Karolin Seeger [Fri, 21 Sep 2018 09:49:04 +0000 (11:49 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.9.1 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Fri, 21 Sep 2018 09:48:11 +0000 (11:48 +0200)]
WHATSNEW: Add release notes for Samba 4.9.1.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Andrew Bartlett [Mon, 17 Sep 2018 19:45:14 +0000 (12:45 -0700)]
s3: nmbd: Stop nmbd network announce storm.
Correct fix for. On announce, work->lastannounce_time is set
to current time t, so we must check that 't >= work->lastannounce_time',
not 't > work->lastannounce_time' otherwise we end up not
doing the comparison, and always doing the announce.
Reported by Reuben Farrelly
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13620
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Revviewe-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
1d1cd28adaba691ba434a47031fb52ff8887c728)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Fri Sep 21 12:15:13 CEST 2018 on sn-devel-144
Martin Schwenke [Mon, 3 Sep 2018 03:30:57 +0000 (13:30 +1000)]
ctdb-recoverd: Set recovery lock handle at start of attempt
This allows the attempt to be cancelled if an election is lost and an
unlock is done before the attempt is completed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Sep 18 02:18:30 CEST 2018 on sn-devel-144
(cherry picked from commit
486022ef8f43251258f255ffa15f1a01bc6aa2b7)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Thu Sep 20 12:35:23 CEST 2018 on sn-devel-144
Martin Schwenke [Mon, 3 Sep 2018 03:01:19 +0000 (13:01 +1000)]
ctdb-recoverd: Handle cancellation when releasing recovery lock
If the recovery lock is in the process of being taken then free the
cluster mutex handle but leave the recovery lock handle in place.
This allows ctdb_recovery_lock() to fail.
Note that this isn't yet live because rec->recovery_lock_handle is
still only set at the completion of the attempt to take the lock.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
b1dc5687844e90b0e3c39cb46a1116c86118fbf4)
Martin Schwenke [Tue, 11 Sep 2018 05:05:19 +0000 (15:05 +1000)]
ctdb-recoverd: Return early when the recovery lock is not held
This makes upcoming changes simpler.
Update to modern debug macro while touching relevant line.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
a755d060c13b65dfb6d73979aaf111c489882bfb)
Martin Schwenke [Mon, 3 Sep 2018 02:39:32 +0000 (12:39 +1000)]
ctdb-recoverd: Store recovery lock handle
... not just cluster mutex handle.
This makes the recovery lock handle long-lived and with allow the
releasing code to cancel an in-progress attempt to take the recovery
lock.
The cluster mutex handle is now allocated off the recovery lock
handle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
c52216740bd81b68876de06e104822bbbca86df9)
Martin Schwenke [Mon, 3 Sep 2018 01:43:44 +0000 (11:43 +1000)]
ctdb-recoverd: Use talloc() to allocate recovery lock handle
At the moment this is still local and is freed after the mutex is
successfully taken.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
a53b264aee7d620ee8ecf9114b0014c5bb678484)
Martin Schwenke [Mon, 3 Sep 2018 01:30:06 +0000 (11:30 +1000)]
ctdb-recoverd: Rename hold_reclock_state to ctdb_recovery_lock_handle
This will be a longer lived structure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
af22f03dbe9040f5f743eb85bb50d411269bbab4)
Martin Schwenke [Sat, 8 Sep 2018 22:30:50 +0000 (08:30 +1000)]
ctdb-recoverd: Re-check master on failure to take recovery lock
If the master changed while trying to take the lock then fail gracefully.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
c516e58ce92c420dc993bd9b7f1433641bd764bd)
Martin Schwenke [Sat, 8 Sep 2018 22:27:46 +0000 (08:27 +1000)]
ctdb-recoverd: Clean up taking of recovery lock
No functional changes, just coding style cleanups and debug message
tweaks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
59fc01646c7d65ba90b0a1a34c3795ff842351c5)
Martin Schwenke [Wed, 12 Sep 2018 07:51:47 +0000 (17:51 +1000)]
ctdb-cluster-mutex: Block signals around fork
If SIGTERM is received and the tevent signal handler setup in the
recovery daemon is still enabled then the signal is handled and a
corresponding event is queued. The child never runs an event loop so
the signal is effectively ignored.
Resetting the SIGTERM handler isn't enough. A signal can arrive
before that.
Block SIGTERM before forking and then immediately unblock it in the
parent.
In the child, unblock SIGTERM after the signal handler is reset. An
explicit unblock is needed because according to sigprocmask(2) "the
signal mask is preserved across execve(2)".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
e789d0da57fc3fc6d22bfa00577a2e65034ca27a)
Martin Schwenke [Wed, 12 Sep 2018 04:18:00 +0000 (14:18 +1000)]
ctdb-cluster-mutex: Reset SIGTERM handler in cluster mutex child
If SIGTERM is received and the tevent signal handler setup in the
recovery daemon is still enabled then the signal is handled and a
corresponding event is queued. The child never runs an event loop so
the signal is effectively ignored.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13617
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
5a6b139884f08ee2ee10f9d16fe56ad8fb5352a6)
Ralph Wuerthner [Tue, 11 Sep 2018 08:00:52 +0000 (10:00 +0200)]
ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13610
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Sep 12 21:50:57 CEST 2018 on sn-devel-144
(cherry picked from commit
e52abc8a44de6791dceb6f43af1db472a3d9ec37)
Günther Deschner [Fri, 31 Aug 2018 16:22:04 +0000 (18:22 +0200)]
s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds
Use spoolss initialization function to set client version information for
iremotewinspool printer operations
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Justin Stephenson [Fri, 31 Aug 2018 17:28:58 +0000 (13:28 -0400)]
s3-rpc_client: Advertise Windows 7 client info
Client printing operations currently fail against Windows
Server 2016 with Access Denied if a client os build number
lower than 6000 is advertised. Increase the default build number,
major, and minor versions to values associated with client
OS versoins Windows 7 and Windows Server 2008 R2.
