From 248c234e06bf09a7f6ca3f6cafbac47baea7b302 Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Tue, 15 Jan 2019 11:02:10 +0100 Subject: [PATCH 01/47] VERSION: Bump version up to 4.10.0rc2... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger Reviewed-by: Stefan Metzmacher (replaces commit 75106e05b42e5d4629aacfa941213745d9d6e819) --- VERSION | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index fde61a99da4..60f28019c64 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # ######################################################## -SAMBA_VERSION_RC_RELEASE=1 +SAMBA_VERSION_RC_RELEASE=2 ######################################################## # To mark SVN snapshots this should be set to 'yes' # @@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE=1 # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # ######################################################## -SAMBA_VERSION_IS_GIT_SNAPSHOT=no +SAMBA_VERSION_IS_GIT_SNAPSHOT=yes ######################################################## # This is for specifying a release nickname # -- 2.17.1 From 529b29203d4263bb2e3263e7d873f74f5236814a Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Mon, 14 Jan 2019 10:36:47 -0500 Subject: [PATCH 02/47] s3:libsmb: Honor disable_netbios option in smbsock_connect_send If disable_netbios is set, return before the tevent timer is triggered to prevent outgoing netbios connections. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727 Signed-off-by: Justin Stephenson Reviewed-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit c324f84a2fa25e29d2f7879fbcd35ce0e76a78f8) --- source3/libsmb/smbsock_connect.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/source3/libsmb/smbsock_connect.c b/source3/libsmb/smbsock_connect.c index bb3cb07646c..be52b9a4f79 100644 --- a/source3/libsmb/smbsock_connect.c +++ b/source3/libsmb/smbsock_connect.c @@ -415,6 +415,13 @@ struct tevent_req *smbsock_connect_send(TALLOC_CTX *mem_ctx, tevent_req_set_callback(state->req_445, smbsock_connect_connected, req); + /* + * Check for disable_netbios + */ + if (lp_disable_netbios()) { + return req; + } + /* * After 5 msecs, fire the 139 (NBT) request */ -- 2.17.1 From f43abe39d56b772628a6b9f803f0bf68f5870d08 Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Fri, 14 Dec 2018 10:37:11 +1300 Subject: [PATCH 03/47] python/gpclass: Convert gpclass to use s3 SMB Python bindings BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Jeremy Allison (cherry picked from commit 3b2e86bba1f6b22b144b07db454b842f0c0779ae) --- python/samba/gpclass.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py index fb7c705a47e..0040f235e6e 100644 --- a/python/samba/gpclass.py +++ b/python/samba/gpclass.py @@ -29,7 +29,8 @@ import xml.etree.ElementTree as etree import re from samba.net import Net from samba.dcerpc import nbt -from samba import smb +from samba.samba3 import libsmb_samba_internal as libsmb +from samba.samba3 import param as s3param import samba.gpo as gpo from samba.param import LoadParm from uuid import UUID @@ -386,7 +387,7 @@ def cache_gpo_dir(conn, cache, sub_dir): if e.errno != errno.EEXIST: raise for fdata in conn.list(sub_dir): - if fdata['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY: + if fdata['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY: cache_gpo_dir(conn, cache, os.path.join(sub_dir, fdata['name'])) else: local_name = fdata['name'].upper() @@ -407,7 +408,10 @@ def check_safe_path(path): def check_refresh_gpo_list(dc_hostname, lp, creds, gpos): - conn = smb.SMB(dc_hostname, 'sysvol', lp=lp, creds=creds, sign=True) + # the SMB bindings rely on having a s3 loadparm + s3_lp = s3param.get_context() + s3_lp.load(lp.configfile) + conn = libsmb.Conn(dc_hostname, 'sysvol', lp=s3_lp, creds=creds, sign=True) cache_path = lp.cache_path('gpo_cache') for gpo in gpos: if not gpo.file_sys_path: -- 2.17.1 From 3ed03bd24eb6c236df23025aa25b9618a2d76a25 Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Tue, 8 Jan 2019 14:42:05 +1300 Subject: [PATCH 04/47] s3:pylibsmb: Add .set_acl API to SMB py bindings This is pretty similar code to py_smb_getacl(), except it's calling cli_set_security_descriptor() instead of cli_query_security_descriptor() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Jeremy Allison (cherry picked from commit b982811b60521624f1f600841ffa05e306eb936a) --- source3/libsmb/pylibsmb.c | 51 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c index e0ce518d91b..ee1d91b90ed 100644 --- a/source3/libsmb/pylibsmb.c +++ b/source3/libsmb/pylibsmb.c @@ -1525,6 +1525,54 @@ static PyObject *py_smb_getacl(struct py_cli_state *self, PyObject *args) sd, sd); } +/* + * Set ACL on file/directory using given security descriptor object + */ +static PyObject *py_smb_setacl(struct py_cli_state *self, PyObject *args) +{ + NTSTATUS status; + char *filename = NULL; + PyObject *py_sd = NULL; + struct security_descriptor *sd = NULL; + unsigned int sinfo = SECINFO_DEFAULT_FLAGS; + uint16_t fnum; + + /* there's no async version of cli_set_security_descriptor() */ + if (self->thread_state != NULL) { + PyErr_SetString(PyExc_RuntimeError, + "set_acl() is not supported on " + "a multi_threaded connection"); + return NULL; + } + + if (!PyArg_ParseTuple(args, "sO|I:set_acl", &filename, &py_sd, + &sinfo)) { + return NULL; + } + + sd = pytalloc_get_type(py_sd, struct security_descriptor); + if (!sd) { + PyErr_Format(PyExc_TypeError, + "Expected dcerpc.security.descriptor as argument, got %s", + talloc_get_name(pytalloc_get_ptr(py_sd))); + return NULL; + } + + status = cli_ntcreate(self->cli, filename, 0, + SEC_FLAG_MAXIMUM_ALLOWED, 0, + FILE_SHARE_READ|FILE_SHARE_WRITE, + FILE_OPEN, 0x0, 0x0, &fnum, NULL); + PyErr_NTSTATUS_IS_ERR_RAISE(status); + + status = cli_set_security_descriptor(self->cli, fnum, sinfo, sd); + PyErr_NTSTATUS_IS_ERR_RAISE(status); + + status = cli_close(self->cli, fnum); + PyErr_NTSTATUS_IS_ERR_RAISE(status); + + Py_RETURN_NONE; +} + static PyMethodDef py_cli_state_methods[] = { { "settimeout", (PyCFunction)py_cli_settimeout, METH_VARARGS, "settimeout(new_timeout_msecs) => return old_timeout_msecs" }, @@ -1577,6 +1625,9 @@ static PyMethodDef py_cli_state_methods[] = { { "get_acl", (PyCFunction)py_smb_getacl, METH_VARARGS, "get_acl(path[, security_info=0]) -> security_descriptor object\n\n" "\t\tGet security descriptor for file." }, + { "set_acl", (PyCFunction)py_smb_setacl, METH_VARARGS, + "set_acl(path, security_descriptor[, security_info=0]) -> None\n\n" + "\t\tSet security descriptor for file." }, { NULL, NULL, 0, NULL } }; -- 2.17.1 From b47e42e04006549ae24360191e3b36f6cc01dc2f Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Tue, 8 Jan 2019 15:10:46 +1300 Subject: [PATCH 05/47] netcmd: Change SMB flags from s4 Py bindings to s3 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Jeremy Allison (cherry picked from commit 345746ea5f4cca2620421ac0c8a649a596f5c19d) --- python/samba/netcmd/gpo.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py index a064f44147a..d4431296508 100644 --- a/python/samba/netcmd/gpo.py +++ b/python/samba/netcmd/gpo.py @@ -44,6 +44,7 @@ from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHE from samba.netcmd.common import netcmd_finddc from samba import policy from samba import smb +from samba.samba3 import libsmb_samba_internal as libsmb from samba import NTSTATUSError import uuid from samba.ntacls import dsacl2fsacl @@ -280,7 +281,7 @@ def backup_directory_remote_to_local(conn, remotedir, localdir): r_name = r_dir + '\\' + e['name'] l_name = os.path.join(l_dir, e['name']) - if e['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY: + if e['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY: r_dirs.append(r_name) l_dirs.append(l_name) os.mkdir(l_name) @@ -294,10 +295,10 @@ def backup_directory_remote_to_local(conn, remotedir, localdir): parser.write_xml(l_name + '.xml') -attr_flags = smb.FILE_ATTRIBUTE_SYSTEM | \ - smb.FILE_ATTRIBUTE_DIRECTORY | \ - smb.FILE_ATTRIBUTE_ARCHIVE | \ - smb.FILE_ATTRIBUTE_HIDDEN +attr_flags = libsmb.FILE_ATTRIBUTE_SYSTEM | \ + libsmb.FILE_ATTRIBUTE_DIRECTORY | \ + libsmb.FILE_ATTRIBUTE_ARCHIVE | \ + libsmb.FILE_ATTRIBUTE_HIDDEN def copy_directory_remote_to_local(conn, remotedir, localdir): @@ -315,7 +316,7 @@ def copy_directory_remote_to_local(conn, remotedir, localdir): r_name = r_dir + '\\' + e['name'] l_name = os.path.join(l_dir, e['name']) - if e['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY: + if e['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY: r_dirs.append(r_name) l_dirs.append(l_name) os.mkdir(l_name) -- 2.17.1 From c9fdea2e361c842d566d662255a361c07932d003 Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Fri, 11 Jan 2019 14:25:32 +1300 Subject: [PATCH 06/47] s3:pylibsmb: Add FILE_READ_ATTRIBUTES access to .loadfile() API Add FILE_READ_ATTRIBUTES when opening the file handle, as we need to read the file's size. The .loadfile() API can end up calling cli_qfileinfo_basic() to get the file size. This can end up doing a 'FILE_ALL_INFORMATION' SMBv2 request underneath, which the MS-SMB2 spec (section 3.3.5.20.1 Handling SMB2_0_INFO_FILE) says the file handle must have FILE_READ_ATTRIBUTES access granted. I noticed this problem when running .loadfile() against the NTVFS server. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Jeremy Allison (cherry picked from commit 0304b08de5ba1b4a6e08568a559c52f7d9e943d3) --- source3/libsmb/pylibsmb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c index ee1d91b90ed..b4903a9b8c5 100644 --- a/source3/libsmb/pylibsmb.c +++ b/source3/libsmb/pylibsmb.c @@ -928,7 +928,8 @@ static PyObject *py_smb_loadfile(struct py_cli_state *self, PyObject *args, /* get a read file handle */ req = cli_ntcreate_send(NULL, self->ev, self->cli, filename, 0, - FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL, + FILE_READ_DATA | FILE_READ_ATTRIBUTES, + FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ, FILE_OPEN, 0, SMB2_IMPERSONATION_IMPERSONATION, 0); if (!py_tevent_req_wait_exc(self, req)) { -- 2.17.1 From c4323c00ec59112bcd2160b87ae5fe37a95cd34b Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Fri, 11 Jan 2019 14:53:16 +1300 Subject: [PATCH 07/47] netcmd: Change GPO commands to use s3 SMB Py bindings This means we can now use GPO commands on a DC that has SMBv1 disabled. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Jeremy Allison (cherry picked from commit 08f1627cb3fa1c9ff7a0f74e32874d305647dc42) --- python/samba/netcmd/gpo.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py index d4431296508..1b5e927f633 100644 --- a/python/samba/netcmd/gpo.py +++ b/python/samba/netcmd/gpo.py @@ -43,7 +43,7 @@ import samba.auth from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES from samba.netcmd.common import netcmd_finddc from samba import policy -from samba import smb +from samba.samba3 import param as s3param from samba.samba3 import libsmb_samba_internal as libsmb from samba import NTSTATUSError import uuid @@ -365,7 +365,10 @@ def create_directory_hier(conn, remotedir): def smb_connection(dc_hostname, service, lp, creds, sign=False): # SMB connect to DC try: - conn = smb.SMB(dc_hostname, service, lp=lp, creds=creds, sign=sign) + # the SMB bindings rely on having a s3 loadparm + s3_lp = s3param.get_context() + s3_lp.load(lp.configfile) + conn = libsmb.Conn(dc_hostname, service, lp=s3_lp, creds=creds, sign=sign) except Exception: raise CommandError("Error connecting to '%s' using SMB" % dc_hostname) return conn -- 2.17.1 From 9d9b00566c1e7795600075f7a7c572d67fb0714d Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Fri, 11 Jan 2019 15:57:21 +1300 Subject: [PATCH 08/47] s4:pysmb: Add error log that the s4 bindings are deprecated We plan to delete the s4 SMB Python bindings in the next Samba release after v4.10, but first give external consumers a heads-up, just in case they are currently using the s4 bindings. Note the auth_log tests still use the s4 bindings, but all user-facing tools should now be updated to use the s3 bindings. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Jeremy Allison (cherry picked from commit 6a29e63f32c0024587020fc1f92b3d1ecaa0afbc) --- source4/libcli/pysmb.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c index 45ff9a0a7c0..5a028169661 100644 --- a/source4/libcli/pysmb.c +++ b/source4/libcli/pysmb.c @@ -614,6 +614,18 @@ static PyObject *py_smb_new(PyTypeObject *type, PyObject *args, PyObject *kwargs uint8_t use_spnego = 0xFF; PyObject *sign = Py_False; + /* + * These Python bindings are now deprecated because the s4 SMB client + * code doesn't support SMBv2 (and is unlikely to ever support it). + * The s3 libsmb_samba_internal bindings are a better choice for use + * within the Samba codebase, and support much the same API. + * This warning is mostly for external consumers that might be using + * these Python bindings (in which case, note libsmb_samba_internal + * is not a stable API and may change in future). + */ + DBG_ERR("The smb.SMB() Python bindings are now deprecated " + "and will be removed in the next samba release\n"); + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "zz|OObbO", discard_const_p(char *, kwnames), &hostname, &service, &py_creds, &py_lp, -- 2.17.1 From 6158ca6e2994c5090312cf4677024b43df6bcc7e Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Fri, 11 Jan 2019 15:09:48 +1300 Subject: [PATCH 09/47] tests: Run samba_tool.gpo tests against backup testenvs Run the GPO tests against the backup/restore testenvs. Because the backup/restore preserves the NTACLs of the sysvol files, running the GPO tests against the backup testenvs is a good sanity- check. If fact it highlights that there is currently a problem with restoring the GPO files - this shows up in 'samba-tool gpo aclcheck', but we never noticed it until now. NTACL backup works slightly different for offline backups, and rename backups end up with more sysvol files, so run the tests against both these envs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Jeremy Allison (cherry picked from commit 2a7372da7b84921b247cefc23d7003b8056d74a4) --- selftest/knownfail.d/gpo | 3 +++ source4/selftest/tests.py | 8 +++++--- 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 selftest/knownfail.d/gpo diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo new file mode 100644 index 00000000000..fabe2babf0e --- /dev/null +++ b/selftest/knownfail.d/gpo @@ -0,0 +1,3 @@ +# 'samba-tool gpo aclcheck' currently fails against restored testenvs (due to a bug) +samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(renamedc:local\) +samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(offlinebackupdc:local\) diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index a1f38424af7..9d56e0bd2be 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -656,11 +656,13 @@ for env in ["ad_dc_ntvfs", "fl2000dc", "fl2003dc", "fl2008r2dc"]: for env in ["ad_dc:local", "ad_dc_ntvfs:local", "fl2000dc:local", "fl2003dc:local", "fl2008r2dc:local"]: plantestsuite("samba.tests.samba_tool.edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD']) -# We run this test against both AD DC implemetnations because it is +# We run this test against both AD DC implementations because it is # the only test we have of GPO get/set behaviour, and this involves # the file server as well as the LDAP server. -planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.gpo", py3_compatible=True) -planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.gpo", py3_compatible=True) +# It's also a good sanity-check that sysvol backup worked correctly. +for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc"]: + planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo", + py3_compatible=True) planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.processes", py3_compatible=True) planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user", py3_compatible=True) -- 2.17.1 From e682347bc1863a800373703f33866ea9c1f11626 Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Tue, 15 Jan 2019 14:09:15 +1300 Subject: [PATCH 10/47] ntacls: Pass correct use_ntvfs through to setntacl() We were already checking the smb.conf to see if it uses the NTVFS file server or the default smbd server. However, we weren't passing this through to the setntacl() call. This fixes the problem we noticed with 'samba-tool gpo aclcheck' failing after a restore. