_sequence_array with 0xFF
This does not match the current documentation, but is very likely the
right thing to do.
If we would match the documentation and initialize with 0x00,
we would return STATUS_SUCCESS without doing any locks.
If the client also follows the documentation and starts
with a lock_sequence of 0 for the first operation.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Wed, 24 Oct 2012 13:06:54 +0000 (15:06 +0200)]
s3:smbXsrv.idl: add lock_sequence_array to smbXsrv_open_global0
This is needed for lock replay detection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Wed, 10 Oct 2018 14:09:32 +0000 (16:09 +0200)]
s3:lib:popt: Use memset_s() to burn password string
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 16 11:38:40 CEST 2018 on sn-devel-144
Andreas Schneider [Wed, 10 Oct 2018 14:05:46 +0000 (16:05 +0200)]
replace: Add memset_s() if not available
See https://en.cppreference.com/w/c/string/byte/memset
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Douglas Bagnall [Wed, 10 Oct 2018 22:59:52 +0000 (11:59 +1300)]
samba-tool drs showrepl: do not crash if no dnsHostName found
This should not happen, but it does sometimes in an autobuild
environment. Rather than reporting this by crashing, we report it by
showing there is no DNS name.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Oct 12 15:27:07 CEST 2018 on sn-devel-144
Tim Beale [Thu, 11 Oct 2018 04:50:52 +0000 (17:50 +1300)]
dsdb: Add dsdb_request_has_control() helper function
Most of the DSDB modules only want to check the existence of a control,
rather than access the control itself. Adding a helper function allows
the code to ask more natural-sounding yes/no questions, and tidies up
an ugly-looking long-line in extended_dn_out.c.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Oct 12 07:23:26 CEST 2018 on sn-devel-144
Tim Beale [Thu, 4 Oct 2018 01:37:44 +0000 (14:37 +1300)]
netcmd: Change Py3 incompatible long() for tombstone expunge
The code to expunge tombstones uses long(), which is not Python3
compatible. Python3 uses int() instead, and works out how big it needs
to be.
As long as we don't run the samba-tool command on a 32-bit machine
after the year 2038, then we should avoid any integer overflow on
Python 2.x.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Tim Beale [Fri, 28 Sep 2018 02:55:14 +0000 (14:55 +1200)]
dsdb: Remove redundant variable/check
Previously, this code used to live inside the loop, so the
checked_reveal_control was needed to save ourselves unnecessary work.
However, now that the code has been moved outside the loop, the
checked_reveal_control variable is just unnecessary complication.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Wed, 12 Sep 2018 19:48:04 +0000 (14:48 -0500)]
dsdb: Ensure that a DN (now) pointing at a deleted object counts for objectclass-based MUST
Add the 'reveal_internals' controls when performing objectclass-based
checks of mandatory attributes. This prevents the extended_dn DSDB
module from suppressing attributes that point to deleted (i.e.
non-existent/expunged) objects.
This ensures that, when modifying an object (and often not even
touching the mandatory attribute) that the fact that an attribute is a
DN, and the DN target is deleted, that the schema check will still pass.
Otherwise a fromServer pointing at a dead server can cause failures,
i.e. you can't modify the affected object at all, because the DSDB
thinks a mandatory attribute is missing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13621
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Tim Beale [Fri, 28 Sep 2018 00:35:35 +0000 (12:35 +1200)]
tests: Add corner-case test: fromServer points to dead server
The fromServer attribute is slightly unique, in that it's a DN (similar
to a one-way link), but it is also a mandatory attribute.
Currently, if fromServer gets a bad value (i.e. a dead server that has
been expunged), the DSDB rejects any attempts to modify the associated
nTDSConnection object (regardless of whether or not you're actually
changing the fromServer attribute).