The build number value specifically needs to be increased to
allow these operations to succeed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13597
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Fri, 31 Aug 2018 15:36:19 +0000 (17:36 +0200)]
s3-spoolss: Make spoolss client os_major,os_minor and os_build configurable.
Similar to spoolss server options, make the client advertised OS version
values configurable to allow overriding the defaults provided to the print server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13597
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Karolin Seeger [Thu, 13 Sep 2018 07:00:01 +0000 (09:00 +0200)]
VERSION: Bump version up to 4.9.1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 13 Sep 2018 06:59:02 +0000 (08:59 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.9.0 release
and bump version up to 4.9.0.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 13 Sep 2018 06:58:06 +0000 (08:58 +0200)]
WHATSNEW: Add release notes for Samba 4.9.0.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 13 Sep 2018 07:25:25 +0000 (09:25 +0200)]
WHATSNEW: Fix typo.
Thanks to garming@catalyst.net.nz for catching!
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Björn Baumbach [Wed, 12 Sep 2018 10:04:13 +0000 (12:04 +0200)]
WHATSNEW: 'samba-tool ou' command: manage organizational units
Signed-off-by: Björn Baumbach <bb@sernet.de>
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Thu Sep 13 11:36:40 CEST 2018 on sn-devel-144
Björn Baumbach [Wed, 5 Sep 2018 14:54:01 +0000 (16:54 +0200)]
samba_dnsupdate: honor 'dns zone scavenging' option, only update if needed
Since scavenging is implemented the samba_dnsupdate command always updates all
dns records required by the dc. This is not needed if dns zone scavenging
is not enabled.
This avoids the repeating TSIG error messages:
# samba_dnsupdate --option='dns zone scavenging = yes' 2>&1 | uniq -c
29 ; TSIG error with server: tsig verify failure
1 Failed update of 29 entries
# echo ${PIPESTATUS[0]}
29
# samba_dnsupdate --option='dns zone scavenging = no' 2>&1 | uniq -c
# echo ${PIPESTATUS[0]}
0
Note that this results in about 60 lines in the log file,
which triggered every 10 minutes ("dnsupdate:name interval=600" is the default).
This restores the behavior before
8ef42d4dab4dfaf5ad225b33f7748914f14dcd8c,
if "dns zone scavenging" is not switched on (which is still the default).
Avoiding the message from happening at all is subject for more debugging,
most likely they are caused by bugs in 'nsupdate -g' (from the bind package).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13605
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 12 Sep 2018 09:28:24 +0000 (11:28 +0200)]
WHATSNEW.txt: announce 4.9.0 trust improvements
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 6 Sep 2018 10:40:10 +0000 (12:40 +0200)]
wafsamba: Fix 'make -j<jobs>'
Currently only 'make -j' enables parallel builds and e.g. 'make -j4'
results in no parallel compile jobs at all.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13606
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Sep 7 20:24:46 CEST 2018 on sn-devel-144
(cherry picked from commit
70169d4789fe8b2ee4efe5e88eeaa80e1a641b32)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Tue Sep 11 12:01:22 CEST 2018 on sn-devel-144
Karolin Seeger [Thu, 6 Sep 2018 07:57:44 +0000 (09:57 +0200)]
VERSION: Bump version up to 4.9.0rc6...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 6 Sep 2018 07:56:43 +0000 (09:56 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.9.0rc5 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Thu, 6 Sep 2018 07:56:09 +0000 (09:56 +0200)]
WHATSNEW: Add release notes for Samba 4.9.0rc5.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Alexander Bokovoy [Fri, 16 Feb 2018 16:15:28 +0000 (18:15 +0200)]
krb5-samba: interdomain trust uses different salt principal
Salt principal for the interdomain trust is krbtgt/DOMAIN@REALM where
DOMAIN is the sAMAccountName without the dollar sign ($)
The salt principal for the BLA$ user object was generated wrong.
dn: CN=bla.base,CN=System,DC=w4edom-l4,DC=base
securityIdentifier: S-1-5-21-
4053568372-
2049667917-
3384589010
trustDirection: 3
trustPartner: bla.base
trustPosixOffset: -
2147483648
trustType: 2
trustAttributes: 8
flatName: BLA
dn: CN=BLA$,CN=Users,DC=w4edom-l4,DC=base
userAccountControl: 2080
primaryGroupID: 513
objectSid: S-1-5-21-
278041429-
3399921908-
1452754838-1597
accountExpires:
9223372036854775807
sAMAccountName: BLA$
sAMAccountType:
805306370
pwdLastSet:
131485652467995000
The salt stored by Windows in the package_PrimaryKerberosBlob
(within supplementalCredentials) seems to be
'W4EDOM-L4.BASEkrbtgtBLA' for the above trust
and Samba stores 'W4EDOM-L4.BASEBLA$'.