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Jeremy Allison (cherry picked from commit f3fe96fc2e2d942b4a2e241777b5ee12b2295b97) --- python/samba/ntacls.py | 3 ++- selftest/knownfail.d/gpo | 3 --- 2 files changed, 2 insertions(+), 4 deletions(-) delete mode 100644 selftest/knownfail.d/gpo diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py index 99245737529..5bf646caf9f 100644 --- a/python/samba/ntacls.py +++ b/python/samba/ntacls.py @@ -454,7 +454,8 @@ class NtaclsHelper: def setntacl(self, path, ntacl_sd): # ntacl_sd can be obj or str - return setntacl(self.lp, path, ntacl_sd, self.dom_sid) + return setntacl(self.lp, path, ntacl_sd, self.dom_sid, + use_ntvfs=self.use_ntvfs) def _create_ntacl_file(dst, ntacl_sddl_str): diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo deleted file mode 100644 index fabe2babf0e..00000000000 --- a/selftest/knownfail.d/gpo +++ /dev/null @@ -1,3 +0,0 @@ -# 'samba-tool gpo aclcheck' currently fails against restored testenvs (due to a bug) -samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(renamedc:local\) -samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(offlinebackupdc:local\) -- 2.17.1 From 349cfec01df89f0591b04a5f39a9876b73d217d9 Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Tue, 15 Jan 2019 17:12:20 +1300 Subject: [PATCH 11/47] tests: Run GPO commands against testenv with SMBv1 disabled Just to prove that they work across SMBv2. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Jeremy Allison (cherry picked from commit da33c2c4e4849f0985b08fbdc58cbd59b8426ec6) --- source4/selftest/tests.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 9d56e0bd2be..7073755f0b3 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -660,7 +660,8 @@ for env in ["ad_dc:local", "ad_dc_ntvfs:local", "fl2000dc:local", "fl2003dc:loca # the only test we have of GPO get/set behaviour, and this involves # the file server as well as the LDAP server. # It's also a good sanity-check that sysvol backup worked correctly. -for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc"]: +for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc", + smbv1_disabled_testenv]: planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo", py3_compatible=True) -- 2.17.1 From 7399fe07feadfe7adf76c650a511fb7948554d18 Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Thu, 13 Dec 2018 16:29:33 +1300 Subject: [PATCH 12/47] selftest: Give the backup testenvs a 'test1' share The ntacls_backup tests use the test1 share, and we want to run them against the restoredc (which has SMBv1 disabled). The xattr.tdb file is needed for the backend_obj.wrap_getxattr() call (in ntacls.py) to work. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Jeremy Allison (cherry picked from commit a310de2db13c02a602e74139cb47ea9a25628e01) --- selftest/target/Samba4.pm | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 5346cb172df..f2635e574cd 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -3007,12 +3007,14 @@ sub prepare_dc_testenv # add support for sysvol/netlogon/tmp shares $ctx->{share} = "$ctx->{prefix_abs}/share"; push(@{$ctx->{directories}}, "$ctx->{share}"); + push(@{$ctx->{directories}}, "$ctx->{share}/test1"); $ctx->{smb_conf_extra_options} = " $conf_options max xmit = 32K server max protocol = SMB2 samba kcc command = /bin/true + xattr_tdb:file = $ctx->{statedir}/xattr.tdb [sysvol] path = $ctx->{statedir}/sysvol @@ -3029,6 +3031,12 @@ sub prepare_dc_testenv posix:oplocktimeout = 3 posix:writetimeupdatedelay = 50000 +[test1] + path = $ctx->{share}/test1 + read only = no + posix:sharedelay = 100000 + posix:oplocktimeout = 3 + posix:writetimeupdatedelay = 500000 "; my $env = $self->provision_raw_step1($ctx); -- 2.17.1 From f088f070b4cb5a18fdb6f819c5857ef325f53033 Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Wed, 16 Jan 2019 10:02:07 +1300 Subject: [PATCH 13/47] tests: Run ntacls_backup tests against testenv with SMBv1 disabled Just to prove that the NTACL backup works over SMBv2. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Jeremy Allison (cherry picked from commit 7fb93eaca74ffe17bbe7255210dd3090afe8d5dc) --- source4/selftest/tests.py | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 7073755f0b3..b8132086ef8 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -695,15 +695,13 @@ planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$U for env in ["ad_dc", smbv1_disabled_testenv]: planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) + planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup", + extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) planoldpythontestsuite( "ad_dc_ntvfs:local", "samba.tests.dcerpc.registry", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) -planoldpythontestsuite( - "ad_dc:local", "samba.tests.ntacls_backup", - extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) - planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) planoldpythontestsuite("chgdcpass", "samba.tests.dcerpc.raw_protocol", py3_compatible=True, -- 2.17.1 From 26cd687f14d70676c41e038b98551944ebd95356 Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Thu, 17 Jan 2019 09:41:21 +1300 Subject: [PATCH 14/47] netcmd: Try to improve domain backup error message I ran this command as non-root by mistake and didn't find the error message particularly helpful. Tweak the error message so it reminds the user that they should be root. Also display the path we're looking for the sam.ldb file in, to give them more clues. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Noel Power Autobuild-User(master): Noel Power Autobuild-Date(master): Mon Jan 21 16:34:06 CET 2019 on sn-devel-144 (cherry picked from commit 10e54a095f005c0988a7e5e8a35cea6200197854) --- python/samba/netcmd/domain_backup.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/python/samba/netcmd/domain_backup.py b/python/samba/netcmd/domain_backup.py index 4cacf571f3d..4e32b4b9b1c 100644 --- a/python/samba/netcmd/domain_backup.py +++ b/python/samba/netcmd/domain_backup.py @@ -1009,8 +1009,9 @@ class cmd_domain_backup_offline(samba.netcmd.Command): paths = samba.provision.provision_paths_from_lp(lp, lp.get('realm')) if not (paths.samdb and os.path.exists(paths.samdb)): - raise CommandError('No sam.db found. This backup ' + - 'tool is only for AD DCs') + logger.error("No database found at {0}".format(paths.samdb)) + raise CommandError('Please check you are root, and ' + + 'are running this command on an AD DC') check_targetdir(logger, targetdir) -- 2.17.1 From 16b1971ea0ae76d0738f1dae9997b58af1bd5eac Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Tue, 22 Jan 2019 11:08:13 +1300 Subject: [PATCH 15/47] WHATSNEW: Update for Bug 13676 changes in Samba 4.10 Although it's unlikely that users will be using the 'smb' Python bindings, it's probably worth noting in the release notes that these bindings will be deprecated in future releases. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Jeremy Allison --- WHATSNEW.txt | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 267cc5402a9..493d9c2b35f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -153,7 +153,13 @@ log entries has been removed to make the parsing of the JSON log messages easier. JSON log entries now start with 2 spaces followed by an opening brace i.e. " {" +SMBv2 samba-tool support +------------------------ +On previous releases, some samba-tool commands would not work against a remote +DC that had SMBv1 disabled. SMBv2 support has now been added for samba-tool. +The affected commands are 'samba-tool domain backup|rename' and the +'samba-tool gpo' set of commands. Refer also bug #13676. REMOVED FEATURES @@ -176,6 +182,14 @@ samba_backup The samba_backup script has been removed. This has now been replaced by the 'samba-tool domain backup offline' command. +SMB client Python bindings +-------------------------- + +The SMB client python bindings are now deprecated and will be removed in future +Samba releases. This will only affects users that may have used the Samba +Python bindings to write their own utilities, i.e. users with a custom Python +script that includes the line 'from samba import smb'. + smb.conf changes ================ -- 2.17.1 From a4466ec428265be9b31cec0820ce44c6c9bbc61e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 14 Jan 2019 15:04:59 +0100 Subject: [PATCH 16/47] ctdb: Print locks latency in machinereadable stats Bug: https://bugzilla.samba.org/show_bug.cgi?id=13742 Signed-off-by: Volker Lendecke Reviewed-by: Martin Schwenke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Wed Jan 16 05:34:17 CET 2019 on sn-devel-144 (cherry picked from commit 193a0d6f01372604b925d1972591062a0bb2400f) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Mon Feb 4 13:09:49 CET 2019 on sn-devel-144 --- ctdb/tools/ctdb.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ctdb/tools/ctdb.c b/ctdb/tools/ctdb.c index eb4c684e8b0..ee64566ba04 100644 --- a/ctdb/tools/ctdb.c +++ b/ctdb/tools/ctdb.c @@ -1237,6 +1237,11 @@ static void print_statistics_machine(struct ctdb_statistics *s, printf("%.6f%s", LATENCY_AVG(s->call_latency), options.sep); printf("%.6f%s", s->call_latency.max, options.sep); + printf("%u%s", s->locks.latency.num, options.sep); + printf("%.6f%s", s->locks.latency.min, options.sep); + printf("%.6f%s", LATENCY_AVG(s->locks.latency), options.sep); + printf("%.6f%s", s->locks.latency.max, options.sep); + printf("%d%s", s->childwrite_latency.num, options.sep); printf("%.6f%s", s->childwrite_latency.min, options.sep); printf("%.6f%s", LATENCY_AVG(s->childwrite_latency), options.sep); -- 2.17.1 From 9859cc5c1b052180435c1e11a89023726698f51c Mon Sep 17 00:00:00 2001 From: Anoop C S Date: Mon, 21 Jan 2019 14:24:49 +0530 Subject: [PATCH 17/47] WHATSNEW: Add missing parenthesis Bug: https://bugzilla.samba.org/show_bug.cgi?id=13757 Signed-off-by: Anoop C S Reviewed-by: Guenther Deschner Reviewed-by: Noel Power --- WHATSNEW.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 493d9c2b35f..e4f33e428bf 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -103,7 +103,7 @@ the 'PYTHON' environent variable to override the python3 default for both Note: Support for python2 (with the exception of a build configured with 'PYTHON=python2 ./configure --disable-python' and built with - 'PYTHON=python2 make' will be deprecated in the next release. + 'PYTHON=python2 make') will be deprecated in the next release. JSON logging ------------ -- 2.17.1 From 94aff506747acdc98582ca6426d34a68090077d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Tue, 22 Jan 2019 11:18:20 +0100 Subject: [PATCH 18/47] WHATSNEW: fix typo. Guenther Bug: https://bugzilla.samba.org/show_bug.cgi?id=13757 Signed-off-by: Guenther Deschner Reviewed-by: Noel Power --- WHATSNEW.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index e4f33e428bf..bed631c5eaa 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -94,7 +94,7 @@ e.g. '--extra-python=/usr/bin/python2'. It should be noted that support for this option will be deprecated in a future release. What if I need to build with python2? To build with python2 you *must* set -the 'PYTHON' environent variable to override the python3 default for both +the 'PYTHON' environment variable to override the python3 default for both 'configure' and 'make' steps. 'PYTHON=python2 ./configure.developer' -- 2.17.1 From 9ae7ffa5f053c5f39691dd881d1adb290859bcad Mon Sep 17 00:00:00 2001 From: Anoop C S Date: Tue, 20 Mar 2018 11:32:20 +0530 Subject: [PATCH 19/47] vfs_glusterfs: Adapt to changes in libgfapi signatures VFS module for GlusterFS fails to compile due to recent changes done to some API signatures. Therefore adding missing arguments to those APIs adapting to new signatures. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13330 Signed-off-by: Anoop C S Reviewed-by: Guenther Deschner Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sun Feb 3 17:00:33 CET 2019 on sn-devel-144 (cherry picked from commit 0e3eda5bab5ae9316a42725aea048fb350020ec7) --- source3/modules/vfs_glusterfs.c | 19 +++++++++++++++++++ source3/wscript | 3 +++ 2 files changed, 22 insertions(+) diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c index c9d57b4b646..a5d93ab5251 100644 --- a/source3/modules/vfs_glusterfs.c +++ b/source3/modules/vfs_glusterfs.c @@ -633,7 +633,11 @@ static ssize_t vfs_gluster_pread(struct vfs_handle_struct *handle, return -1; } +#ifdef HAVE_GFAPI_VER_7_6 + return glfs_pread(glfd, data, n, offset, 0, NULL); +#else return glfs_pread(glfd, data, n, offset, 0); +#endif } struct glusterfs_aio_state; @@ -664,7 +668,14 @@ static int aio_wrapper_destructor(struct glusterfs_aio_wrapper *wrap) * threads once the async IO submitted is complete. To notify * Samba of the completion we use a pipe based queue. */ +#ifdef HAVE_GFAPI_VER_7_6 +static void aio_glusterfs_done(glfs_fd_t *fd, ssize_t ret, + struct glfs_stat *prestat, + struct glfs_stat *poststat, + void *data) +#else static void aio_glusterfs_done(glfs_fd_t *fd, ssize_t ret, void *data) +#endif { struct glusterfs_aio_state *state = NULL; int sts = 0; @@ -954,7 +965,11 @@ static ssize_t vfs_gluster_pwrite(struct vfs_handle_struct *handle, return -1; } +#ifdef HAVE_GFAPI_VER_7_6 + return glfs_pwrite(glfd, data, n, offset, 0, NULL, NULL); +#else return glfs_pwrite(glfd, data, n, offset, 0); +#endif } static off_t vfs_gluster_lseek(struct vfs_handle_struct *handle, @@ -1239,7 +1254,11 @@ static int vfs_gluster_ftruncate(struct vfs_handle_struct *handle, return -1; } +#ifdef HAVE_GFAPI_VER_7_6 + return glfs_ftruncate(glfd, offset, NULL, NULL); +#else return glfs_ftruncate(glfd, offset); +#endif } static int vfs_gluster_fallocate(struct vfs_handle_struct *handle, diff --git a/source3/wscript b/source3/wscript index 24e52e592c9..97fdae02203 100644 --- a/source3/wscript +++ b/source3/wscript @@ -1570,6 +1570,9 @@ main() { conf.CHECK_CFG(package='glusterfs-api', args='"glusterfs-api >= 6" --cflags --libs', msg='Checking for glusterfs-api >= 6', uselib_store="GFAPI_VER_6") + conf.CHECK_CFG(package='glusterfs-api', args='"glusterfs-api >= 7.6" --cflags --libs', + msg='Checking for glusterfs-api >= 7.6', + uselib_store="GFAPI_VER_7_6") else: conf.SET_TARGET_TYPE('gfapi', 'EMPTY') conf.undefine('HAVE_GLUSTERFS') -- 2.17.1 From 334f1e6f56a10097ce918620dc484e9eb0a5b83b Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Wed, 16 Jan 2019 15:17:38 +1300 Subject: [PATCH 20/47] join: Fix TypeError when handling exception When we can't resolve a domain name, we were inadvertently throwing a TypeError whilst trying to output a helpful message. E.g. ERROR(): uncaught exception - 'NTSTATUSError' object does not support indexing Instead of indexing the object, we want to index the Exception.args so that we just display the string portion of the exception error. The same problem is also present for the domain trust commands. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747 Signed-off-by: Tim Beale Reviewed-by: Rowland Penny Reviewed-by: Jeremy Allison (cherry picked from commit 3bb7808984c163a7bba66fb983411d1281589722) --- python/samba/join.py | 2 +- python/samba/netcmd/domain.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/python/samba/join.py b/python/samba/join.py index cf5d1b92b66..28b7f0b8300 100644 --- a/python/samba/join.py +++ b/python/samba/join.py @@ -346,7 +346,7 @@ class DCJoinContext(object): ctx.cldap_ret = ctx.net.finddc(domain=domain, flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE) except NTSTATUSError as error: raise Exception("Failed to find a writeable DC for domain '%s': %s" % - (domain, error[1])) + (domain, error.args[1])) except Exception: raise Exception("Failed to find a writeable DC for domain '%s'" % domain) if ctx.cldap_ret.client_site is not None and ctx.cldap_ret.client_site != "": diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py index 9c5ae21fdd7..b7aedc16a91 100644 --- a/python/samba/netcmd/domain.py +++ b/python/samba/netcmd/domain.py @@ -1802,7 +1802,7 @@ class DomainTrustCommand(Command): remote_info = remote_net.finddc(flags=remote_flags, domain=domain, address=remote_server) except NTSTATUSError as error: raise CommandError("Failed to find a writeable DC for domain '%s': %s" % - (domain, error[1])) + (domain, error.args[1])) except Exception: raise CommandError("Failed to find a writeable DC for domain '%s'" % domain) flag_map = { -- 2.17.1 From 56549fd07d690e8fe615f5dd291c1d798045a03b Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Wed, 16 Jan 2019 15:37:00 +1300 Subject: [PATCH 21/47] join: Throw CommandError instead of Exception for simple errors Throwing an exception here still dumps out the Python stack trace, which can be a little disconcerting for users. In this case, the stack trace isn't going to really help at all (the problem is pretty obvious), and it obscures the useful message explaining what went wrong. Throw a CommandError instead, which samba-tool will catch and display more nicely. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747 Signed-off-by: Tim Beale Reviewed-by: Rowland Penny Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Jan 16 22:11:04 CET 2019 on sn-devel-144 (cherry picked from commit 9e4b08f4c384b8cae5ad853a7be7cf03e2749be5) --- python/samba/join.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/python/samba/join.py b/python/samba/join.py index 28b7f0b8300..da8dcb050d3 100644 --- a/python/samba/join.py +++ b/python/samba/join.py @@ -50,6 +50,7 @@ import os import tempfile from samba.compat import text_type from samba.compat import get_string +from samba.netcmd import CommandError class DCJoinException(Exception): @@ -345,10 +346,10 @@ class DCJoinContext(object): try: ctx.cldap_ret = ctx.net.finddc(domain=domain, flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE) except NTSTATUSError as error: - raise Exception("Failed to find a writeable DC for domain '%s': %s" % - (domain, error.args[1])) + raise CommandError("Failed to find a writeable DC for domain '%s': %s" % + (domain, error.args[1])) except Exception: - raise Exception("Failed to find a writeable DC for domain '%s'" % domain) + raise CommandError("Failed to find a writeable DC for domain '%s'" % domain) if ctx.cldap_ret.client_site is not None and ctx.cldap_ret.client_site != "": ctx.site = ctx.cldap_ret.client_site return ctx.cldap_ret.pdc_dns_name -- 2.17.1 From 6990f5018d90ba9be680f50cc812fafc73f67d7c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 15 Jan 2019 08:45:26 -0800 Subject: [PATCH 22/47] python: dns_hub: Fix indentation of 'raise' on error. Remove second socket.sendto(). Bug: https://bugzilla.samba.org/show_bug.cgi?id=13750 Signed-off-by: Jeremy Allison Reviewed-by: Andreas Schneider (cherry picked from commit dd231a16a338cfe63d12cadf0fc3e2ebe7cac828) --- python/samba/tests/dns_forwarder_helpers/dns_hub.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/python/samba/tests/dns_forwarder_helpers/dns_hub.py b/python/samba/tests/dns_forwarder_helpers/dns_hub.py index 81aa478f4ba..cf9beb7fa7a 100755 --- a/python/samba/tests/dns_forwarder_helpers/dns_hub.py +++ b/python/samba/tests/dns_forwarder_helpers/dns_hub.py @@ -123,9 +123,7 @@ class DnsHandler(sserver.BaseRequestHandler): except socket.error as err: print("Error sending %s to address %s for name %s: %s\n" % (forwarder, self.client_address, name, err.errno)) - raise - - socket.sendto(send_packet, self.client_address) + raise class server_thread(threading.Thread): def __init__(self, server): -- 2.17.1 From 520c062db5fa67789133eaed0887367392b14fa6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 22 Jan 2019 09:24:35 -0800 Subject: [PATCH 23/47] libcli: dns: Change internal DNS_REQUEST_TIMEOUT from 2 to 10 seconds. Should make us more robust when dealing with slow DNS servers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13750 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Jan 22 23:37:16 CET 2019 on sn-devel-144 (cherry picked from commit 36c42e6d629a0d4b0e5c60bdd68e08a8e60c477a) --- libcli/dns/dns.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcli/dns/dns.c b/libcli/dns/dns.c index 1321b1d2d38..718bf56b3bd 100644 --- a/libcli/dns/dns.c +++ b/libcli/dns/dns.c @@ -39,7 +39,7 @@ struct dns_udp_request_state { size_t reply_len; }; -#define DNS_REQUEST_TIMEOUT 2 +#define DNS_REQUEST_TIMEOUT 10 /* Declare callback functions used below. */ static void dns_udp_request_get_reply(struct tevent_req *subreq); -- 2.17.1 From 9d2e05b1a6d8872d6f059097ce5125d7f25c29aa Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 17 Jan 2019 16:29:37 +0100 Subject: [PATCH 24/47] manpages/samba.7.xml: smbcontrol can also work with 'samba' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach (cherry picked from commit 12b9adec3ff48f4356f9ff865891dc3c652ff86b) --- docs-xml/manpages/samba.7.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs-xml/manpages/samba.7.xml b/docs-xml/manpages/samba.7.xml index 5b72d659871..836ed23619f 100644 --- a/docs-xml/manpages/samba.7.xml +++ b/docs-xml/manpages/samba.7.xml @@ -166,7 +166,7 @@ 1 smbcontrol is a utility that can change the behaviour of running - smbd, nmbd and + samba, smbd, nmbd and winbindd daemons. -- 2.17.1 From f105c379545ad51227126a239a60f946a2ab4a09 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 15 Jan 2019 01:39:06 +0100 Subject: [PATCH 25/47] s4:messaging: add support 'smbcontrol debug/debuglevel' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach (cherry picked from commit 3a0c1da432c53de234b54bac90a3fb84534994eb) --- source4/lib/messaging/messaging.c | 72 +++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c index 6c10289515f..6cf58539a75 100644 --- a/source4/lib/messaging/messaging.c +++ b/source4/lib/messaging/messaging.c @@ -121,6 +121,68 @@ static void ringbuf_log_msg(struct imessaging_context *msg, imessaging_send(msg, src, MSG_RINGBUF_LOG, &blob); } +/**************************************************************************** + Receive a "set debug level" message. +****************************************************************************/ + +static void debug_imessage(struct imessaging_context *msg_ctx, + void *private_data, + uint32_t msg_type, + struct server_id src, + DATA_BLOB *data) +{ + const char *params_str = (const char *)data->data; + struct server_id_buf src_buf; + struct server_id dst = imessaging_get_server_id(msg_ctx); + struct server_id_buf dst_buf; + + /* Check, it's a proper string! */ + if (params_str[(data->length)-1] != '\0') { + DBG_ERR("Invalid debug message from pid %s to pid %s\n", + server_id_str_buf(src, &src_buf), + server_id_str_buf(dst, &dst_buf)); + return; + } + + DBG_ERR("INFO: Remote set of debug to `%s' (pid %s from pid %s)\n", + params_str, + server_id_str_buf(dst, &dst_buf), + server_id_str_buf(src, &src_buf)); + + debug_parse_levels(params_str); +} + +/**************************************************************************** + Return current debug level. +****************************************************************************/ + +static void debuglevel_imessage(struct imessaging_context *msg_ctx, + void *private_data, + uint32_t msg_type, + struct server_id src, + DATA_BLOB *data) +{ + char *message = debug_list_class_names_and_levels(); + DATA_BLOB blob = data_blob_null; + struct server_id_buf src_buf; + struct server_id dst = imessaging_get_server_id(msg_ctx); + struct server_id_buf dst_buf; + + DBG_DEBUG("Received REQ_DEBUGLEVEL message (pid %s from pid %s)\n", + server_id_str_buf(dst, &dst_buf), + server_id_str_buf(src, &src_buf)); + + if (message == NULL) { + DBG_ERR("debug_list_class_names_and_levels returned NULL\n"); + return; + } + + blob = data_blob_string_const_null(message); + imessaging_send(msg_ctx, src, MSG_DEBUGLEVEL, &blob); + + TALLOC_FREE(message); +} + /* return uptime of messaging server via irpc */ @@ -460,6 +522,16 @@ struct imessaging_context *imessaging_init(TALLOC_CTX *mem_ctx, if (!NT_STATUS_IS_OK(status)) { goto fail; } + status = imessaging_register(msg, NULL, MSG_DEBUG, + debug_imessage); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + status = imessaging_register(msg, NULL, MSG_REQ_DEBUGLEVEL, + debuglevel_imessage); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } status = IRPC_REGISTER(msg, irpc, IRPC_UPTIME, irpc_uptime, msg); if (!NT_STATUS_IS_OK(status)) { goto fail; -- 2.17.1 From 45c19f4c25393bcc9db56e93a79ac25cef7e6280 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 28 Jan 2019 16:29:51 +0100 Subject: [PATCH 26/47] s4:server: avoid using pid=0 for the parent 'samba' process MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It confuses the 'samba-tool processes' output and log messages. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach (cherry picked from commit 5bd7a8e5685caa09067745b108ef7e53e3108e97) --- source4/smbd/server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/smbd/server.c b/source4/smbd/server.c index 086fed99273..0345c6ac7d3 100644 --- a/source4/smbd/server.c +++ b/source4/smbd/server.c @@ -316,7 +316,7 @@ static NTSTATUS setup_parent_messaging(struct server_state *state, msg = imessaging_init(state->event_ctx, lp_ctx, - cluster_id(0, SAMBA_PARENT_TASKID), + cluster_id(getpid(), SAMBA_PARENT_TASKID), state->event_ctx); NT_STATUS_HAVE_NO_MEMORY(msg); -- 2.17.1 From 902de86daa685b864594df5026f60d7cd7171b2e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 17 Jan 2019 16:27:10 +0100 Subject: [PATCH 27/47] s4:server: add support for 'smbcontrol samba shutdown' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach (cherry picked from commit 832776c0fcf7cc658c128765514755c2d15b06a6) --- source4/smbd/server.c | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/source4/smbd/server.c b/source4/smbd/server.c index 0345c6ac7d3..eeb46ffee6a 100644 --- a/source4/smbd/server.c +++ b/source4/smbd/server.c @@ -45,6 +45,7 @@ #include "libds/common/roles.h" #include "lib/util/tfork.h" #include "dsdb/samdb/ldb_modules/util.h" +#include "lib/util/server_id.h" #ifdef HAVE_PTHREAD #include @@ -291,6 +292,31 @@ static int prime_ldb_databases(struct tevent_context *event_ctx, bool *am_backup return LDB_SUCCESS; } +/* + called from 'smbcontrol samba shutdown' + */ +static void samba_parent_shutdown(struct imessaging_context *msg, + void *private_data, + uint32_t msg_type, + struct server_id src, + DATA_BLOB *data) +{ + struct server_state *state = + talloc_get_type_abort(private_data, + struct server_state); + struct server_id_buf src_buf; + struct server_id dst = imessaging_get_server_id(msg); + struct server_id_buf dst_buf; + + DBG_ERR("samba_shutdown of %s %s: from %s\n", + state->binary_name, + server_id_str_buf(dst, &dst_buf), + server_id_str_buf(src, &src_buf)); + + TALLOC_FREE(state); + exit(0); +} + /* called when a fatal condition occurs in a child task */ @@ -325,10 +351,19 @@ static NTSTATUS setup_parent_messaging(struct server_state *state, return status; } + status = imessaging_register(msg, state, MSG_SHUTDOWN, + samba_parent_shutdown); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + status = IRPC_REGISTER(msg, irpc, SAMBA_TERMINATE, samba_terminate, state); + if (!NT_STATUS_IS_OK(status)) { + return status; + } - return status; + return NT_STATUS_OK; } -- 2.17.1 From a2e889740b3fa42e0287b499992366a73a3cae43 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 17 Jan 2019 23:50:45 +0100 Subject: [PATCH 28/47] selftest:Samba4: use 'smbcontrol samba shutdown' MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Jan 30 01:51:48 CET 2019 on sn-devel-144 (cherry picked from commit d03991f569b54ae0a11911b622107fbae701715d) --- selftest/target/Samba4.pm | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index f2635e574cd..b662776a847 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -2221,6 +2221,15 @@ sub teardown_env_terminate($$) my ($self, $envvars) = @_; my $pid; + # This should cause samba to terminate gracefully + my $smbcontrol = Samba::bindir_path($self, "smbcontrol"); + my $cmd = ""; + $cmd .= "$smbcontrol samba shutdown $envvars->{CONFIGURATION}"; + my $ret = system($cmd); + if ($ret != 0) { + warn "'$cmd' failed with '$ret'\n"; + } + # This should cause samba to terminate gracefully close($envvars->{STDIN_PIPE}); -- 2.17.1 From f8773e8a78e6dc666f9b6b49e897b1a070898113 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=BCnther=20Deschner?= Date: Thu, 17 Jan 2019 15:21:07 +0100 Subject: [PATCH 29/47] s3-vfs: add glusterfs_fuse vfs module. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This module only implements the get_real_filename function by accessing a distinct extended attribute that is available over a glusterfs fuse mount. By implementing this vfs function users of a glusterfs fuse mount achieve a much better performance in create based workloads where samba then can avoid trying multiple case folding options to detect the real filename. Patch is based on an initial patch provided by Poornima G BUG: https://bugzilla.samba.org/show_bug.cgi?id=13774 Guenther Signed-off-by: Günther Deschner Reviewed-by: Ralph Boehme Autobuild-User(master): Günther Deschner Autobuild-Date(master): Tue Jan 22 18:37:56 CET 2019 on sn-devel-144 (cherry picked from commit adffe0dcf002aa4721dc7897261895e3486d5271) --- docs-xml/manpages/vfs_glusterfs_fuse.8.xml | 103 +++++++++++++++++++++ docs-xml/wscript_build | 1 + source3/modules/vfs_glusterfs_fuse.c | 71 ++++++++++++++ source3/modules/wscript_build | 8 ++ source3/wscript | 1 + 5 files changed, 184 insertions(+) create mode 100644 docs-xml/manpages/vfs_glusterfs_fuse.8.xml create mode 100644 source3/modules/vfs_glusterfs_fuse.c diff --git a/docs-xml/manpages/vfs_glusterfs_fuse.8.xml b/docs-xml/manpages/vfs_glusterfs_fuse.8.xml new file mode 100644 index 00000000000..b9f7f42c6f2 --- /dev/null +++ b/docs-xml/manpages/vfs_glusterfs_fuse.8.xml @@ -0,0 +1,103 @@ + + + + + + vfs_glusterfs_fuse + 8 + Samba + System Administration tools + &doc.version; + + + + + vfs_glusterfs_fuse + + Utilize features provided by GlusterFS + + + + + + vfs objects = glusterfs_fuse + + + + + DESCRIPTION + + This VFS module is part of the + samba + 8 suite. + + + GlusterFS + (http://www.gluster.org) + is an Open Source clustered file system capable of scaling to + several peta-bytes. With its FUSE based native client, + GlusterFS is available as a POSIX compliant file system and can + hence be shared by Samba without additional steps. + + + + The vfs_glusterfs_fuse VFS module provides an enhanced way + to access a Gluster filesystem using a Gluster FUSE mount. It provides support + for the get_real_filename VFS call which enhances file access performance + by avoiding multiple expensive case folding lookup calls to detect the appropriate + case of an exisiting filename. + + + + This module can be combined with other modules, but it + should be the last module in the vfs objects + list. Modules added to this list to the right of the glusterfs + entry may not have any effect at all. + + + + + CONFIGURATION + + + A basic configuration looks like this. + + + + + glusterfs_fuse + /absolute/path_of_fusemount + + + + Note that vfs_glusterfs_fuse requires a Gluster mount. For accessing glusterfs directly + over the GFAPI library please use the vfs_glusterfs module. + + + + + OPTIONS + + This module does currently have no further options. + + + + + VERSION + + + This man page is part of version &doc.version; of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build index 1b4335cbb5d..86600ae4a82 100644 --- a/docs-xml/wscript_build +++ b/docs-xml/wscript_build @@ -82,6 +82,7 @@ vfs_module_manpages = ['vfs_acl_tdb', 'vfs_fruit', 'vfs_full_audit', 'vfs_glusterfs', + 'vfs_glusterfs_fuse', 'vfs_gpfs', 'vfs_linux_xfs_sgid', 'vfs_media_harmony', diff --git a/source3/modules/vfs_glusterfs_fuse.c b/source3/modules/vfs_glusterfs_fuse.c new file mode 100644 index 00000000000..64c1b0035c1 --- /dev/null +++ b/source3/modules/vfs_glusterfs_fuse.c @@ -0,0 +1,71 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (c) 2019 Guenther Deschner + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "smbd/smbd.h" +#include "system/filesys.h" + +static int vfs_gluster_fuse_get_real_filename(struct vfs_handle_struct *handle, + const char *path, + const char *name, + TALLOC_CTX *mem_ctx, + char **_found_name) +{ + int ret; + char key_buf[NAME_MAX + 64]; + char val_buf[NAME_MAX + 1]; + char *found_name = NULL; + + if (strlen(name) >= NAME_MAX) { + errno = ENAMETOOLONG; + return -1; + } + + snprintf(key_buf, NAME_MAX + 64, + "glusterfs.get_real_filename:%s", name); + + ret = getxattr(path, key_buf, val_buf, NAME_MAX + 1); + if (ret == -1) { + if (errno == ENODATA) { + errno = EOPNOTSUPP; + } + return -1; + } + + found_name = talloc_strdup(mem_ctx, val_buf); + if (found_name == NULL) { + errno = ENOMEM; + return -1; + } + *_found_name = found_name; + return 0; +} + +struct vfs_fn_pointers glusterfs_fuse_fns = { + + /* File Operations */ + .get_real_filename_fn = vfs_gluster_fuse_get_real_filename, +}; + +static_decl_vfs; +NTSTATUS vfs_glusterfs_fuse_init(TALLOC_CTX *ctx) +{ + return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, + "glusterfs_fuse", &glusterfs_fuse_fns); +} diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build index db083f50646..4a51002182f 100644 --- a/source3/modules/wscript_build +++ b/source3/modules/wscript_build @@ -515,6 +515,14 @@ bld.SAMBA3_MODULE('vfs_glusterfs', internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_glusterfs'), enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_glusterfs')) +bld.SAMBA3_MODULE('vfs_glusterfs_fuse', + subsystem='vfs', + source='vfs_glusterfs_fuse.c', + deps='', + init_function='', + internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_glusterfs_fuse'), + enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_glusterfs_fuse')) + bld.SAMBA3_MODULE('vfs_worm', subsystem='vfs', source='vfs_worm.c', diff --git a/source3/wscript b/source3/wscript index 97fdae02203..17331a1aa50 100644 --- a/source3/wscript +++ b/source3/wscript @@ -1664,6 +1664,7 @@ main() { vfs_media_harmony vfs_unityed_media vfs_fruit vfs_shell_snap vfs_commit vfs_worm vfs_crossrename vfs_linux_xfs_sgid vfs_time_audit vfs_offline vfs_virusfilter + vfs_glusterfs_fuse ''')) default_shared_modules.extend(TO_LIST('auth_script idmap_tdb2 idmap_script')) # these have broken dependencies -- 2.17.1 From 676b549321abe61c63cb07681bd566b05369a876 Mon Sep 17 00:00:00 2001 From: Anoop C S Date: Wed, 23 Jan 2019 15:40:43 +0530 Subject: [PATCH 30/47] s3-vfs: Use ENOATTR in errno comparison for getxattr * ENODATA is not defined in FreeBSD * ENOATTR is defined to be a synonym for ENODATA in Linux * In its absence Samba already defines ENOATTR to either ENODATA or ENOENT Thus it is safe and correct to compare with ENOATTR rather than ENODATA. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13774 Signed-off-by: Anoop C S Reviewed-by: Uri Simchoni Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Jan 23 21:59:10 CET 2019 on sn-devel-144 (cherry picked from commit c99402724a65f4e1f8ed4dcd236a43e0603bef0a) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Tue Feb 5 23:59:06 CET 2019 on sn-devel-144 --- source3/modules/posixacl_xattr.c | 4 ++-- source3/modules/vfs_glusterfs.c | 2 +- source3/modules/vfs_glusterfs_fuse.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/modules/posixacl_xattr.c b/source3/modules/posixacl_xattr.c index 8f6f365bff9..6f016e17e0b 100644 --- a/source3/modules/posixacl_xattr.c +++ b/source3/modules/posixacl_xattr.c @@ -379,7 +379,7 @@ SMB_ACL_T posixacl_xattr_acl_get_file(vfs_handle_struct *handle, if (ret > 0) { return posixacl_xattr_to_smb_acl(buf, ret, mem_ctx); } - if (ret == 0 || errno == ENOATTR || errno == ENODATA) { + if (ret == 0 || errno == ENOATTR) { mode_t mode = 0; TALLOC_CTX *frame = talloc_stackframe(); struct smb_filename *smb_fname_tmp = @@ -434,7 +434,7 @@ SMB_ACL_T posixacl_xattr_acl_get_fd(vfs_handle_struct *handle, if (ret > 0) { return posixacl_xattr_to_smb_acl(buf, ret, mem_ctx); } - if (ret == 0 || errno == ENOATTR || errno == ENODATA) { + if (ret == 0 || errno == ENOATTR) { SMB_STRUCT_STAT sbuf; ret = SMB_VFS_FSTAT(fsp, &sbuf); if (ret == 0) diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c index a5d93ab5251..601be5a2da4 100644 --- a/source3/modules/vfs_glusterfs.c +++ b/source3/modules/vfs_glusterfs.c @@ -1462,7 +1462,7 @@ static int vfs_gluster_get_real_filename(struct vfs_handle_struct *handle, ret = glfs_getxattr(handle->data, path, key_buf, val_buf, NAME_MAX + 1); if (ret == -1) { - if (errno == ENODATA) { + if (errno == ENOATTR) { errno = EOPNOTSUPP; } return -1; diff --git a/source3/modules/vfs_glusterfs_fuse.c b/source3/modules/vfs_glusterfs_fuse.c index 64c1b0035c1..8855cd18d01 100644 --- a/source3/modules/vfs_glusterfs_fuse.c +++ b/source3/modules/vfs_glusterfs_fuse.c @@ -42,7 +42,7 @@ static int vfs_gluster_fuse_get_real_filename(struct vfs_handle_struct *handle, ret = getxattr(path, key_buf, val_buf, NAME_MAX + 1); if (ret == -1) { - if (errno == ENODATA) { + if (errno == ENOATTR) { errno = EOPNOTSUPP; } return -1; -- 2.17.1 From d902eec5bae7e862ee8a19460f028189c8eb39d2 Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Wed, 6 Feb 2019 08:57:04 +0100 Subject: [PATCH 31/47] WHATSNEW: Add release notes for Samba 4.10.0rc2. Signed-off-by: Karolin Seeger --- WHATSNEW.txt | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index bed631c5eaa..8bbb1fd705f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements ===================== -This is the first release candidate of Samba 4.10. This is *not* +This is the second release candidate of Samba 4.10. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -208,6 +208,36 @@ smb.conf changes smbd getinfo ask sharemode New: similar to "smbd search ask yes sharemode" but for SMB getinfo + +CHANGES SINCE 4.10.0rc1 +======================= + +o Jeremy Allison + * BUG 13750: libcli: dns: Change internal DNS_REQUEST_TIMEOUT from 2 to 10 + seconds. + +o Tim Beale + * BUG 13676: samba-tool SMB/sysvol connections do not work if SMBv1 is + disabled. + * BUG 13747: join: Throw CommandError instead of Exception for simple errors. + +o Günther Deschner + * BUG 13774: s3-vfs: Add glusterfs_fuse vfs module. + +o Volker Lendecke + * BUG 13742: ctdb: Print locks latency in machinereadable stats. + +o Stefan Metzmacher + * BUG 13752: s4:server: Add support for 'smbcontrol samba shutdown'. + +o Anoop C S + * BUG 13330: vfs_glusterfs: Adapt to changes in libgfapi signatures. + * BUG 13774: s3-vfs: Use ENOATTR in errno comparison for getxattr. + +o Justin Stephenson + * BUG 13727: s3:libsmb: Honor disable_netbios option in smbsock_connect_send. + + KNOWN ISSUES ============ -- 2.17.1 From 61e654828c1340a6b5814a62ada39491ca2c6380 Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Wed, 6 Feb 2019 08:59:54 +0100 Subject: [PATCH 32/47] VERSION: Diable GIT_SNAPSHOT for the 4.10.0rc2 release. Signed-off-by: Karolin Seeger --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 60f28019c64..a251f875c42 100644 --- a/VERSION +++ b/VERSION @@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE=2 # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # ######################################################## -SAMBA_VERSION_IS_GIT_SNAPSHOT=yes +SAMBA_VERSION_IS_GIT_SNAPSHOT=no ######################################################## # This is for specifying a release nickname # -- 2.17.1 From 0c75bfe674b9e2d3fc9671fb85b334c0a392e13d Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Wed, 6 Feb 2019 09:00:43 +0100 Subject: [PATCH 33/47] VERSION: Bump version up to 4.10.0rc2... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger --- VERSION | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index a251f875c42..d457f23e00e 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # ######################################################## -SAMBA_VERSION_RC_RELEASE=2 +SAMBA_VERSION_RC_RELEASE=3 ######################################################## # To mark SVN snapshots this should be set to 'yes' # @@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE=2 # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # ######################################################## -SAMBA_VERSION_IS_GIT_SNAPSHOT=no +SAMBA_VERSION_IS_GIT_SNAPSHOT=yes ######################################################## # This is for specifying a release nickname # -- 2.17.1 From 7fc3481765720d2fa0324f297e4a658520fb092f Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Thu, 10 Jan 2019 13:34:18 +1300 Subject: [PATCH 34/47] ldb: Avoid inefficient one-level searches Commit 88ae60ed186c9 introduced a problem that made one-level searches inefficient if there were a lot of child objects in the same level, and the requested object didn't exist. Basically, it ignored the case where ldb_kv_index_dn() returned LDB_ERR_NO_SUCH_OBJECT, i.e. the indexed lookup was successful, but didn't find a match. At which point, there was no more processing we needed to do. The behaviour after 88ae60ed186c9 was to fall-through and run the ldb_kv_index_filter() function over *all* the children. This still returned the correct result, but could be costly if there were a lot of children. The case 88ae60ed186c9 was trying to fix was where we could not do an indexed search (e.g. trying to match on a 'attribute=*' filter). In which case we want to ignore the LDB_ERR_OPERATIONS_ERROR and just run ldb_kv_index_filter() over all the children. This is still more efficient than the fallback of doing a full database scan. This patch adds in a short-circuit for the NO_SUCH_OBJECT case, so we can skip the unnecessary ldb_kv_index_filter() work. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett (cherry picked from commit 9a893f9613bd6440abd8e487d22a39ab5b82a7b9) --- lib/ldb/ldb_key_value/ldb_kv_index.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c index 6c21c19d654..2ada48d0840 100644 --- a/lib/ldb/ldb_key_value/ldb_kv_index.c +++ b/lib/ldb/ldb_key_value/ldb_kv_index.c @@ -2051,13 +2051,24 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) } /* * Here we load the index for the tree. - * + */ + ret = ldb_kv_index_dn( + ac->module, ldb_kv, ac->tree, idx_one_tree_list); + + /* + * We can stop if we're sure the object doesn't exist + */ + if (ret == LDB_ERR_NO_SUCH_OBJECT) { + talloc_free(idx_one_tree_list); + talloc_free(dn_list); + return LDB_ERR_NO_SUCH_OBJECT; + } + + /* * We only care if this is successful, if the * index can't trim the result list down then * the ONELEVEL index is still good enough. */ - ret = ldb_kv_index_dn( - ac->module, ldb_kv, ac->tree, idx_one_tree_list); if (ret == LDB_SUCCESS) { if (!list_intersect(ldb, ldb_kv, -- 2.17.1 From f7774530936bc3e9795b2f0089c984641ab5c5c9 Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Thu, 10 Jan 2019 13:53:47 +1300 Subject: [PATCH 35/47] ldb: Remove comment that no longer makes sense This comment was written before the GUID_index_attribute block of code existed. So we now *do* load the index values and *do* check for a strict intersect, so the comment is redundant. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett (cherry picked from commit 72928444823c5b18ac9ef98e7432c999d70aa571) --- lib/ldb/ldb_key_value/ldb_kv_index.