This patch adds a test-case that demonstrates how the DB can get into
such a state.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13621
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Wed, 10 Oct 2018 04:51:54 +0000 (17:51 +1300)]
s4/script/samba_upgradeprovision: set global dnNotToRecalculateFound var
as probably intended. Without this the local variable shadows the
global one and is never used while the global one is never changed.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
Douglas Bagnall [Wed, 10 Oct 2018 04:50:24 +0000 (17:50 +1300)]
s4/script/samba_upgradeprovision: remove unused variable
A similarly named variable is always set two lines down, so we don't need this
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
Douglas Bagnall [Wed, 10 Oct 2018 04:40:25 +0000 (17:40 +1300)]
s4/script/samba_upgradeprovision: remove duplicate (contradictory) dict key
The second, winning, entry says '"defaultSecurityDescriptor": replace + add'
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
Douglas Bagnall [Wed, 10 Oct 2018 04:36:50 +0000 (17:36 +1300)]
s4/script/samba_upgradeprovision: use int not long for Python 3
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
Björn Baumbach [Thu, 27 Sep 2018 08:32:37 +0000 (10:32 +0200)]
vfs_full_audit: ntimes: log a-, m-, c- and creation-time
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Thu Oct 11 13:40:27 CEST 2018 on sn-devel-144
Björn Baumbach [Fri, 31 Aug 2018 14:12:34 +0000 (16:12 +0200)]
dns update: add missing newline in error debug message
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Wed, 19 Sep 2018 14:36:45 +0000 (16:36 +0200)]
selftest: test samba-tool ntacl get/set on AD member server
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 4 Sep 2018 14:32:50 +0000 (16:32 +0200)]
samba-tool ntacl: allow to run get/set-ntacl command in non-AD-DC role
Can be used to get and apply NT-ACLs on Samba member servers.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 4 Sep 2018 14:30:53 +0000 (16:30 +0200)]
s3/py_passdb: add get_domain_sid() to get domain sid from secrets database
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 4 Sep 2018 14:20:49 +0000 (16:20 +0200)]
samba-tool ntacl: pass system session to get/set-ntacl functions
The filled session is needed in different vfs modules.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Wed, 19 Sep 2018 14:52:54 +0000 (16:52 +0200)]
pysmbd: handle file not found error
Avoid PANIC: internal error
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 4 Sep 2018 13:29:58 +0000 (15:29 +0200)]
pysmbd: add option to pass a session info to set_nt_acl() function
A filled session info is needed by some vfs modules, e.g. full_audit.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 25 Sep 2018 11:16:15 +0000 (13:16 +0200)]
s4-auth: allow to pass original_user_name=NULL to auth_session_info_fill_unix()
With this patch the auth_session_info_fill_unix() uses the "unix_name"
from the session_info->unix_info if no original_user_name was specified.
This is used to process a system session info where no original_user_name
is given.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 25 Sep 2018 11:11:09 +0000 (13:11 +0200)]
s4-auth: allow to create unix token from system session info
Without this patch security_token_to_unix_token() fails with
NT_STATUS_ACCESS_DENIED, because the system session does only
have one SID.
For a typical token are at least two or more SIDs expected.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 4 Sep 2018 12:46:03 +0000 (14:46 +0200)]
s4-auth: fetch possible out of memory error
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 4 Sep 2018 12:45:05 +0000 (14:45 +0200)]
s4-auth: use TALLOC_FREE() shortcut
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 4 Sep 2018 12:43:33 +0000 (14:43 +0200)]
s4-auth: fix a typo in a comment
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Tue, 4 Sep 2018 12:37:41 +0000 (14:37 +0200)]
python: Add samba.auth.copy_session_info()
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Björn Baumbach [Thu, 30 Aug 2018 14:33:25 +0000 (16:33 +0200)]
auth: move copy_session_info() from source3 into the global auth context
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Ralph Boehme [Tue, 9 Oct 2018 08:15:37 +0000 (10:15 +0200)]
vfs_fruit: move check in ad_convert() to ad_convert_*() subfunctions
Currently the whole conversion is skipped if the FinderInfo entry in the
AppleDouble file is of the default size (ie not containing xattrs).
That also means we never converted FinderInfo from the AppleDouble file
to stream format. This change finally fixes this.