While the salt used when building the keys from
trustAuthOutgoing/trustAuthIncoming is
'W4EDOM-L4.BASEkrbtgtBLA.BASE', which we handle correct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 5 03:57:22 CEST 2018 on sn-devel-144
(cherry picked from commit
f3e349bebc443133fdbe4e14b148ca8db8237060)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Wed Sep 5 15:40:53 CEST 2018 on sn-devel-144
Stefan Metzmacher [Tue, 4 Sep 2018 08:53:52 +0000 (10:53 +0200)]
testprogs/blackbox: let test_trust_user_account.sh check the correct kerberos salt
This demonstrates the bug we currently have.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
1b31fa62567ec549e32c9177b322cfbfb3b6ec1a)
Stefan Metzmacher [Tue, 4 Sep 2018 08:38:44 +0000 (10:38 +0200)]
testprogs/blackbox: add testit[_expect_failure]_grep() to subunit.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
8526feb100e59bc5a15ceb940e6cecce0de59247)
Stefan Metzmacher [Tue, 4 Sep 2018 08:16:59 +0000 (10:16 +0200)]
samba-tool: add virtualKerberosSalt attribute to 'user getpassword/syncpasswords'
This might be useful for someone, but at least it's very useful for
tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
39c281a23673691bab621de1a632d64df2c1c102)
Alexander Bokovoy [Fri, 16 Feb 2018 16:15:28 +0000 (18:15 +0200)]
s4:selftest: test kinit with the interdomain trust user account
To test it, add a blackbox test that ensures we pass a keytab-based
authentication with the trust user account for a trusted domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
7df505298f71432d5adbcffccde8f97c117a57a6)
Volker Lendecke [Tue, 7 Aug 2018 13:10:31 +0000 (15:10 +0200)]
vfs_fruit: Don't unlink the main file
The original fix for bug 13441 was missing a check that verifies that
fruit_ftruncate() is actually called on a stream.
Follow-up to
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Aug 23 15:28:48 CEST 2018 on sn-devel-144
(cherry picked from commit
8c14234871820eacde46670d722a676fb5f3a46c)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Tue Sep 4 15:59:02 CEST 2018 on sn-devel-144
Volker Lendecke [Tue, 7 Aug 2018 13:11:22 +0000 (15:11 +0200)]
torture: Make sure that fruit_ftruncate only unlinks streams
Follow-up to
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
c39ec64231b261fe4ada02f1f1b9aa344cf35bb5)
Ralph Boehme [Thu, 30 Aug 2018 13:57:33 +0000 (15:57 +0200)]
s3:smbd: add a comment stating that file_close_user() is redundant for SMB2
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Sep 1 01:26:35 CEST 2018 on sn-devel-144
(cherry picked from commit
5d95f79f604d90c2646225a0f2470f05dd71e19e)
Ralph Boehme [Wed, 29 Aug 2018 15:19:29 +0000 (17:19 +0200)]
s3:smbd: let session logoff close files and tcons before deleting the session
This avoids a race in durable handle reconnects if the reconnect comes
in while the old session is still in the tear-down phase.
The new session is supposed to rendezvous with and wait for destruction
of the old session, which is internally implemented with
dbwrap_watch_send() on the old session record.
If the old session deletes the session record before calling
file_close_user() which marks all file handles as disconnected, the
durable handle reconnect in the new session will fail as the records are
not yet marked as disconnected which is a prerequisite.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
8f6edcc1645e0ed35eaec914bd0b672500ce986c)
Ralph Boehme [Thu, 30 Aug 2018 13:50:02 +0000 (15:50 +0200)]
s3:smbd: reorder tcon global record deletion and closing files of a tcon
As such, this doesn't change overall behaviour, but in case we ever add
semantics acting on tcon record changes via an API like
dbwrap_watch_send(), this will make a difference as it enforces
ordering.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
b70b8503faded81b10859131f08486349876d132)
Ralph Boehme [Thu, 30 Aug 2018 17:15:19 +0000 (19:15 +0200)]
selftest: add a durable handle test with delayed disconnect
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
5508024a861e7c85e6c837552ad142aa1d5e8eca)
Ralph Boehme [Fri, 31 Aug 2018 06:28:46 +0000 (08:28 +0200)]
s4:selftest: reformat smb2_s3only list
No change besides reformatting the list to one entry per line.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3255822f75163cb38e53f634a5c6b03d46bfaff1)
Ralph Boehme [Thu, 30 Aug 2018 15:27:08 +0000 (17:27 +0200)]
vfs_delay_inject: adding delay to VFS calls
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13549
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
44840ba5b32a2ce7959fd3d7c87822b3159416d3)
Stefan Metzmacher [Tue, 28 Aug 2018 10:52:31 +0000 (12:52 +0200)]
s4:rpc_server/netlogon: don't treet trusted domains as primary in LogonGetDomainInfo()
We need to handle trusted domains differently than our primary
domain. The most important part is that we don't return
NETR_TRUST_FLAG_PRIMARY for them.
NETR_TRUST_FLAG_{INBOUND,OUTBOUND,IN_FOREST} are the relavant flags
for trusts.