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c index 2ada48d0840..9c65b6fb92a 100644 --- a/lib/ldb/ldb_key_value/ldb_kv_index.c +++ b/lib/ldb/ldb_key_value/ldb_kv_index.c @@ -2008,11 +2008,6 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) return ldb_operr(ldb); case LDB_SCOPE_ONELEVEL: - /* - * If we ever start to also load the index values for - * the tree, we must ensure we strictly intersect with - * this list, as we trust the ONELEVEL index - */ ret = ldb_kv_index_dn_one(ac->module, ldb_kv, ac->base, -- 2.17.1 From 62fea7e9c3f94d254e6c9f72cd690137c2ee556c Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Thu, 10 Jan 2019 14:19:19 +1300 Subject: [PATCH 36/47] ldb: Elaborate on ldb_kv_search_indexed() comments Disclaimer: this is based on my limited understanding of what the code is doing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett (cherry picked from commit 132600685b8c5d4964f20634cd7a64b14f41cfa7) --- lib/ldb/ldb_key_value/ldb_kv_index.c | 33 ++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c index 9c65b6fb92a..d8bdf61fc1b 100644 --- a/lib/ldb/ldb_key_value/ldb_kv_index.c +++ b/lib/ldb/ldb_key_value/ldb_kv_index.c @@ -2008,6 +2008,12 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) return ldb_operr(ldb); case LDB_SCOPE_ONELEVEL: + + /* + * First, load all the one-level child objects (regardless of + * whether they match the search filter or not). The database + * maintains a one-level index, so retrieving this is quick. + */ ret = ldb_kv_index_dn_one(ac->module, ldb_kv, ac->base, @@ -2019,9 +2025,12 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) } /* - * If we have too many matches, running the filter - * tree over the SCOPE_ONELEVEL can be quite expensive - * so we now check the filter tree index as well. + * If we have too many children, running ldb_kv_index_filter() + * over all the child objects can be quite expensive. So next + * we do a separate indexed query using the search filter. + * + * This should be quick, but it may return objects that are not + * the direct one-level child objects we're interested in. * * We only do this in the GUID index mode, which is * O(n*log(m)) otherwise the intersection below will @@ -2044,8 +2053,9 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) talloc_free(dn_list); return LDB_ERR_OPERATIONS_ERROR; } + /* - * Here we load the index for the tree. + * Try to do an indexed database search */ ret = ldb_kv_index_dn( ac->module, ldb_kv, ac->tree, idx_one_tree_list); @@ -2060,9 +2070,18 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) } /* - * We only care if this is successful, if the - * index can't trim the result list down then - * the ONELEVEL index is still good enough. + * Once we have a successful search result, we + * intersect it with the one-level children (dn_list). + * This should give us exactly the result we're after + * (we still need to run ldb_kv_index_filter() to + * handle potential index truncation cases). + * + * The indexed search may fail because we don't support + * indexing on that type of search operation, e.g. + * matching against '*'. In which case we fall through + * and run ldb_kv_index_filter() over all the one-level + * children (which is still better than bailing out here + * and falling back to a full DB scan). */ if (ret == LDB_SUCCESS) { if (!list_intersect(ldb, -- 2.17.1 From 2a915942295e6cdc87dc9aab6cf2c8c78741f26e Mon Sep 17 00:00:00 2001 From: Tim Beale Date: Thu, 10 Jan 2019 14:25:06 +1300 Subject: [PATCH 37/47] ldb: Rename variable The old name confused me because it's not really related to the one-level index at all. It's the result from evaluating the indexed search specified in the ac->tree. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett (cherry picked from commit 57a565b2fd680fc1a34f4ab91c6f6314f68ef67f) --- lib/ldb/ldb_key_value/ldb_kv_index.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c index d8bdf61fc1b..9a4a0db7e74 100644 --- a/lib/ldb/ldb_key_value/ldb_kv_index.c +++ b/lib/ldb/ldb_key_value/ldb_kv_index.c @@ -2041,15 +2041,15 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) * fast enough in the small case. */ if (ldb_kv->cache->GUID_index_attribute != NULL) { - struct dn_list *idx_one_tree_list + struct dn_list *indexed_search_result = talloc_zero(ac, struct dn_list); - if (idx_one_tree_list == NULL) { + if (indexed_search_result == NULL) { talloc_free(dn_list); return ldb_module_oom(ac->module); } if (!ldb_kv->cache->attribute_indexes) { - talloc_free(idx_one_tree_list); + talloc_free(indexed_search_result); talloc_free(dn_list); return LDB_ERR_OPERATIONS_ERROR; } @@ -2058,13 +2058,14 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) * Try to do an indexed database search */ ret = ldb_kv_index_dn( - ac->module, ldb_kv, ac->tree, idx_one_tree_list); + ac->module, ldb_kv, ac->tree, + indexed_search_result); /* * We can stop if we're sure the object doesn't exist */ if (ret == LDB_ERR_NO_SUCH_OBJECT) { - talloc_free(idx_one_tree_list); + talloc_free(indexed_search_result); talloc_free(dn_list); return LDB_ERR_NO_SUCH_OBJECT; } @@ -2087,8 +2088,8 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) if (!list_intersect(ldb, ldb_kv, dn_list, - idx_one_tree_list)) { - talloc_free(idx_one_tree_list); + indexed_search_result)) { + talloc_free(indexed_search_result); talloc_free(dn_list); return LDB_ERR_OPERATIONS_ERROR; } -- 2.17.1 From bb850a075024ad8ac26a25681339f6ce88334aba Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 1 Feb 2019 14:22:17 +1300 Subject: [PATCH 38/47] ldb: Add even more comments on what strict does to the list intersections BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam (cherry picked from commit e7f524fd2128aacb82e980652af8eb6fd275e1a8) --- lib/ldb/ldb_key_value/ldb_kv_index.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c index 9a4a0db7e74..6d02c91a597 100644 --- a/lib/ldb/ldb_key_value/ldb_kv_index.c +++ b/lib/ldb/ldb_key_value/ldb_kv_index.c @@ -1259,6 +1259,14 @@ static bool list_intersect(struct ldb_context *ldb, return true; } + /* + * In both of the below we check for strict and in that + * case do not optimise the intersection of this list, + * we must never return an entry not in this + * list. This allows the index for + * SCOPE_ONELEVEL to be trusted. + */ + /* the indexing code is allowed to return a longer list than what really matches, as all results are filtered by the full expression at the end - this shortcut avoids a lot of @@ -1660,7 +1668,13 @@ static int ldb_kv_index_dn_one(struct ldb_module *module, struct dn_list *list, enum key_truncation *truncation) { - /* Ensure we do not shortcut on intersection for this list */ + /* + * Ensure we do not shortcut on intersection for this list. + * We must never be lazy and return an entry not in this + * list. This allows the index for + * SCOPE_ONELEVEL to be trusted. + */ + list->strict = true; return ldb_kv_index_dn_attr( module, ldb_kv, LDB_KV_IDXONE, parent_dn, list, truncation); -- 2.17.1 From e21e24d8345e441d639020affc1f6ee59762725d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 1 Feb 2019 14:41:18 +1300 Subject: [PATCH 39/47] ldb: Release ldb 1.5.3 * Avoid inefficient one-level searches (bug 13762) * The test api.py should not rely on order of entries in dict (bug 13772) BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13772 Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam (cherry picked from commit 5e716c0256a6bec92e7855ccfc077a328320f2ea) Autobuild-User(v4-10-test): Stefan Metzmacher Autobuild-Date(v4-10-test): Wed Feb 13 16:24:32 CET 2019 on sn-devel-144 --- lib/ldb/ABI/ldb-1.5.3.sigs | 280 ++++++++++++++++++++++++++ lib/ldb/ABI/pyldb-util-1.5.3.sigs | 2 + lib/ldb/ABI/pyldb-util.py3-1.5.3.sigs | 2 + lib/ldb/wscript | 2 +- 4 files changed, 285 insertions(+), 1 deletion(-) create mode 100644 lib/ldb/ABI/ldb-1.5.3.sigs create mode 100644 lib/ldb/ABI/pyldb-util-1.5.3.sigs create mode 100644 lib/ldb/ABI/pyldb-util.py3-1.5.3.sigs diff --git a/lib/ldb/ABI/ldb-1.5.3.sigs b/lib/ldb/ABI/ldb-1.5.3.sigs new file mode 100644 index 00000000000..0c1234f1c97 --- /dev/null +++ b/lib/ldb/ABI/ldb-1.5.3.sigs @@ -0,0 +1,280 @@ +ldb_add: int (struct ldb_context *, const struct ldb_message *) +ldb_any_comparison: int (struct ldb_context *, void *, ldb_attr_handler_t, const struct ldb_val *, const struct ldb_val *) +ldb_asprintf_errstring: void (struct ldb_context *, const char *, ...) +ldb_attr_casefold: char *(TALLOC_CTX *, const char *) +ldb_attr_dn: int (const char *) +ldb_attr_in_list: int (const char * const *, const char *) +ldb_attr_list_copy: const char **(TALLOC_CTX *, const char * const *) +ldb_attr_list_copy_add: const char **(TALLOC_CTX *, const char * const *, const char *) +ldb_base64_decode: int (char *) +ldb_base64_encode: char *(TALLOC_CTX *, const char *, int) +ldb_binary_decode: struct ldb_val (TALLOC_CTX *, const char *) +ldb_binary_encode: char *(TALLOC_CTX *, struct ldb_val) +ldb_binary_encode_string: char *(TALLOC_CTX *, const char *) +ldb_build_add_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_del_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_extended_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const char *, void *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_mod_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_rename_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_search_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, const char *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_search_req_ex: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, struct ldb_parse_tree *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_casefold: char *(struct ldb_context *, TALLOC_CTX *, const char *, size_t) +ldb_casefold_default: char *(void *, TALLOC_CTX *, const char *, size_t) +ldb_check_critical_controls: int (struct ldb_control **) +ldb_comparison_binary: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *) +ldb_comparison_fold: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *) +ldb_connect: int (struct ldb_context *, const char *, unsigned int, const char **) +ldb_control_to_string: char *(TALLOC_CTX *, const struct ldb_control *) +ldb_controls_except_specified: struct ldb_control **(struct ldb_control **, TALLOC_CTX *, struct ldb_control *) +ldb_debug: void (struct ldb_context *, enum ldb_debug_level, const char *, ...) +ldb_debug_add: void (struct ldb_context *, const char *, ...) +ldb_debug_end: void (struct ldb_context *, enum ldb_debug_level) +ldb_debug_set: void (struct ldb_context *, enum ldb_debug_level, const char *, ...) +ldb_delete: int (struct ldb_context *, struct ldb_dn *) +ldb_dn_add_base: bool (struct ldb_dn *, struct ldb_dn *) +ldb_dn_add_base_fmt: bool (struct ldb_dn *, const char *, ...) +ldb_dn_add_child: bool (struct ldb_dn *, struct ldb_dn *) +ldb_dn_add_child_fmt: bool (struct ldb_dn *, const char *, ...) +ldb_dn_add_child_val: bool (struct ldb_dn *, const char *, struct ldb_val) +ldb_dn_alloc_casefold: char *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_alloc_linearized: char *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_canonical_ex_string: char *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_canonical_string: char *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_check_local: bool (struct ldb_module *, struct ldb_dn *) +ldb_dn_check_special: bool (struct ldb_dn *, const char *) +ldb_dn_compare: int (struct ldb_dn *, struct ldb_dn *) +ldb_dn_compare_base: int (struct ldb_dn *, struct ldb_dn *) +ldb_dn_copy: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_escape_value: char *(TALLOC_CTX *, struct ldb_val) +ldb_dn_extended_add_syntax: int (struct ldb_context *, unsigned int, const struct ldb_dn_extended_syntax *) +ldb_dn_extended_filter: void (struct ldb_dn *, const char * const *) +ldb_dn_extended_syntax_by_name: const struct ldb_dn_extended_syntax *(struct ldb_context *, const char *) +ldb_dn_from_ldb_val: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const struct ldb_val *) +ldb_dn_get_casefold: const char *(struct ldb_dn *) +ldb_dn_get_comp_num: int (struct ldb_dn *) +ldb_dn_get_component_name: const char *(struct ldb_dn *, unsigned int) +ldb_dn_get_component_val: const struct ldb_val *(struct ldb_dn *, unsigned int) +ldb_dn_get_extended_comp_num: int (struct ldb_dn *) +ldb_dn_get_extended_component: const struct ldb_val *(struct ldb_dn *, const char *) +ldb_dn_get_extended_linearized: char *(TALLOC_CTX *, struct ldb_dn *, int) +ldb_dn_get_ldb_context: struct ldb_context *(struct ldb_dn *) +ldb_dn_get_linearized: const char *(struct ldb_dn *) +ldb_dn_get_parent: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_get_rdn_name: const char *(struct ldb_dn *) +ldb_dn_get_rdn_val: const struct ldb_val *(struct ldb_dn *) +ldb_dn_has_extended: bool (struct ldb_dn *) +ldb_dn_is_null: bool (struct ldb_dn *) +ldb_dn_is_special: bool (struct ldb_dn *) +ldb_dn_is_valid: bool (struct ldb_dn *) +ldb_dn_map_local: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) +ldb_dn_map_rebase_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) +ldb_dn_map_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) +ldb_dn_minimise: bool (struct ldb_dn *) +ldb_dn_new: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *) +ldb_dn_new_fmt: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *, ...) +ldb_dn_remove_base_components: bool (struct ldb_dn *, unsigned int) +ldb_dn_remove_child_components: bool (struct ldb_dn *, unsigned int) +ldb_dn_remove_extended_components: void (struct ldb_dn *) +ldb_dn_replace_components: bool (struct ldb_dn *, struct ldb_dn *) +ldb_dn_set_component: int (struct ldb_dn *, int, const char *, const struct ldb_val) +ldb_dn_set_extended_component: int (struct ldb_dn *, const char *, const struct ldb_val *) +ldb_dn_update_components: int (struct ldb_dn *, const struct ldb_dn *) +ldb_dn_validate: bool (struct ldb_dn *) +ldb_dump_results: void (struct ldb_context *, struct ldb_result *, FILE *) +ldb_error_at: int (struct ldb_context *, int, const char *, const char *, int) +ldb_errstring: const char *(struct ldb_context *) +ldb_extended: int (struct ldb_context *, const char *, void *, struct ldb_result **) +ldb_extended_default_callback: int (struct ldb_request *, struct ldb_reply *) +ldb_filter_from_tree: char *(TALLOC_CTX *, const struct ldb_parse_tree *) +ldb_get_config_basedn: struct ldb_dn *(struct ldb_context *) +ldb_get_create_perms: unsigned int (struct ldb_context *) +ldb_get_default_basedn: struct ldb_dn *(struct ldb_context *) +ldb_get_event_context: struct tevent_context *(struct ldb_context *) +ldb_get_flags: unsigned int (struct ldb_context *) +ldb_get_opaque: void *(struct ldb_context *, const char *) +ldb_get_root_basedn: struct ldb_dn *(struct ldb_context *) +ldb_get_schema_basedn: struct ldb_dn *(struct ldb_context *) +ldb_global_init: int (void) +ldb_handle_get_event_context: struct tevent_context *(struct ldb_handle *) +ldb_handle_new: struct ldb_handle *(TALLOC_CTX *, struct ldb_context *) +ldb_handle_use_global_event_context: void (struct ldb_handle *) +ldb_handler_copy: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *) +ldb_handler_fold: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *) +ldb_init: struct ldb_context *(TALLOC_CTX *, struct tevent_context *) +ldb_ldif_message_redacted_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *) +ldb_ldif_message_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *) +ldb_ldif_parse_modrdn: int (struct ldb_context *, const struct ldb_ldif *, TALLOC_CTX *, struct ldb_dn **, struct ldb_dn **, bool *, struct ldb_dn **, struct ldb_dn **) +ldb_ldif_read: struct ldb_ldif *(struct ldb_context *, int (*)(void *), void *) +ldb_ldif_read_file: struct ldb_ldif *(struct ldb_context *, FILE *) +ldb_ldif_read_file_state: struct ldb_ldif *(struct ldb_context *, struct ldif_read_file_state *) +ldb_ldif_read_free: void (struct ldb_context *, struct ldb_ldif *) +ldb_ldif_read_string: struct ldb_ldif *(struct ldb_context *, const char **) +ldb_ldif_write: int (struct ldb_context *, int (*)(void *, const char *, ...), void *, const struct ldb_ldif *) +ldb_ldif_write_file: int (struct ldb_context *, FILE *, const struct ldb_ldif *) +ldb_ldif_write_redacted_trace_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *) +ldb_ldif_write_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *) +ldb_load_modules: int (struct ldb_context *, const char **) +ldb_map_add: int (struct ldb_module *, struct ldb_request *) +ldb_map_delete: int (struct ldb_module *, struct ldb_request *) +ldb_map_init: int (struct ldb_module *, const struct ldb_map_attribute *, const struct ldb_map_objectclass *, const char * const *, const char *, const char *) +ldb_map_modify: int (struct ldb_module *, struct ldb_request *) +ldb_map_rename: int (struct ldb_module *, struct ldb_request *) +ldb_map_search: int (struct ldb_module *, struct ldb_request *) +ldb_match_message: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, enum ldb_scope, bool *) +ldb_match_msg: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope) +ldb_match_msg_error: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope, bool *) +ldb_match_msg_objectclass: int (const struct ldb_message *, const char *) +ldb_mod_register_control: int (struct ldb_module *, const char *) +ldb_modify: int (struct ldb_context *, const struct ldb_message *) +ldb_modify_default_callback: int (struct ldb_request *, struct ldb_reply *) +ldb_module_call_chain: char *(struct ldb_request *, TALLOC_CTX *) +ldb_module_connect_backend: int (struct ldb_context *, const char *, const char **, struct ldb_module **) +ldb_module_done: int (struct ldb_request *, struct ldb_control **, struct ldb_extended *, int) +ldb_module_flags: uint32_t (struct ldb_context *) +ldb_module_get_ctx: struct ldb_context *(struct ldb_module *) +ldb_module_get_name: const char *(struct ldb_module *) +ldb_module_get_ops: const struct ldb_module_ops *(struct ldb_module *) +ldb_module_get_private: void *(struct ldb_module *) +ldb_module_init_chain: int (struct ldb_context *, struct ldb_module *) +ldb_module_load_list: int (struct ldb_context *, const char **, struct ldb_module *, struct ldb_module **) +ldb_module_new: struct ldb_module *(TALLOC_CTX *, struct ldb_context *, const char *, const struct ldb_module_ops *) +ldb_module_next: struct ldb_module *(struct ldb_module *) +ldb_module_popt_options: struct poptOption **(struct ldb_context *) +ldb_module_send_entry: int (struct ldb_request *, struct ldb_message *, struct ldb_control **) +ldb_module_send_referral: int (struct ldb_request *, char *) +ldb_module_set_next: void (struct ldb_module *, struct ldb_module *) +ldb_module_set_private: void (struct ldb_module *, void *) +ldb_modules_hook: int (struct ldb_context *, enum ldb_module_hook_type) +ldb_modules_list_from_string: const char **(struct ldb_context *, TALLOC_CTX *, const char *) +ldb_modules_load: int (const char *, const char *) +ldb_msg_add: int (struct ldb_message *, const struct ldb_message_element *, int) +ldb_msg_add_empty: int (struct ldb_message *, const char *, int, struct ldb_message_element **) +ldb_msg_add_fmt: int (struct ldb_message *, const char *, const char *, ...) +ldb_msg_add_linearized_dn: int (struct ldb_message *, const char *, struct ldb_dn *) +ldb_msg_add_steal_string: int (struct ldb_message *, const char *, char *) +ldb_msg_add_steal_value: int (struct ldb_message *, const char *, struct ldb_val *) +ldb_msg_add_string: int (struct ldb_message *, const char *, const char *) +ldb_msg_add_value: int (struct ldb_message *, const char *, const struct ldb_val *, struct ldb_message_element **) +ldb_msg_canonicalize: struct ldb_message *(struct ldb_context *, const struct ldb_message *) +ldb_msg_check_string_attribute: int (const struct ldb_message *, const char *, const char *) +ldb_msg_copy: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *) +ldb_msg_copy_attr: int (struct ldb_message *, const char *, const char *) +ldb_msg_copy_shallow: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *) +ldb_msg_diff: struct ldb_message *(struct ldb_context *, struct ldb_message *, struct ldb_message *) +ldb_msg_difference: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message *, struct ldb_message *, struct ldb_message **) +ldb_msg_element_compare: int (struct ldb_message_element *, struct ldb_message_element *) +ldb_msg_element_compare_name: int (struct ldb_message_element *, struct ldb_message_element *) +ldb_msg_element_equal_ordered: bool (const struct ldb_message_element *, const struct ldb_message_element *) +ldb_msg_find_attr_as_bool: int (const struct ldb_message *, const char *, int) +ldb_msg_find_attr_as_dn: struct ldb_dn *(struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, const char *) +ldb_msg_find_attr_as_double: double (const struct ldb_message *, const char *, double) +ldb_msg_find_attr_as_int: int (const struct ldb_message *, const char *, int) +ldb_msg_find_attr_as_int64: int64_t (const struct ldb_message *, const char *, int64_t) +ldb_msg_find_attr_as_string: const char *(const struct ldb_message *, const char *, const char *) +ldb_msg_find_attr_as_uint: unsigned int (const struct ldb_message *, const char *, unsigned int) +ldb_msg_find_attr_as_uint64: uint64_t (const struct ldb_message *, const char *, uint64_t) +ldb_msg_find_common_values: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message_element *, struct ldb_message_element *, uint32_t) +ldb_msg_find_duplicate_val: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message_element *, struct ldb_val **, uint32_t) +ldb_msg_find_element: struct ldb_message_element *(const struct ldb_message *, const char *) +ldb_msg_find_ldb_val: const struct ldb_val *(const struct ldb_message *, const char *) +ldb_msg_find_val: struct ldb_val *(const struct ldb_message_element *, struct ldb_val *) +ldb_msg_new: struct ldb_message *(TALLOC_CTX *) +ldb_msg_normalize: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_message **) +ldb_msg_remove_attr: void (struct ldb_message *, const char *) +ldb_msg_remove_element: void (struct ldb_message *, struct ldb_message_element *) +ldb_msg_rename_attr: int (struct ldb_message *, const char *, const char *) +ldb_msg_sanity_check: int (struct ldb_context *, const struct ldb_message *) +ldb_msg_sort_elements: void (struct ldb_message *) +ldb_next_del_trans: int (struct ldb_module *) +ldb_next_end_trans: int (struct ldb_module *) +ldb_next_init: int (struct ldb_module *) +ldb_next_prepare_commit: int (struct ldb_module *) +ldb_next_read_lock: int (struct ldb_module *) +ldb_next_read_unlock: int (struct ldb_module *) +ldb_next_remote_request: int (struct ldb_module *, struct ldb_request *) +ldb_next_request: int (struct ldb_module *, struct ldb_request *) +ldb_next_start_trans: int (struct ldb_module *) +ldb_op_default_callback: int (struct ldb_request *, struct ldb_reply *) +ldb_options_find: const char *(struct ldb_context *, const char **, const char *) +ldb_pack_data: int (struct ldb_context *, const struct ldb_message *, struct ldb_val *) +ldb_parse_control_from_string: struct ldb_control *(struct ldb_context *, TALLOC_CTX *, const char *) +ldb_parse_control_strings: struct ldb_control **(struct ldb_context *, TALLOC_CTX *, const char **) +ldb_parse_tree: struct ldb_parse_tree *(TALLOC_CTX *, const char *) +ldb_parse_tree_attr_replace: void (struct ldb_parse_tree *, const char *, const char *) +ldb_parse_tree_copy_shallow: struct ldb_parse_tree *(TALLOC_CTX *, const struct ldb_parse_tree *) +ldb_parse_tree_walk: int (struct ldb_parse_tree *, int (*)(struct ldb_parse_tree *, void *), void *) +ldb_qsort: void (void * const, size_t, size_t, void *, ldb_qsort_cmp_fn_t) +ldb_register_backend: int (const char *, ldb_connect_fn, bool) +ldb_register_extended_match_rule: int (struct ldb_context *, const struct ldb_extended_match_rule *) +ldb_register_hook: int (ldb_hook_fn) +ldb_register_module: int (const struct ldb_module_ops *) +ldb_rename: int (struct ldb_context *, struct ldb_dn *, struct ldb_dn *) +ldb_reply_add_control: int (struct ldb_reply *, const char *, bool, void *) +ldb_reply_get_control: struct ldb_control *(struct ldb_reply *, const char *) +ldb_req_get_custom_flags: uint32_t (struct ldb_request *) +ldb_req_is_untrusted: bool (struct ldb_request *) +ldb_req_location: const char *(struct ldb_request *) +ldb_req_mark_trusted: void (struct ldb_request *) +ldb_req_mark_untrusted: void (struct ldb_request *) +ldb_req_set_custom_flags: void (struct ldb_request *, uint32_t) +ldb_req_set_location: void (struct ldb_request *, const char *) +ldb_request: int (struct ldb_context *, struct ldb_request *) +ldb_request_add_control: int (struct ldb_request *, const char *, bool, void *) +ldb_request_done: int (struct ldb_request *, int) +ldb_request_get_control: struct ldb_control *(struct ldb_request *, const char *) +ldb_request_get_status: int (struct ldb_request *) +ldb_request_replace_control: int (struct ldb_request *, const char *, bool, void *) +ldb_request_set_state: void (struct ldb_request *, int) +ldb_reset_err_string: void (struct ldb_context *) +ldb_save_controls: int (struct ldb_control *, struct ldb_request *, struct ldb_control ***) +ldb_schema_attribute_add: int (struct ldb_context *, const char *, unsigned int, const char *) +ldb_schema_attribute_add_with_syntax: int (struct ldb_context *, const char *, unsigned int, const struct ldb_schema_syntax *) +ldb_schema_attribute_by_name: const struct ldb_schema_attribute *(struct ldb_context *, const char *) +ldb_schema_attribute_fill_with_syntax: int (struct ldb_context *, TALLOC_CTX *, const char *, unsigned int, const struct ldb_schema_syntax *, struct ldb_schema_attribute *) +ldb_schema_attribute_remove: void (struct ldb_context *, const char *) +ldb_schema_attribute_remove_flagged: void (struct ldb_context *, unsigned int) +ldb_schema_attribute_set_override_handler: void (struct ldb_context *, ldb_attribute_handler_override_fn_t, void *) +ldb_schema_set_override_GUID_index: void (struct ldb_context *, const char *, const char *) +ldb_schema_set_override_indexlist: void (struct ldb_context *, bool) +ldb_search: int (struct ldb_context *, TALLOC_CTX *, struct ldb_result **, struct ldb_dn *, enum ldb_scope, const char * const *, const char *, ...) +ldb_search_default_callback: int (struct ldb_request *, struct ldb_reply *) +ldb_sequence_number: int (struct ldb_context *, enum ldb_sequence_type, uint64_t *) +ldb_set_create_perms: void (struct ldb_context *, unsigned int) +ldb_set_debug: int (struct ldb_context *, void (*)(void *, enum ldb_debug_level, const char *, va_list), void *) +ldb_set_debug_stderr: int (struct ldb_context *) +ldb_set_default_dns: void (struct ldb_context *) +ldb_set_errstring: void (struct ldb_context *, const char *) +ldb_set_event_context: void (struct ldb_context *, struct tevent_context *) +ldb_set_flags: void (struct ldb_context *, unsigned int) +ldb_set_modules_dir: void (struct ldb_context *, const char *) +ldb_set_opaque: int (struct ldb_context *, const char *, void *) +ldb_set_require_private_event_context: void (struct ldb_context *) +ldb_set_timeout: int (struct ldb_context *, struct ldb_request *, int) +ldb_set_timeout_from_prev_req: int (struct ldb_context *, struct ldb_request *, struct ldb_request *) +ldb_set_utf8_default: void (struct ldb_context *) +ldb_set_utf8_fns: void (struct ldb_context *, void *, char *(*)(void *, void *, const char *, size_t)) +ldb_setup_wellknown_attributes: int (struct ldb_context *) +ldb_should_b64_encode: int (struct ldb_context *, const struct ldb_val *) +ldb_standard_syntax_by_name: const struct ldb_schema_syntax *(struct ldb_context *, const char *) +ldb_strerror: const char *(int) +ldb_string_to_time: time_t (const char *) +ldb_string_utc_to_time: time_t (const char *) +ldb_timestring: char *(TALLOC_CTX *, time_t) +ldb_timestring_utc: char *(TALLOC_CTX *, time_t) +ldb_transaction_cancel: int (struct ldb_context *) +ldb_transaction_cancel_noerr: int (struct ldb_context *) +ldb_transaction_commit: int (struct ldb_context *) +ldb_transaction_prepare_commit: int (struct ldb_context *) +ldb_transaction_start: int (struct ldb_context *) +ldb_unpack_data: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *) +ldb_unpack_data_only_attr_list: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int *) +ldb_unpack_data_only_attr_list_flags: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int, unsigned int *) +ldb_val_dup: struct ldb_val (TALLOC_CTX *, const struct ldb_val *) +ldb_val_equal_exact: int (const struct ldb_val *, const struct ldb_val *) +ldb_val_map_local: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) +ldb_val_map_remote: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) +ldb_val_string_cmp: int (const struct ldb_val *, const char *) +ldb_val_to_time: int (const struct ldb_val *, time_t *) +ldb_valid_attr_name: int (const char *) +ldb_vdebug: void (struct ldb_context *, enum ldb_debug_level, const char *, va_list) +ldb_wait: int (struct ldb_handle *, enum ldb_wait_type) diff --git a/lib/ldb/ABI/pyldb-util-1.5.3.sigs b/lib/ldb/ABI/pyldb-util-1.5.3.sigs new file mode 100644 index 00000000000..74d6719d2bc --- /dev/null +++ b/lib/ldb/ABI/pyldb-util-1.5.3.sigs @@ -0,0 +1,2 @@ +pyldb_Dn_FromDn: PyObject *(struct ldb_dn *) +pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **) diff --git a/lib/ldb/ABI/pyldb-util.py3-1.5.3.sigs b/lib/ldb/ABI/pyldb-util.py3-1.5.3.sigs new file mode 100644 index 00000000000..74d6719d2bc --- /dev/null +++ b/lib/ldb/ABI/pyldb-util.py3-1.5.3.sigs @@ -0,0 +1,2 @@ +pyldb_Dn_FromDn: PyObject *(struct ldb_dn *) +pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **) diff --git a/lib/ldb/wscript b/lib/ldb/wscript index ca0bf410f10..855ee4d556c 100644 --- a/lib/ldb/wscript +++ b/lib/ldb/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'ldb' -VERSION = '1.5.2' +VERSION = '1.5.3' import sys, os -- 2.17.1 From efe137d05231f04355a82f9ad2b40d08489a82f1 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Fri, 18 Jan 2019 16:37:24 +0100 Subject: [PATCH 40/47] CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare There is valgrind error in few tests tests/test-generic.sh 91 echo "Test wildcard match" 92 $VALGRIND ldbadd $LDBDIR/tests/test-wildcard.ldif || exit 1 93 $VALGRIND ldbsearch '(cn=test*multi)' || exit 1 95 $VALGRIND ldbsearch '(cn=*test_multi)' || exit 1 97 $VALGRIND ldbsearch '(cn=test*multi*test*multi)' || exit 1 e.g. ==3098== Memcheck, a memory error detector ==3098== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==3098== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info ==3098== Command: ./bin/ldbsearch (cn=test*multi) ==3098== ==3098== Invalid read of size 1 ==3098== at 0x483CEE7: memchr (vg_replace_strmem.c:890) ==3098== by 0x49A9073: memmem (in /usr/lib64/libc-2.28.9000.so) ==3098== by 0x485DFE9: ldb_wildcard_compare (ldb_match.c:313) ==3098== by 0x485DFE9: ldb_match_substring (ldb_match.c:360) ==3098== by 0x485DFE9: ldb_match_message (ldb_match.c:572) ==3098== by 0x558F8FA: search_func (ldb_kv_search.c:549) ==3098== by 0x48C78CA: ??? (in /usr/lib64/libtdb.so.1.3.17) ==3098== by 0x48C7A60: tdb_traverse_read (in /usr/lib64/libtdb.so.1.3.17) ==3098== by 0x557B7C4: ltdb_traverse_fn (ldb_tdb.c:274) ==3098== by 0x558FBFA: ldb_kv_search_full (ldb_kv_search.c:594) ==3098== by 0x558FBFA: ldb_kv_search (ldb_kv_search.c:854) ==3098== by 0x558E497: ldb_kv_callback (ldb_kv.c:1713) ==3098== by 0x48FCD58: tevent_common_invoke_timer_handler (in /usr/lib64/libtevent.so.0.9.38) ==3098== by 0x48FCEFD: tevent_common_loop_timer_delay (in /usr/lib64/libtevent.so.0.9.38) ==3098== by 0x48FE14A: ??? (in /usr/lib64/libtevent.so.0.9.38) ==3098== Address 0x4b4ab81 is 0 bytes after a block of size 129 alloc'd ==3098== at 0x483880B: malloc (vg_replace_malloc.c:309) ==3098== by 0x491048B: talloc_strndup (in /usr/lib64/libtalloc.so.2.1.15) ==3098== by 0x48593CA: ldb_casefold_default (ldb_utf8.c:59) ==3098== by 0x485F68D: ldb_handler_fold (attrib_handlers.c:64) ==3098== by 0x485DB88: ldb_wildcard_compare (ldb_match.c:257) ==3098== by 0x485DB88: ldb_match_substring (ldb_match.c:360) ==3098== by 0x485DB88: ldb_match_message (ldb_match.c:572) ==3098== by 0x558F8FA: search_func (ldb_kv_search.c:549) ==3098== by 0x48C78CA: ??? (in /usr/lib64/libtdb.so.1.3.17) ==3098== by 0x48C7A60: tdb_traverse_read (in /usr/lib64/libtdb.so.1.3.17) ==3098== by 0x557B7C4: ltdb_traverse_fn (ldb_tdb.c:274) ==3098== by 0x558FBFA: ldb_kv_search_full (ldb_kv_search.c:594) ==3098== by 0x558FBFA: ldb_kv_search (ldb_kv_search.c:854) ==3098== by 0x558E497: ldb_kv_callback (ldb_kv.c:1713) ==3098== by 0x48FCD58: tevent_common_invoke_timer_handler (in /usr/lib64/libtevent.so.0.9.38) ==3098== # record 1 dn: cn=test_multi_test_multi_test_multi,o=University of Michigan,c=TEST cn: test_multi_test_multi_test_multi description: test multi wildcards matching objectclass: person sn: multi_test name: test_multi_test_multi_test_multi distinguishedName: cn=test_multi_test_multi_test_multi,o=University of Michiga n,c=TEST # returned 1 records # 1 entries # 0 referrals BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Lukas Slebodnik --- lib/ldb/common/ldb_match.