Note that this keeps failing with streams_depot, much like the existing
known-fail of "samba3.vfs.fruit streams_depot.OS X AppleDouble file
conversion". Fixing the conversion to work with vfs_streams_depot is a
task for another day.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 11 01:30:13 CEST 2018 on sn-devel-144
Ralph Boehme [Mon, 8 Oct 2018 16:47:32 +0000 (18:47 +0200)]
vfs_fruit: make call to ad_convert_truncate() optional
Call ad_convert_truncate() based on whether the previous call
ad_convert_xattr() returned converted_xattr=true.
Upcoming fixes for a different Samba bug (#13642) will hook into calling
ad_convert_truncate() in other cases, this also prepares for that.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 8 Oct 2018 16:43:51 +0000 (18:43 +0200)]
vfs_fruit: add out arg "converted_xattr" to ad_convert_xattr
Used to let the caller know if a conversion has been done. Currently not
used in the caller, that comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 8 Oct 2018 10:51:37 +0000 (12:51 +0200)]
vfs_fruit: add check for OS X filler in FinderInfo conversion
This ensures that the function only acts on AppleDouble files created by
macOS and not AppleDouble files created by us that are already in the
correct format (only using the Resource Fork).
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 20:05:43 +0000 (22:05 +0200)]
vfs_fruit: call ad_convert_move_reso() from ad_convert_xattr()
ad_convert_xattr() is the place that triggers the need to move the
resource fork, so it should also call ad_convert_move_reso().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 15:07:45 +0000 (17:07 +0200)]
vfs_fruit: let the ad_convert_*() subfunction update the on-disk AppleDoube header as needed
Another step in simplifying ad_convert() itself. It means that we may
write to disk twice, but is only ever done once per AppleDouble file.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 14:59:18 +0000 (16:59 +0200)]
vfs_fruit: let the ad_convert_*() subfunctions mmap as needed
This may mean that we mmap twice when we convert an AppleDouble file,
but this is the only sane way to cleanly modularize ad_convert().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 14:52:32 +0000 (16:52 +0200)]
vfs_fruit: fix error returns in ad_convert_xattr()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 17:15:04 +0000 (19:15 +0200)]
vfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_move_reso()
We really want the fixed size offset here, not a calculated one. Note
that "ad_getentryoff(ad, ADEID_FINDERI) + ADEDLEN_FINDERI" is equal to
ADEDOFF_RFORK_DOT_UND.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 14:44:53 +0000 (16:44 +0200)]
vfs_fruit: split out moving of the resource fork
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 17:15:04 +0000 (19:15 +0200)]
vfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_truncate()
We really want the fixed size offset here, not a calculated one. Note
that "ad_getentryoff(ad, ADEID_RFORK)" is equal to ADEDOFF_RFORK_DOT_UND
in this case.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 17:13:16 +0000 (19:13 +0200)]
vfs_fruit: split out truncating from ad_convert()
This may look a little ill-advised as this increases line count, but
the goal here is modularizing ad_convert() itself and making it as slick
as possible helps achieving that goal.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 14:26:46 +0000 (16:26 +0200)]
vfs_fruit: move FinderInfo lenght check to ad_convert()
The final step in consolidating all conversion related work in
ad_convert(). No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 14:25:27 +0000 (16:25 +0200)]
vfs_fruit: move FinderInfo conversion to helper function and call it from ad_convert()
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 14:14:40 +0000 (16:14 +0200)]
vfs_fruit: move storing of modified struct adouble to ad_convert()
ad_convert() modified it, so let ad_convert() also save it to disk. No
change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 4 Oct 2018 06:51:28 +0000 (08:51 +0200)]
vfs_fruit: remove unneeded fd argument from ad_convert()
Use the struct adouble member ad_fd instead of passing it as an
argument. Who did that in the first place? :)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 4 Oct 2018 06:23:59 +0000 (08:23 +0200)]
vfs_fruit: do direct return from error checks in ad_convert()
Subsequent commits will move the mmap() into the subfunctions. This
change just prepares for that.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 2 Oct 2018 12:51:05 +0000 (14:51 +0200)]
vfs_fruit: move setting ADEID_FINDERI length to ad_convert_xattr()
ad_convert_xattr() does the conversion of the xattr data in the
AppleDouble file, so we should update it's size there and should not
defer it to the caller.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 5 Oct 2018 13:12:44 +0000 (15:12 +0200)]
vfs_fruit: store filler bytes from AppleDouble file header in struct adouble
This can later be used to distinguish between macOS created AppleDouble
files and AppleDouble files created by Samba or Netatalk.