This is an example of what Windows returns in a complex trust
environment:
netr_LogonGetDomainInfo: struct netr_LogonGetDomainInfo
out: struct netr_LogonGetDomainInfo
return_authenticator : *
return_authenticator: struct netr_Authenticator
cred: struct netr_Credential
data :
f48b51ff12ff8c6c
timestamp : Tue Aug 28 22:59:03 2018 CEST
info : *
info : union netr_DomainInfo(case 1)
domain_info : *
domain_info: struct netr_DomainInformation
primary_domain: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x0014 (20)
size : 0x0016 (22)
string : *
string : 'W2012R2-L4'
dns_domainname: struct lsa_StringLarge
length : 0x0020 (32)
size : 0x0022 (34)
string : *
string : 'w2012r2-l4.base.'
dns_forestname: struct lsa_StringLarge
length : 0x0020 (32)
size : 0x0022 (34)
string : *
string : 'w2012r2-l4.base.'
domain_guid :
0a133c91-8eac-4df0-96ac-
ede69044a38b
domain_sid : *
domain_sid : S-1-5-21-
2930975464-
1937418634-
1288008815
trust_extension: struct netr_trust_extension_container
length : 0x0000 (0)
size : 0x0000 (0)
info : NULL
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domain_count : 0x00000006 (6)
trusted_domains : *
trusted_domains: ARRAY(6)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x000e (14)
size : 0x0010 (16)
string : *
string : 'FREEIPA'
dns_domainname: struct lsa_StringLarge
length : 0x0018 (24)
size : 0x001a (26)
string : *
string : 'freeipa.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid :
00000000-0000-0000-0000-
000000000000
domain_sid : *
domain_sid : S-1-5-21-
429948374-
2562621466-
335716826
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x00000022 (34)
0: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
1: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000000 (0)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000008 (8)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x0016 (22)
size : 0x0018 (24)
string : *
string : 'S1-W2012-L4'
dns_domainname: struct lsa_StringLarge
length : 0x0036 (54)
size : 0x0038 (56)
string : *
string : 's1-w2012-l4.w2012r2-l4.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid :
afe7fbde-af82-46cf-88a2-
2df6920fc33e
domain_sid : *
domain_sid : S-1-5-21-
1368093395-
3821428921-
3924672915
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x00000023 (35)
1: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
1: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000004 (4)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000020 (32)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
1: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x0006 (6)
size : 0x0008 (8)
string : *
string : 'BLA'
dns_domainname: struct lsa_StringLarge
length : 0x0010 (16)
size : 0x0012 (18)
string : *
string : 'bla.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid :
00000000-0000-0000-0000-
000000000000
domain_sid : *
domain_sid : S-1-5-21-
4053568372-
2049667917-
3384589010
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x00000022 (34)
0: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
1: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000000 (0)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000008 (8)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x000c (12)
size : 0x000e (14)
string : *
string : 'S4XDOM'
dns_domainname: struct lsa_StringLarge
length : 0x0016 (22)
size : 0x0018 (24)
string : *
string : 's4xdom.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid :
00000000-0000-0000-0000-
000000000000
domain_sid : *
domain_sid : S-1-5-21-
313966788-
4060240134-
2249344781
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x00000022 (34)
0: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
1: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000000 (0)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000008 (8)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
1: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x0014 (20)
size : 0x0016 (22)
string : *
string : 'W2012R2-L4'
dns_domainname: struct lsa_StringLarge
length : 0x001e (30)
size : 0x0020 (32)
string : *
string : 'w2012r2-l4.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid :
0a133c91-8eac-4df0-96ac-
ede69044a38b
domain_sid : *
domain_sid : S-1-5-21-
2930975464-
1937418634-
1288008815
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x0000001d (29)
1: NETR_TRUST_FLAG_IN_FOREST
0: NETR_TRUST_FLAG_OUTBOUND
1: NETR_TRUST_FLAG_TREEROOT
1: NETR_TRUST_FLAG_PRIMARY
1: NETR_TRUST_FLAG_NATIVE
0: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000000 (0)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000000 (0)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
trusted_domains: struct netr_OneDomainInfo
domainname: struct lsa_StringLarge
length : 0x0016 (22)
size : 0x0018 (24)
string : *
string : 'S2-W2012-L4'
dns_domainname: struct lsa_StringLarge
length : 0x004e (78)
size : 0x0050 (80)
string : *
string : 's2-w2012-l4.s1-w2012-l4.w2012r2-l4.base'
dns_forestname: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
domain_guid :
29daace6-cded-4ce3-a754-
7482a4d9127c
domain_sid : *
domain_sid : S-1-5-21-
167342819-
981449877-
2130266853
trust_extension: struct netr_trust_extension_container
length : 0x0010 (16)
size : 0x0010 (16)
info : *
info: struct netr_trust_extension
length : 0x00000008 (8)
dummy : 0x00000000 (0)
size : 0x00000008 (8)
flags : 0x00000001 (1)
1: NETR_TRUST_FLAG_IN_FOREST
0: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
0: NETR_TRUST_FLAG_PRIMARY
0: NETR_TRUST_FLAG_NATIVE
0: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
parent_index : 0x00000001 (1)
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000000 (0)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_long1 : 0x00000000 (0)
dummy_long2 : 0x00000000 (0)
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
lsa_policy: struct netr_LsaPolicyInformation
policy_size : 0x00000000 (0)
policy : NULL
dns_hostname: struct lsa_StringLarge
length : 0x0036 (54)
size : 0x0038 (56)
string : *
string : 'torturetest.w2012r2-l4.base'
dummy_string2: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string3: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
dummy_string4: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : NULL
workstation_flags : 0x00000003 (3)
1: NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS
1: NETR_WS_FLAG_HANDLES_SPN_UPDATE
supported_enc_types : 0x0000001f (31)
1: KERB_ENCTYPE_DES_CBC_CRC
1: KERB_ENCTYPE_DES_CBC_MD5
1: KERB_ENCTYPE_RC4_HMAC_MD5
1: KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96
1: KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96
0: KERB_ENCTYPE_FAST_SUPPORTED
0: KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED
0: KERB_ENCTYPE_CLAIMS_SUPPORTED
0: KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED
dummy_long3 : 0x00000000 (0)
dummy_long4 : 0x00000000 (0)
result : NT_STATUS_OK
Best viewed with: git show --histogram -w
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
2099add0657126e4a5427ec2db0fe8025478b355)
Stefan Metzmacher [Tue, 28 Aug 2018 14:30:17 +0000 (16:30 +0200)]
s4:rpc_server/netlogon: make use of talloc_zero_array() for the netr_OneDomainInfo array
It's much safer than having uninitialized memory when we hit an error
case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ef0b489ad0d93199e08415dd895da5cfe2d1c11a)
Stefan Metzmacher [Tue, 28 Aug 2018 09:46:16 +0000 (11:46 +0200)]
s4:rpc_server/netlogon: use samdb_domain_guid()/dsdb_trust_local_tdo_info() to build our netr_OneDomainInfo values
The logic for constructing the values for our own primary domain differs
from the values of trusted domains. In order to make the code easier to
understand we have a new fill_our_one_domain_info() helper that
only takes care of our primary domain.