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c index 25fe3f9c21b..8eeedfb12e0 100644 --- a/lib/ldb/common/ldb_match.c +++ b/lib/ldb/common/ldb_match.c @@ -308,9 +308,10 @@ static int ldb_wildcard_compare(struct ldb_context *ldb, if (p == NULL) goto mismatch; if ( (! tree->u.substring.chunks[c + 1]) && (! tree->u.substring.end_with_wildcard) ) { uint8_t *g; + uint8_t *end = val.data + val.length; do { /* greedy */ g = memmem(p + cnk.length, - val.length - (p - val.data), + end - (p + cnk.length), (const uint8_t *)cnk.data, cnk.length); if (g) p = g; -- 2.17.1 From ec479147365bfc7c7462b6ea99f72178c683a93d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 4 Feb 2019 11:22:34 +1300 Subject: [PATCH 41/47] CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett --- lib/ldb/common/ldb_match.c | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c index 8eeedfb12e0..1920b661f75 100644 --- a/lib/ldb/common/ldb_match.c +++ b/lib/ldb/common/ldb_match.c @@ -306,12 +306,33 @@ static int ldb_wildcard_compare(struct ldb_context *ldb, p = memmem((const void *)val.data,val.length, (const void *)cnk.data, cnk.length); if (p == NULL) goto mismatch; + + /* + * At this point we know cnk.length <= val.length as + * otherwise there could be no match + */ + if ( (! tree->u.substring.chunks[c + 1]) && (! tree->u.substring.end_with_wildcard) ) { uint8_t *g; uint8_t *end = val.data + val.length; do { /* greedy */ - g = memmem(p + cnk.length, - end - (p + cnk.length), + + /* + * haystack is a valid pointer in val + * because the memmem() can only + * succeed if the needle (cnk.length) + * is <= haystacklen + * + * p will be a pointer at least + * cnk.length from the end of haystack + */ + uint8_t *haystack + = p + cnk.length; + size_t haystacklen + = end - (haystack); + + g = memmem(haystack, + haystacklen, (const uint8_t *)cnk.data, cnk.length); if (g) p = g; -- 2.17.1 From 88a28281ad5c6b0908a127a909197f25f3341e31 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 4 Feb 2019 11:22:50 +1300 Subject: [PATCH 42/47] CVE-2019-3824 ldb: Improve code style and layout in wildcard processing BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Andrew Bartlett --- lib/ldb/common/ldb_match.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c index 1920b661f75..ab0a89888f0 100644 --- a/lib/ldb/common/ldb_match.c +++ b/lib/ldb/common/ldb_match.c @@ -333,9 +333,11 @@ static int ldb_wildcard_compare(struct ldb_context *ldb, g = memmem(haystack, haystacklen, - (const uint8_t *)cnk.data, - cnk.length); - if (g) p = g; + (const uint8_t *)cnk.data, + cnk.length); + if (g) { + p = g; + } } while(g); } val.length = val.length - (p - (uint8_t *)(val.data)) - cnk.length; -- 2.17.1 From df5c0f74eb4af2fe803bb149c1498f58068abe78 Mon Sep 17 00:00:00 2001 From: Gary Lockyer Date: Tue, 19 Feb 2019 10:25:24 +1300 Subject: [PATCH 43/47] CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero Initialise the created ldb_parse_tree with talloc_zero, this ensures that it is correctly initialised if inadvertently passed to a function expecting a different operation type. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer --- lib/ldb/common/ldb_parse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ldb/common/ldb_parse.c b/lib/ldb/common/ldb_parse.c index 5fa5a74afa9..db420091311 100644 --- a/lib/ldb/common/ldb_parse.c +++ b/lib/ldb/common/ldb_parse.c @@ -389,7 +389,7 @@ static struct ldb_parse_tree *ldb_parse_simple(TALLOC_CTX *mem_ctx, const char * struct ldb_parse_tree *ret; enum ldb_parse_op filtertype; - ret = talloc(mem_ctx, struct ldb_parse_tree); + ret = talloc_zero(mem_ctx, struct ldb_parse_tree); if (!ret) { errno = ENOMEM; return NULL; -- 2.17.1 From bbc6357489827646a10b0c77d2ba76a3c837a908 Mon Sep 17 00:00:00 2001 From: Gary Lockyer Date: Tue, 19 Feb 2019 10:26:25 +1300 Subject: [PATCH 44/47] CVE-2019-3824 ldb: wildcard_match check tree operation Check the operation type of the passed parse tree, and return LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING. A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the operation and failing ldb_wildcard_match should help prevent confusion writing tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer --- lib/ldb/common/ldb_match.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c index ab0a89888f0..59f48b52b70 100644 --- a/lib/ldb/common/ldb_match.c +++ b/lib/ldb/common/ldb_match.c @@ -244,6 +244,11 @@ static int ldb_wildcard_compare(struct ldb_context *ldb, uint8_t *save_p = NULL; unsigned int c = 0; + if (tree->operation != LDB_OP_SUBSTRING) { + *matched = false; + return LDB_ERR_INAPPROPRIATE_MATCHING; + } + a = ldb_schema_attribute_by_name(ldb, tree->u.substring.attr); if (!a) { return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; -- 2.17.1 From 515e774e02ef30e4ef3cf8833b48ca2a6799cd47 Mon Sep 17 00:00:00 2001 From: Gary Lockyer Date: Tue, 19 Feb 2019 10:26:56 +1300 Subject: [PATCH 45/47] CVE-2019-3824 ldb: wildcard_match end of data check ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0' to the data, to make them safe to use the C string functions on. However testing for the trailing '\0' is not the correct way to test for the end of a value, the length should be checked instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer --- lib/ldb/common/ldb_match.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c index 59f48b52b70..829afa77e71 100644 --- a/lib/ldb/common/ldb_match.c +++ b/lib/ldb/common/ldb_match.c @@ -353,7 +353,7 @@ static int ldb_wildcard_compare(struct ldb_context *ldb, } /* last chunk may not have reached end of string */ - if ( (! tree->u.substring.end_with_wildcard) && (*(val.data) != 0) ) goto mismatch; + if ( (! tree->u.substring.end_with_wildcard) && (val.length != 0) ) goto mismatch; talloc_free(save_p); *matched = true; return LDB_SUCCESS; -- 2.17.1 From 7cc9d01f2ceb2395039beaf9e35fe7da3013559d Mon Sep 17 00:00:00 2001 From: Gary Lockyer Date: Tue, 19 Feb 2019 10:24:38 +1300 Subject: [PATCH 46/47] CVE-2019-3824 ldb: Add tests for ldb_wildcard_match Add cmocka tests for ldb_wildcard_match. Running test_wildcard_match under valgrind reproduces CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) valgrind --suppressions=lib/ldb/tests/ldb_match_test.valgrind\ bin/ldb_match_test BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer --- lib/ldb/tests/ldb_match_test.c | 191 ++++++++++++++++++++++++++ lib/ldb/tests/ldb_match_test.valgrind | 16 +++ lib/ldb/wscript | 8 +- 3 files changed, 214 insertions(+), 1 deletion(-) create mode 100644 lib/ldb/tests/ldb_match_test.c create mode 100644 lib/ldb/tests/ldb_match_test.valgrind diff --git a/lib/ldb/tests/ldb_match_test.c b/lib/ldb/tests/ldb_match_test.c new file mode 100644 index 00000000000..e09f50c86ba --- /dev/null +++ b/lib/ldb/tests/ldb_match_test.c @@ -0,0 +1,191 @@ +/* + * Tests exercising the ldb match operations. + * + * + * Copyright (C) Catalyst.NET Ltd 2017 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +/* + * from cmocka.c: + * These headers or their equivalents should be included prior to + * including + * this header file. + * + * #include + * #include + * #include + * + * This allows test applications to use custom definitions of C standard + * library functions and types. + */ +#include +#include +#include +#include +#include + +#include "../common/ldb_match.c" + +#include "../include/ldb.h" + +struct ldbtest_ctx { + struct tevent_context *ev; + struct ldb_context *ldb; +}; + +static int ldb_test_canonicalise( + struct ldb_context *ldb, + void *mem_ctx, + const struct ldb_val *in, + struct ldb_val *out) +{ + out->length = in->length; + out->data = in->data; + return 0; +} + +static int setup(void **state) +{ + struct ldbtest_ctx *test_ctx; + struct ldb_schema_syntax *syntax = NULL; + int ret; + + test_ctx = talloc_zero(NULL, struct ldbtest_ctx); + assert_non_null(test_ctx); + + test_ctx->ev = tevent_context_init(test_ctx); + assert_non_null(test_ctx->ev); + + test_ctx->ldb = ldb_init(test_ctx, test_ctx->ev); + assert_non_null(test_ctx->ldb); + + syntax = talloc_zero(test_ctx, struct ldb_schema_syntax); + assert_non_null(syntax); + syntax->canonicalise_fn = ldb_test_canonicalise; + + ret = ldb_schema_attribute_add_with_syntax( + test_ctx->ldb, "a", LDB_ATTR_FLAG_FIXED, syntax); + assert_int_equal(LDB_SUCCESS, ret); + + *state = test_ctx; + return 0; +} + +static int teardown(void **state) +{ + talloc_free(*state); + return 0; +} + + +/* + * The wild card pattern "attribute=*" is parsed as an LDB_OP_PRESENT operation + * rather than a LDB_OP_???? + * + * This test serves to document that behaviour, and to confirm that + * ldb_wildcard_compare handles this case appropriately. + */ +static void test_wildcard_match_star(void **state) +{ + struct ldbtest_ctx *ctx = *state; + bool matched = false; + int ret; + + uint8_t value[] = "The value.......end"; + struct ldb_val val = { + .data = value, + .length = (sizeof(value)) + }; + struct ldb_parse_tree *tree = ldb_parse_tree(ctx, "a=*"); + assert_non_null(tree); + + ret = ldb_wildcard_compare(ctx->ldb, tree, val, &matched); + assert_false(matched); + assert_int_equal(LDB_ERR_INAPPROPRIATE_MATCHING, ret); +} + +/* + * Test basic wild card matching + * + */ +static void test_wildcard_match(void **state) +{ + struct ldbtest_ctx *ctx = *state; + bool matched = false; + + uint8_t value[] = "The value.......end"; + struct ldb_val val = { + .data = value, + .length = (sizeof(value)) + }; + struct ldb_parse_tree *tree = ldb_parse_tree(ctx, "objectClass=*end"); + assert_non_null(tree); + + ldb_wildcard_compare(ctx->ldb, tree, val, &matched); + assert_true(matched); +} + + +/* + * ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0' + * to the data, to make them safe to use the C string functions on. + * + * However testing for the trailing '\0' is not the correct way to test for + * the end of a value, the length should be checked instead. + */ +static void test_wildcard_match_end_condition(void **state) +{ + struct ldbtest_ctx *ctx = *state; + bool matched = false; + + uint8_t value[] = "hellomynameisbobx"; + struct ldb_val val = { + .data = talloc_memdup(NULL, value, sizeof(value)), + .length = (sizeof(value) - 2) + }; + struct ldb_parse_tree *tree = ldb_parse_tree(ctx, "a=*hello*mynameis*bob"); + assert_non_null(tree); + + ldb_wildcard_compare(ctx->ldb, tree, val, &matched); + assert_true(matched); +} + +/* + * Note: to run under valgrind use: + * valgrind \ + * --suppressions=lib/ldb/tests/ldb_match_test.valgrind \ + * bin/ldb_match_test + */ +int main(int argc, const char **argv) +{ + const struct CMUnitTest tests[] = { + cmocka_unit_test_setup_teardown( + test_wildcard_match_star, + setup, + teardown), + cmocka_unit_test_setup_teardown( + test_wildcard_match, + setup, + teardown), + cmocka_unit_test_setup_teardown( + test_wildcard_match_end_condition, + setup, + teardown), + }; + + return cmocka_run_group_tests(tests, NULL, NULL); +} diff --git a/lib/ldb/tests/ldb_match_test.valgrind b/lib/ldb/tests/ldb_match_test.valgrind new file mode 100644 index 00000000000..660bd5a6b46 --- /dev/null +++ b/lib/ldb/tests/ldb_match_test.valgrind @@ -0,0 +1,16 @@ +{ + Memory allocated in set-up + Memcheck:Leak + match-leak-kinds: possible + fun:malloc + ... + fun:setup +} +{ + Memory allocated by ldb_init + Memcheck:Leak + match-leak-kinds: possible + fun:malloc + ... + fun:ldb_init +} diff --git a/lib/ldb/wscript b/lib/ldb/wscript index 855ee4d556c..cff3ee2d2d3 100644 --- a/lib/ldb/wscript +++ b/lib/ldb/wscript @@ -511,6 +511,11 @@ def build(bld): deps='cmocka ldb', install=False) + bld.SAMBA_BINARY('ldb_match_test', + source='tests/ldb_match_test.c', + deps='cmocka ldb', + install=False) + if bld.CONFIG_SET('HAVE_LMDB'): bld.SAMBA_BINARY('ldb_mdb_mod_op_test', source='tests/ldb_mod_op_test.c', @@ -578,7 +583,8 @@ def test(ctx): # we don't want to run ldb_lmdb_size_test (which proves we can # fit > 4G of data into the DB), it would fill up the disk on # many of our test instances - 'ldb_mdb_kv_ops_test'] + 'ldb_mdb_kv_ops_test', + 'ldb_match_test'] for test_exe in test_exes: cmd = os.path.join(Context.g_module.out, test_exe) -- 2.17.1 From 87782852b137ea1a9c044200201de24f4e08844b Mon Sep 17 00:00:00 2001 From: Gary Lockyer Date: Wed, 20 Feb 2019 09:51:55 +1300 Subject: [PATCH 47/47] CVE-2019-3824 ldb: Release ldb 1.5.4 * CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 Signed-off-by: Gary Lockyer --- lib/ldb/ABI/ldb-1.5.4.sigs | 280 ++++++++++++++++++++++++++ lib/ldb/ABI/pyldb-util-1.5.4.sigs | 2 + lib/ldb/ABI/pyldb-util.py3-1.5.4.sigs | 2 + lib/ldb/wscript | 2 +- 4 files changed, 285 insertions(+), 1 deletion(-) create mode 100644 lib/ldb/ABI/ldb-1.5.4.sigs create mode 100644 lib/ldb/ABI/pyldb-util-1.5.4.sigs create mode 100644 lib/ldb/ABI/pyldb-util.py3-1.5.4.sigs diff --git a/lib/ldb/ABI/ldb-1.5.4.sigs b/lib/ldb/ABI/ldb-1.5.4.sigs new file