macOS: "Mac OS X "
Samba: "Netatalk "
Netatalk: "Netatalk "
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 11 Sep 2018 12:05:43 +0000 (14:05 +0200)]
vfs_fruit: fix two comments
Thanks to the recent addition of ad_convert_xattr() we now correctly
handle this case.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sun, 7 Oct 2018 16:26:47 +0000 (18:26 +0200)]
s4:torture: FinderInfo conversion test with AppleDouble without xattr data
This testcase demonstrates that the AppleDouble conversion in vfs_fruit
doesn't correctly convert the FinderInfo data from the AppleDouble file
to a stream.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13649
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Thu, 4 Oct 2018 02:30:21 +0000 (15:30 +1300)]
tests/python/ldap: use int instead of long for time_t
Python int is at least a C long; Python long disappears in Py3.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <nopower@suse.com>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Oct 10 09:28:20 CEST 2018 on sn-devel-144
Douglas Bagnall [Thu, 4 Oct 2018 02:29:02 +0000 (15:29 +1300)]
python/upgradehelpers: use int not long for PY3
int works OK for py2 also.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <nopower@suse.com>
Gary Lockyer [Sun, 30 Sep 2018 23:20:44 +0000 (12:20 +1300)]
pyauth: Remove imessaging_ctx parameter to new
The pyauth code assumes the messaging context code is a py_talloc
object. But the code in pymessaging returns a wrapped talloc object.
Removing the parameter as it's not currently used by any code.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Noel Power <nopower@suse.com>
Douglas Bagnall [Tue, 2 Oct 2018 22:42:22 +0000 (11:42 +1300)]
popt_common_creds: actually use the ignore_missing_conf flag
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Olly Betts <olly@survex.com>
Reviewed-by: Noel Power <nopower@suse.com>
Joe Guo [Tue, 21 Aug 2018 00:45:15 +0000 (12:45 +1200)]
netcmd: apply the new get_logger to cmds
This is an example of how to use the new logger.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Tue, 21 Aug 2018 00:08:59 +0000 (12:08 +1200)]
netcmd: modify Command.get_logger to use get_samba_logger
By doing this, we don't need to repeat the log level convert code any more.
Also, logs have colors now.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Mon, 20 Aug 2018 02:13:33 +0000 (14:13 +1200)]
script/traffic_replay: apply new logger to replace print
Use logger to replace print
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Mon, 20 Aug 2018 04:18:45 +0000 (16:18 +1200)]
script/traffic_replay: get debug level via api
The -d option will set samba global debug level automatically.
We should not parse and use the passed in value.
Use samba.get_debug_level instead.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Mon, 20 Aug 2018 04:31:32 +0000 (16:31 +1200)]
script/traffic_replay: print packets data to stderr
This is debug info, should print to stderr.
Otherwise it will flood stdout.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Wed, 22 Aug 2018 04:42:12 +0000 (16:42 +1200)]
emulate/traffic: apply new logger to replace print
These print are actually progress infomation, should use logger to
print to stderr, other than stdout.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Mon, 20 Aug 2018 22:48:04 +0000 (10:48 +1200)]
samba/logger: add logger module for python
We need a consitent way for logging in Samba Python code.
This module provides a factory method `get_samba_logger` to create logger,
with a reasonable default format and optional color.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Thu, 9 Aug 2018 03:49:17 +0000 (15:49 +1200)]
emulate/traffic: allow traffic_replay to run users and groups generate multiple times
When we run `traffic_replay --generate-users-only`, if we cancel it or
it breaks in middle, it won't do anything when we try to run it again.