The cleanup for the trust case will follow in a separate commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
61333f7787d78e3ec5c7bd2874d5a0f1f536275a)
Stefan Metzmacher [Tue, 28 Aug 2018 09:52:27 +0000 (11:52 +0200)]
s4:dsdb/common: add samdb_domain_guid() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
0e442e094240abbf79aaca00a9d1a053a200a7e8)
Stefan Metzmacher [Thu, 1 Feb 2018 22:09:26 +0000 (23:09 +0100)]
dsdb:util_trusts: add dsdb_trust_local_tdo_info() helper function
This is similar to dsdb_trust_xref_tdo_info(), but will also work
if we ever support more than one domain in our forest.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
c1b0ac95db5c6112d90356c7ada8c3d445e9b668)
Stefan Metzmacher [Thu, 1 Feb 2018 22:08:08 +0000 (23:08 +0100)]
dsdb/util_trusts: domain_dn is an input parameter of dsdb_trust_crossref_tdo_info()
We should not overwrite it within the function.
Currently it doesn't matter as we don't have multiple domains
within our forest, but that will change in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
f5f96f558b499770cdeb3d38998167a387e058b9)
Stefan Metzmacher [Tue, 28 Aug 2018 15:46:46 +0000 (17:46 +0200)]
s4:torture/rpc/netlogon: verify the trusted domains output of LogonGetDomainInfo()
This makes sure we don't treat trusted domains in the same way we treat
our primary domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
d5dd8fdc647d6a202c5da0451d395116c2cd92b9)
Stefan Metzmacher [Mon, 3 Sep 2018 07:55:18 +0000 (09:55 +0200)]
s4:torture/rpc/netlogon: assert that cli_credentials_get_{workstation,password} don't return NULL
This is better that generating a segfault while dereferencing a NULL
pointer later.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11517
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
dffc182c6943d21513d8db9f6cf66bdc09206b17)
Volker Lendecke [Mon, 3 Sep 2018 13:54:48 +0000 (15:54 +0200)]
smbd: Fix a memleak in async search ask sharemode
fetch_share_mode_unlocked_parser() takes a "struct
fetch_share_mode_unlocked_state *" as
"private_data". fetch_share_mode_send() used a talloc_zero'ed "struct
share_mode_lock". This lead to the parser putting a "struct
share_mode_lock on the NULL talloc_context where nobody really picked it
up.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13602
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit
0bd109b733fbce774feae2142d25f7e828b56bcb)
Martin Schwenke [Mon, 3 Sep 2018 06:12:16 +0000 (16:12 +1000)]
ctdb-daemon: Log complete eventd startup command
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
6d3d9a85e5630ba398ac953ad1515155f10224d9)
Martin Schwenke [Mon, 27 Aug 2018 04:53:37 +0000 (14:53 +1000)]
ctdb-daemon: Do not retry connection to eventd
Confirmation is now received from eventd that it is accepting
connections, so this is no longer needed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
b430a1ace69bcef3336907557ab5bf04271c1110)
Martin Schwenke [Mon, 27 Aug 2018 04:47:38 +0000 (14:47 +1000)]
ctdb-daemon: Wait for eventd to be ready before connecting
The current method of retrying the connection to eventd means that
messages get logged for each failure.
Instead, pass a pipe file descriptor to eventd and wait for it to
write 0 to the pipe to indicate that it is ready to accept client
connections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
62ec1ab1470206d6a2cf300f30ca0b4a39413a38)
Martin Schwenke [Mon, 27 Aug 2018 04:44:24 +0000 (14:44 +1000)]
ctdb-daemon: Open eventd pipe earlier
The pipe will soon be needed earlier, so initialise it earlier.
Ensure the file descriptors are closed on error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
c446ae5e1382d5e32c33ce92243daf6b4338e15a)
Martin Schwenke [Mon, 27 Aug 2018 05:28:47 +0000 (15:28 +1000)]
ctdb-daemon: Improve error handling consistency
Other errors free argv, so do it here too.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
e357b62fe556609750bdb8d27cf48dfb85c62ec8)
Martin Schwenke [Fri, 24 Aug 2018 04:52:29 +0000 (14:52 +1000)]
ctdb-event: Add support to eventd for the startup notification FD
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
11ee92d1bfd73c509d90e7a7386af60a4e1a7fca)
Martin Schwenke [Fri, 24 Aug 2018 04:44:12 +0000 (14:44 +1000)]
ctdb-common: Add support for sock daemon to notify of successful startup
The daemon writes 0 into the specified file descriptor when it is up
and listening. This can be used to avoid loops in clients that
attempt to connect until they succeed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13592
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
dc6040c121c65d5551c686f3f1be2891795f48aa)
Martin Schwenke [Thu, 30 Aug 2018 23:35:14 +0000 (09:35 +1000)]
ctdb-common: Process the whole config file even if an error occurs
At the moment multiple errors will be encountered one at a time, on
each load or validate. Instead, allow all configuration errors to
printed in a single pass.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
4f1727fe0bf2b0962a5d131d60a416b8f459ad94)
Martin Schwenke [Thu, 30 Aug 2018 22:42:04 +0000 (08:42 +1000)]
ctdb-common: Avoid ENOENT for unknown conf options
Only use ENOENT for missing configuration file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
920ed66ba7e874ca23d72fff9342fbd64a1e329f)
Martin Schwenke [Thu, 30 Aug 2018 22:45:25 +0000 (08:45 +1000)]
ctdb-common: Avoid ENOENT for unknown conf type tags
Only use ENOENT for missing configuration file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
f1084400387c0b1257b6d92ee6e8a89504d788fc)
Martin Schwenke [Thu, 30 Aug 2018 23:34:12 +0000 (09:34 +1000)]
ctdb-common: Log a message when an invalid conf value is encountered
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
a017d3181ac1062b66ae506a8a523f7455630fce)
Martin Schwenke [Thu, 30 Aug 2018 22:32:12 +0000 (08:32 +1000)]
ctdb-common: Log a message for unknown conf option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
ebb28c57a17777ea15afab63cd0742dd79b30ffe)
Martin Schwenke [Fri, 31 Aug 2018 09:57:56 +0000 (19:57 +1000)]
ctdb-common: Fix log message for conf option with unknown section
This covers both options that appear before a section and options in
unknown sections.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
421d828f6cb7c13d5f33c6cc1c6be254554588a4)
Martin Schwenke [Thu, 30 Aug 2018 23:06:51 +0000 (09:06 +1000)]
ctdb-daemon: Drop incorrect log message
The message is incorrect because the actual failure was loading the
config file. Instead of fixing the message, drop it because
ctdb_config_load() already logs the failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
b5453bc27add11a7288772a59adcc605328b9098)
Paulo Alcantara [Fri, 17 Aug 2018 14:30:16 +0000 (11:30 -0300)]
s3: util: Do not take over stderr when there is no log file
In case we don't have either a /var/log/samba directory, or pass a
non-existent log directory through '-l' option, all commands that are
daemonized with '-D' option hang when executed within a subshell.
An example on how to trigger that:
# rm -r /var/log/samba
# s=$(nmbd -D -s /etc/samba/smb.conf -l /foo123)
(never returns)
So, when the above command is executed within a subshell the following
happens:
(a) Parent shell creates a pipe, sets write side of it to fd 1
(stdout), call read() on read-side fd, forks off a new child process
and then executes nmbd in it.
(b) nmbd sets up initial logging to go through fd 1 (stdout) by
calling setup_logging(..., DEBUG_DEFAULT_STDOUT). 'state.fd' is now
set to 1.
(c) reopen_logs() is called by the first time which then calls
reopen_logs_internal()
(d) in reopen_logs_internal(), it attempts to create log.nmbd file in
/foo123 directory and fails because directory doesn't exist.
(e) Regardless whether the log file was created or not, it calls
dup2(state.fd, 2) which dups fd 1 into fd 2.
(f) At some point, fd 0 and 1 are closed and set to /dev/null
The problem with that is because parent shell in (a) is still blocked in
read() call and the new write side of the pipe is now fd 2 -- after
dup2() in (e) -- and remains unclosed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13578
Signed-off-by: Paulo Alcantara <palcantara@suse.de>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 18 01:32:25 CEST 2018 on sn-devel-144
(cherry picked from commit
41aa55f49233ea7682cf14e5a7062617274434ce)
Jeremy Allison [Fri, 24 Aug 2018 20:37:27 +0000 (13:37 -0700)]
s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only returns absolute pathnames.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13565
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Aug 27 20:23:55 CEST 2018 on sn-devel-144
(cherry picked from commit
4d72ebb821518c25e4759ad697d5e18257f80765)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Fri Aug 31 15:29:32 CEST 2018 on sn-devel-144
Jeremy Allison [Fri, 24 Aug 2018 20:17:24 +0000 (13:17 -0700)]
s3: VFS: vfs_full_audit: Add $cwd arg to smb_fname_str_do_log().
Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13565
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
59f13347260f5c4367c709eb07139f2ba7ddad72)
Karolin Seeger [Wed, 29 Aug 2018 10:02:21 +0000 (12:02 +0200)]
VERSION: Bump version up to 4.9.0rc5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 29 Aug 2018 10:00:46 +0000 (12:00 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.9.0rc4 release.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Karolin Seeger [Wed, 29 Aug 2018 06:59:25 +0000 (08:59 +0200)]
WHATSNEW: Add changes since RC3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Martin Schwenke [Sun, 26 Aug 2018 10:28:39 +0000 (20:28 +1000)]
WHATSNEW: More CTDB updates for 4.9
This includes descriptions of some final configuration changes as well
as an overall mapping between old and new configuration options.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Tue Aug 28 14:08:58 CEST 2018 on sn-devel-144
Martin Schwenke [Fri, 24 Aug 2018 07:37:38 +0000 (17:37 +1000)]
ctdb-tests: Check that no IPs are assigned when failover is disabled
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Aug 24 14:13:12 CEST 2018 on sn-devel-144
(cherry picked from commit
6fb80cbffb9cb8cba6abc3fbce228811d36e8c9a)
Martin Schwenke [Mon, 20 Aug 2018 20:55:33 +0000 (06:55 +1000)]
ctdb-tests: Add an extra conf loading test case
This shows that config file loading continues in spite of unknown keys
if ignore_unknown is true.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
55893bf8d2cc7e01b3a93d8e1fde16408244cb65)
Martin Schwenke [Tue, 21 Aug 2018 07:25:53 +0000 (17:25 +1000)]
ctdb-doc: Switch tunable DisableIPFailover to a config option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
78aad7623e100f05a7dfc142fba7ff2b0eba1913)
Martin Schwenke [Tue, 21 Aug 2018 03:41:22 +0000 (13:41 +1000)]
ctdb-config: Switch tunable DisableIPFailover to a config option
Use the "failover:disabled" option instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
929634126a334e380f16c080b59d062873b4e5f9)
Martin Schwenke [Tue, 21 Aug 2018 01:44:03 +0000 (11:44 +1000)]
ctdb-config: Integrate failover options into conf-tool
Update and add tests accordingly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
d003a41a9cb9ea97a7da9dbb5bd3138f82da6cf1)
Martin Schwenke [Tue, 21 Aug 2018 01:30:39 +0000 (11:30 +1000)]
ctdb-failover: Add failover configuration options
Only a "disabled" option for now. Not documented because it isn't
used yet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
893dd623dfdec4d5c5da07f933069e4534fe58ae)
Martin Schwenke [Tue, 21 Aug 2018 01:18:34 +0000 (11:18 +1000)]
ctdb-tests: Drop DisableIPFailover simple test
This is about to become a config file option that can't be dynamically
changed at run-time, so drop this test for now. This test will be added
once the tunable becomes a config file option.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
8e160d331aaccd64b1a767c0bde9e310c80afe06)
Martin Schwenke [Mon, 20 Aug 2018 23:36:00 +0000 (09:36 +1000)]
ctdb-daemon: Pass DisableIPFailover tunable via environment variable
Preparation for obsoleting this tunable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
914e9f22d85b9274871b7c7d5486354928080e51)
Martin Schwenke [Mon, 20 Aug 2018 03:43:38 +0000 (13:43 +1000)]
ctdb-common: Allow boolean configuration values to have yes/no values
This make the new configuration style more consistent with the old one.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
21de59ab7fe53240380b9a9a5b32d5af32d34237)
Martin Schwenke [Tue, 21 Aug 2018 03:51:40 +0000 (13:51 +1000)]
ctdb-doc: Switch tunable TDBMutexEnabled to a config option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
a9758f413d06b0d114f4e5a0e053bbc8956c60b7)
Martin Schwenke [Mon, 20 Aug 2018 05:01:50 +0000 (15:01 +1000)]
ctdb-config: Switch tunable TDBMutexEnabled to a config option
Use the "database:tdb mutexes" option instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
f42486e8912eee45eb75d27b753bb74c3b37d80b)
Martin Schwenke [Mon, 20 Aug 2018 09:09:45 +0000 (19:09 +1000)]
ctdb-doc: Add support for migrating tunables to ctdb.conf options
This will become common, so will be useful to have support for.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
8ddfc26d79fda2fd0265f370a4c08dc584e6a6ac)
Martin Schwenke [Tue, 21 Aug 2018 03:45:32 +0000 (13:45 +1000)]
ctdb-doc: Change option "no realtime" option to "realtime scheduling"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
43adcd717cee689c2d0386bd2aa2878006aa9217)
Martin Schwenke [Mon, 20 Aug 2018 03:35:33 +0000 (13:35 +1000)]
ctdb-config: Change option "no realtime" option to "realtime scheduling"
Negative options can be confusing, so switch to a positive option.
This was supposed to be done months ago but was forgotten.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
17068e756b9e46f7a6c77d533ef1777173bb3795)
Martin Schwenke [Mon, 20 Aug 2018 03:29:52 +0000 (13:29 +1000)]
ctdb-doc: Handle boolean options in config migration more carefully
Values for ctdb.conf options are now returned by
get_ctdb_conf_option(). The main goal is to allow old boolean options
to be replaced by new logically negated options.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
64d4a7ae5ac3aed2b1b9e7ab85c372e6900826ac)
Martin Schwenke [Mon, 20 Aug 2018 03:38:25 +0000 (13:38 +1000)]
ctdb-doc: Make config migration script notice removed CTDB_BASE option
This should never have been a user-level option, but some people used
it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13589
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
d4afb60a24b932a0b7a0c2f27526f41d0bf38fc2)
Martin Schwenke [Mon, 13 Aug 2018 02:18:51 +0000 (12:18 +1000)]
ctdb-common: Fix aliasing issue in IPv6 checksum
Since commit
9c51b278b1700cd5f3e2addc19b7c711cc2ea10b the compiler has
been able to inline the affected call to uint16_checksum(). Given
that the data (phdr) is being accessed by an incompatible
pointer (data) there is an aliasing problem when the call is inlined.
This results in incorrect behaviour with -O2/-O3 when compiling with
at least GCC 6, 7, and 8.
Fix this by making the types compatible.