This is because the code will check the first user/group to create. If
it's already there, then it thought task already done, and break the loop.
This commit change the behavior:
We search existing users/groups first, skip existing ones, and
create non-existing ones. So we can run it multi-times to make sure the
expected users and groups are actually created.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Tue, 9 Oct 2018 09:41:49 +0000 (11:41 +0200)]
lib: Remove lib/crypto/crc32.[ch]
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 10 01:41:52 CEST 2018 on sn-devel-144
Volker Lendecke [Tue, 9 Oct 2018 09:40:17 +0000 (11:40 +0200)]
drsuapi: Use the zlib version of crc32
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 9 Oct 2018 09:39:39 +0000 (11:39 +0200)]
auth: Use the zlib version of crc32
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 9 Oct 2018 09:04:43 +0000 (11:04 +0200)]
build: Multi-line deps
We'll add one in the next commit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 5 Oct 2018 12:49:17 +0000 (14:49 +0200)]
pdb: Reduce code duplication in make_user_info()
10 lines less and a few hundred (-O0) bytes .text less
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 9 01:22:53 CEST 2018 on sn-devel-144
Volker Lendecke [Fri, 5 Oct 2018 09:34:41 +0000 (11:34 +0200)]
pdb: Fix some "(ret == true)" to just "(ret)"
"ret" is a boolean, so this should not change semantics
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 5 Oct 2018 10:12:39 +0000 (12:12 +0200)]
pdb: Use "sid_compose" where appropriate
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 7 Oct 2018 12:47:26 +0000 (14:47 +0200)]
lib: Avoid the use of open_memstream in tevent_req_profile_string
Solaris does not have it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13629
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Oct 2018 15:42:09 +0000 (17:42 +0200)]
tdb: Basic test for circular freelist fix
Try to store a record for which the (circular) freelist does not have
any entry.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Oct 2018 19:41:27 +0000 (21:41 +0200)]
tdb: Basic test for circular hash chain fix
This just walks tdb_find by searching for a nonexistent record
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Oct 2018 15:12:42 +0000 (17:12 +0200)]
tdb: Make the freelist walk circular-safe
We can't really do the full check while the freelist is modified on the
fly. As long as we don't merge any freelist entries, we should be good
to apply this check.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Oct 2018 15:12:25 +0000 (17:12 +0200)]
tdb: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Oct 2018 14:42:45 +0000 (16:42 +0200)]
tdb: Make get_hash_length circular-safe
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Oct 2018 13:25:59 +0000 (15:25 +0200)]
tdb: Make tdb_find_dead circular-safe
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Oct 2018 13:00:15 +0000 (15:00 +0200)]
tdb: Make tdb_dump_chain circular-list safe
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Oct 2018 13:21:01 +0000 (15:21 +0200)]
tdb: Make tdb_find circular-safe
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Oct 2018 13:20:10 +0000 (15:20 +0200)]
tdb: Add tdb_chainwalk_check
This captures the tdb_rescue protection against circular hash chains
with a slow pointer updated only on every other record traverse
If a hash chain has a loop, eventually the next_ptr
will cycle around and be identical to the 'slow' pointer.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 4 Oct 2018 09:59:43 +0000 (11:59 +0200)]
registry: Don't use an uninitialized value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 2 Oct 2018 10:10:01 +0000 (12:10 +0200)]
registry: Print failure of regdb_unpack_values
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 2 Oct 2018 11:16:23 +0000 (13:16 +0200)]
registry: Add error checks to regdb_unpack_values
This makes "regdb_unpack_values" take a size_t as buflen. The only
caller calls it with TDB_DATA.dsize, which *is* size_t. Convert the
internal "len" variable to the unsigned size_t as well and add overflow
checks. This depends on tdb_unpack to either return -1 or a positive
value less than or equal to the passed-in "size_t" buflen;
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 2 Oct 2018 11:16:04 +0000 (13:16 +0200)]
registry: Add error checks to regdb_fetch_keys_internal
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>