Also fixes CID
1437604 (Reliance on integer endianness). This is a
false positive because the uint16_checksum doesn't depend on the order
of the input uint16_t items.
https://bugzilla.samba.org/show_bug.cgi?id=13588
Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit
48335725deecdbdb24a9176cf31e9611c9deda49)
Jeremy Allison [Tue, 21 Aug 2018 19:05:34 +0000 (12:05 -0700)]
s3: smbd: Ensure get_real_filename() copes with empty pathnames.
Needed for vfs_glusterfs, as Gluster requires "." not '\0'.
Based on a fix from Anoop C S <anoopcs@redhat.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13585
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 22 21:50:41 CEST 2018 on sn-devel-144
(cherry picked from commit
9c71f61ed8a31d287d343d4f2e68cb40c57a2b89)
Volker Lendecke [Mon, 6 Aug 2018 12:35:15 +0000 (14:35 +0200)]
torture: Demonstrate the invalid lock order panic
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 21 02:33:05 CEST 2018 on sn-devel-144
(cherry picked from commit
ec3c37ee53f21d8c0e80b1d3b3d7e95a4ac8e0bc)
Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Thu Aug 23 14:28:49 CEST 2018 on sn-devel-144
Volker Lendecke [Mon, 6 Aug 2018 12:33:34 +0000 (14:33 +0200)]
vfs_fruit: Fix a leak of "br_lck"
Fix a panic if fruit_access_check detects a locking conflict.
do_lock() returns a valid br_lck even in case of a locking conflict.
Not free'ing it leads to a invalid lock order panic later, because
"br_lck" corresponds to a dbwrap lock on brlock.tdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
51d57073798f76ec4f1261945e0ba779b2530009)
Andreas Schneider [Fri, 17 Aug 2018 10:06:38 +0000 (12:06 +0200)]
python: Fix print in dns_invalid.py
https://bugzilla.samba.org/show_bug.cgi?id=13580
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Sat Aug 18 15:21:39 CEST 2018 on sn-devel-144
(cherry picked from commit
9ee4d9466e42ef419ddbb39efbc476532cd221d3)
Alexander Bokovoy [Thu, 12 Jul 2018 07:19:41 +0000 (10:19 +0300)]
wafsamba/samba_abi: always hide ABI symbols which must be local
binutils 2.31 is going to change how shared libraries are linked, such
that they always provide their own local definitions of the _end, _edata
and _bss_start symbols. This would all be fine, except for shared
libraries that export all symbols be default. (Rather than just
exporting those symbols that form part of their API).
According to binutils developers, we should only export the symbols we
explicitly want to be used. We don't use this principle for all our
libraries and deliberately don't want to have ABI versioning control for
all of them, so the change I introduce here is to explicitly mark those
symbols that will always be added by default linker configuration with
binutils 2.31 as local. Right now these are '_end', '_edata', and
'__bss_start' symbols.
Fixes: https://bugzilla.samba.org/show_bug.cgi?id=13579
Cherry-picked from commit
4e123c46820e737968fa3d1c594aa016cca39637
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Christof Schmitt [Fri, 10 Aug 2018 17:38:28 +0000 (10:38 -0700)]
selftest: Load time_audit and full_audit modules for all tests
Previously the only test was to load these modules to trigger the
smb_vfs_assert_all_fns check. As these modules just pass through the
calls, they can be loaded for all tests to ensure that the codepaths are
exercised. This would have found the problem in
smb_time_audit_offload_read_recv.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13568
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 13 22:35:20 CEST 2018 on sn-devel-144
(cherry picked from commit
a98f09a09db2fc7be85f9171b586e65344a39e92)
Ralph Wuerthner [Wed, 8 Aug 2018 15:42:18 +0000 (17:42 +0200)]
s3: vfs: time_audit: fix handling of token_blob in smb_time_audit_offload_read_recv()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13568
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4909b966050c921b0a6a32285fee55f5f14dc3ff)
Andreas Schneider [Tue, 14 Aug 2018 16:55:33 +0000 (18:55 +0200)]
s3:libads: Free addr before we free the context
Introduced by
dbdbd4875ecac3e7334750f46f1f494b7afe6628
CID
1438395
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 14 22:02:06 CEST 2018 on sn-devel-144
(cherry picked from commit
9eccf6a16f5b198181a4fa80b835b1a65b40ed76)
Andreas Schneider [Thu, 9 Aug 2018 14:38:49 +0000 (16:38 +0200)]
s3:winbind: Fix memory leak in nss_init()
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567
Pair-Programmed-With: Justin Stephenson <jstephen@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
4c0b49b3f982a3a3013a3b6fef3c10b1ca7d2ab0)
Andreas Schneider [Thu, 9 Aug 2018 14:15:10 +0000 (16:15 +0200)]
s3:registry: Fix possible memory leak in _reg_perfcount_multi_sz_from_tdb()
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567
Pair-Programmed-With: Justin Stephenson <jstephen@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 11 04:43:15 CEST 2018 on sn-devel-144
(cherry picked from commit
3e6ce5c6e679fdb39ed8142bf5e1ed4105164826)
Andreas Schneider [Thu, 9 Aug 2018 14:02:16 +0000 (16:02 +0200)]
s3:libads: Fix memory leaks in ads_krb5_chg_password()
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567
Pair-Programmed-With: Justin Stephenson <jstephen@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
dbdbd4875ecac3e7334750f46f1f494b7afe6628)
Andreas Schneider [Thu, 9 Aug 2018 13:58:32 +0000 (15:58 +0200)]
s3:client: Avoid a possible fd leak in do_get()
Found by covscan.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567
Pair-Programmed-With: Justin Stephenson <jstephen@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit
3d32c0263b072e19335eba1451840284409ecb61)