mode 100644 index 00000000000..0c1234f1c97 --- /dev/null +++ b/lib/ldb/ABI/ldb-1.5.4.sigs @@ -0,0 +1,280 @@ +ldb_add: int (struct ldb_context *, const struct ldb_message *) +ldb_any_comparison: int (struct ldb_context *, void *, ldb_attr_handler_t, const struct ldb_val *, const struct ldb_val *) +ldb_asprintf_errstring: void (struct ldb_context *, const char *, ...) +ldb_attr_casefold: char *(TALLOC_CTX *, const char *) +ldb_attr_dn: int (const char *) +ldb_attr_in_list: int (const char * const *, const char *) +ldb_attr_list_copy: const char **(TALLOC_CTX *, const char * const *) +ldb_attr_list_copy_add: const char **(TALLOC_CTX *, const char * const *, const char *) +ldb_base64_decode: int (char *) +ldb_base64_encode: char *(TALLOC_CTX *, const char *, int) +ldb_binary_decode: struct ldb_val (TALLOC_CTX *, const char *) +ldb_binary_encode: char *(TALLOC_CTX *, struct ldb_val) +ldb_binary_encode_string: char *(TALLOC_CTX *, const char *) +ldb_build_add_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_del_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_extended_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const char *, void *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_mod_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_rename_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_search_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, const char *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_build_search_req_ex: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, struct ldb_parse_tree *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) +ldb_casefold: char *(struct ldb_context *, TALLOC_CTX *, const char *, size_t) +ldb_casefold_default: char *(void *, TALLOC_CTX *, const char *, size_t) +ldb_check_critical_controls: int (struct ldb_control **) +ldb_comparison_binary: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *) +ldb_comparison_fold: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *) +ldb_connect: int (struct ldb_context *, const char *, unsigned int, const char **) +ldb_control_to_string: char *(TALLOC_CTX *, const struct ldb_control *) +ldb_controls_except_specified: struct ldb_control **(struct ldb_control **, TALLOC_CTX *, struct ldb_control *) +ldb_debug: void (struct ldb_context *, enum ldb_debug_level, const char *, ...) +ldb_debug_add: void (struct ldb_context *, const char *, ...) +ldb_debug_end: void (struct ldb_context *, enum ldb_debug_level) +ldb_debug_set: void (struct ldb_context *, enum ldb_debug_level, const char *, ...) +ldb_delete: int (struct ldb_context *, struct ldb_dn *) +ldb_dn_add_base: bool (struct ldb_dn *, struct ldb_dn *) +ldb_dn_add_base_fmt: bool (struct ldb_dn *, const char *, ...) +ldb_dn_add_child: bool (struct ldb_dn *, struct ldb_dn *) +ldb_dn_add_child_fmt: bool (struct ldb_dn *, const char *, ...) +ldb_dn_add_child_val: bool (struct ldb_dn *, const char *, struct ldb_val) +ldb_dn_alloc_casefold: char *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_alloc_linearized: char *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_canonical_ex_string: char *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_canonical_string: char *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_check_local: bool (struct ldb_module *, struct ldb_dn *) +ldb_dn_check_special: bool (struct ldb_dn *, const char *) +ldb_dn_compare: int (struct ldb_dn *, struct ldb_dn *) +ldb_dn_compare_base: int (struct ldb_dn *, struct ldb_dn *) +ldb_dn_copy: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_escape_value: char *(TALLOC_CTX *, struct ldb_val) +ldb_dn_extended_add_syntax: int (struct ldb_context *, unsigned int, const struct ldb_dn_extended_syntax *) +ldb_dn_extended_filter: void (struct ldb_dn *, const char * const *) +ldb_dn_extended_syntax_by_name: const struct ldb_dn_extended_syntax *(struct ldb_context *, const char *) +ldb_dn_from_ldb_val: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const struct ldb_val *) +ldb_dn_get_casefold: const char *(struct ldb_dn *) +ldb_dn_get_comp_num: int (struct ldb_dn *) +ldb_dn_get_component_name: const char *(struct ldb_dn *, unsigned int) +ldb_dn_get_component_val: const struct ldb_val *(struct ldb_dn *, unsigned int) +ldb_dn_get_extended_comp_num: int (struct ldb_dn *) +ldb_dn_get_extended_component: const struct ldb_val *(struct ldb_dn *, const char *) +ldb_dn_get_extended_linearized: char *(TALLOC_CTX *, struct ldb_dn *, int) +ldb_dn_get_ldb_context: struct ldb_context *(struct ldb_dn *) +ldb_dn_get_linearized: const char *(struct ldb_dn *) +ldb_dn_get_parent: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) +ldb_dn_get_rdn_name: const char *(struct ldb_dn *) +ldb_dn_get_rdn_val: const struct ldb_val *(struct ldb_dn *) +ldb_dn_has_extended: bool (struct ldb_dn *) +ldb_dn_is_null: bool (struct ldb_dn *) +ldb_dn_is_special: bool (struct ldb_dn *) +ldb_dn_is_valid: bool (struct ldb_dn *) +ldb_dn_map_local: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) +ldb_dn_map_rebase_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) +ldb_dn_map_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) +ldb_dn_minimise: bool (struct ldb_dn *) +ldb_dn_new: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *) +ldb_dn_new_fmt: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *, ...) +ldb_dn_remove_base_components: bool (struct ldb_dn *, unsigned int) +ldb_dn_remove_child_components: bool (struct ldb_dn *, unsigned int) +ldb_dn_remove_extended_components: void (struct ldb_dn *) +ldb_dn_replace_components: bool (struct ldb_dn *, struct ldb_dn *) +ldb_dn_set_component: int (struct ldb_dn *, int, const char *, const struct ldb_val) +ldb_dn_set_extended_component: int (struct ldb_dn *, const char *, const struct ldb_val *) +ldb_dn_update_components: int (struct ldb_dn *, const struct ldb_dn *) +ldb_dn_validate: bool (struct ldb_dn *) +ldb_dump_results: void (struct ldb_context *, struct ldb_result *, FILE *) +ldb_error_at: int (struct ldb_context *, int, const char *, const char *, int) +ldb_errstring: const char *(struct ldb_context *) +ldb_extended: int (struct ldb_context *, const char *, void *, struct ldb_result **) +ldb_extended_default_callback: int (struct ldb_request *, struct ldb_reply *) +ldb_filter_from_tree: char *(TALLOC_CTX *, const struct ldb_parse_tree *) +ldb_get_config_basedn: struct ldb_dn *(struct ldb_context *) +ldb_get_create_perms: unsigned int (struct ldb_context *) +ldb_get_default_basedn: struct ldb_dn *(struct ldb_context *) +ldb_get_event_context: struct tevent_context *(struct ldb_context *) +ldb_get_flags: unsigned int (struct ldb_context *) +ldb_get_opaque: void *(struct ldb_context *, const char *) +ldb_get_root_basedn: struct ldb_dn *(struct ldb_context *) +ldb_get_schema_basedn: struct ldb_dn *(struct ldb_context *) +ldb_global_init: int (void) +ldb_handle_get_event_context: struct tevent_context *(struct ldb_handle *) +ldb_handle_new: struct ldb_handle *(TALLOC_CTX *, struct ldb_context *) +ldb_handle_use_global_event_context: void (struct ldb_handle *) +ldb_handler_copy: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *) +ldb_handler_fold: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *) +ldb_init: struct ldb_context *(TALLOC_CTX *, struct tevent_context *) +ldb_ldif_message_redacted_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *) +ldb_ldif_message_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *) +ldb_ldif_parse_modrdn: int (struct ldb_context *, const struct ldb_ldif *, TALLOC_CTX *, struct ldb_dn **, struct ldb_dn **, bool *, struct ldb_dn **, struct ldb_dn **) +ldb_ldif_read: struct ldb_ldif *(struct ldb_context *, int (*)(void *), void *) +ldb_ldif_read_file: struct ldb_ldif *(struct ldb_context *, FILE *) +ldb_ldif_read_file_state: struct ldb_ldif *(struct ldb_context *, struct ldif_read_file_state *) +ldb_ldif_read_free: void (struct ldb_context *, struct ldb_ldif *) +ldb_ldif_read_string: struct ldb_ldif *(struct ldb_context *, const char **) +ldb_ldif_write: int (struct ldb_context *, int (*)(void *, const char *, ...), void *, const struct ldb_ldif *) +ldb_ldif_write_file: int (struct ldb_context *, FILE *, const struct ldb_ldif *) +ldb_ldif_write_redacted_trace_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *) +ldb_ldif_write_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *) +ldb_load_modules: int (struct ldb_context *, const char **) +ldb_map_add: int (struct ldb_module *, struct ldb_request *) +ldb_map_delete: int (struct ldb_module *, struct ldb_request *) +ldb_map_init: int (struct ldb_module *, const struct ldb_map_attribute *, const struct ldb_map_objectclass *, const char * const *, const char *, const char *) +ldb_map_modify: int (struct ldb_module *, struct ldb_request *) +ldb_map_rename: int (struct ldb_module *, struct ldb_request *) +ldb_map_search: int (struct ldb_module *, struct ldb_request *) +ldb_match_message: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, enum ldb_scope, bool *) +ldb_match_msg: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope) +ldb_match_msg_error: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope, bool *) +ldb_match_msg_objectclass: int (const struct ldb_message *, const char *) +ldb_mod_register_control: int (struct ldb_module *, const char *) +ldb_modify: int (struct ldb_context *, const struct ldb_message *) +ldb_modify_default_callback: int (struct ldb_request *, struct ldb_reply *) +ldb_module_call_chain: char *(struct ldb_request *, TALLOC_CTX *) +ldb_module_connect_backend: int (struct ldb_context *, const char *, const char **, struct ldb_module **) +ldb_module_done: int (struct ldb_request *, struct ldb_control **, struct ldb_extended *, int) +ldb_module_flags: uint32_t (struct ldb_context *) +ldb_module_get_ctx: struct ldb_context *(struct ldb_module *) +ldb_module_get_name: const char *(struct ldb_module *) +ldb_module_get_ops: const struct ldb_module_ops *(struct ldb_module *) +ldb_module_get_private: void *(struct ldb_module *) +ldb_module_init_chain: int (struct ldb_context *, struct ldb_module *) +ldb_module_load_list: int (struct ldb_context *, const char **, struct ldb_module *, struct ldb_module **) +ldb_module_new: struct ldb_module *(TALLOC_CTX *, struct ldb_context *, const char *, const struct ldb_module_ops *) +ldb_module_next: struct ldb_module *(struct ldb_module *) +ldb_module_popt_options: struct poptOption **(struct ldb_context *) +ldb_module_send_entry: int (struct ldb_request *, struct ldb_message *, struct ldb_control **) +ldb_module_send_referral: int (struct ldb_request *, char *) +ldb_module_set_next: void (struct ldb_module *, struct ldb_module *) +ldb_module_set_private: void (struct ldb_module *, void *) +ldb_modules_hook: int (struct ldb_context *, enum ldb_module_hook_type) +ldb_modules_list_from_string: const char **(struct ldb_context *, TALLOC_CTX *, const char *) +ldb_modules_load: int (const char *, const char *) +ldb_msg_add: int (struct ldb_message *, const struct ldb_message_element *, int) +ldb_msg_add_empty: int (struct ldb_message *, const char *, int, struct ldb_message_element **) +ldb_msg_add_fmt: int (struct ldb_message *, const char *, const char *, ...) +ldb_msg_add_linearized_dn: int (struct ldb_message *, const char *, struct ldb_dn *) +ldb_msg_add_steal_string: int (struct ldb_message *, const char *, char *) +ldb_msg_add_steal_value: int (struct ldb_message *, const char *, struct ldb_val *) +ldb_msg_add_string: int (struct ldb_message *, const char *, const char *) +ldb_msg_add_value: int (struct ldb_message *, const char *, const struct ldb_val *, struct ldb_message_element **) +ldb_msg_canonicalize: struct ldb_message *(struct ldb_context *, const struct ldb_message *) +ldb_msg_check_string_attribute: int (const struct ldb_message *, const char *, const char *) +ldb_msg_copy: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *) +ldb_msg_copy_attr: int (struct ldb_message *, const char *, const char *) +ldb_msg_copy_shallow: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *) +ldb_msg_diff: struct ldb_message *(struct ldb_context *, struct ldb_message *, struct ldb_message *) +ldb_msg_difference: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message *, struct ldb_message *, struct ldb_message **) +ldb_msg_element_compare: int (struct ldb_message_element *, struct ldb_message_element *) +ldb_msg_element_compare_name: int (struct ldb_message_element *, struct ldb_message_element *) +ldb_msg_element_equal_ordered: bool (const struct ldb_message_element *, const struct ldb_message_element *) +ldb_msg_find_attr_as_bool: int (const struct ldb_message *, const char *, int) +ldb_msg_find_attr_as_dn: struct ldb_dn *(struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, const char *) +ldb_msg_find_attr_as_double: double (const struct ldb_message *, const char *, double) +ldb_msg_find_attr_as_int: int (const struct ldb_message *, const char *, int) +ldb_msg_find_attr_as_int64: int64_t (const struct ldb_message *, const char *, int64_t) +ldb_msg_find_attr_as_string: const char *(const struct ldb_message *, const char *, const char *) +ldb_msg_find_attr_as_uint: unsigned int (const struct ldb_message *, const char *, unsigned int) +ldb_msg_find_attr_as_uint64: uint64_t (const struct ldb_message *, const char *, uint64_t) +ldb_msg_find_common_values: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message_element *, struct ldb_message_element *, uint32_t) +ldb_msg_find_duplicate_val: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message_element *, struct ldb_val **, uint32_t) +ldb_msg_find_element: struct ldb_message_element *(const struct ldb_message *, const char *) +ldb_msg_find_ldb_val: const struct ldb_val *(const struct ldb_message *, const char *) +ldb_msg_find_val: struct ldb_val *(const struct ldb_message_element *, struct ldb_val *) +ldb_msg_new: struct ldb_message *(TALLOC_CTX *) +ldb_msg_normalize: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_message **) +ldb_msg_remove_attr: void (struct ldb_message *, const char *) +ldb_msg_remove_element: void (struct ldb_message *, struct ldb_message_element *) +ldb_msg_rename_attr: int (struct ldb_message *, const char *, const char *) +ldb_msg_sanity_check: int (struct ldb_context *, const struct ldb_message *) +ldb_msg_sort_elements: void (struct ldb_message *) +ldb_next_del_trans: int (struct ldb_module *) +ldb_next_end_trans: int (struct ldb_module *) +ldb_next_init: int (struct ldb_module *) +ldb_next_prepare_commit: int (struct ldb_module *) +ldb_next_read_lock: int (struct ldb_module *) +ldb_next_read_unlock: int (struct ldb_module *) +ldb_next_remote_request: int (struct ldb_module *, struct ldb_request *) +ldb_next_request: int (struct ldb_module *, struct ldb_request *) +ldb_next_start_trans: int (struct ldb_module *) +ldb_op_default_callback: int (struct ldb_request *, struct ldb_reply *) +ldb_options_find: const char *(struct ldb_context *, const char **, const char *) +ldb_pack_data: int (struct ldb_context *, const struct ldb_message *, struct ldb_val *) +ldb_parse_control_from_string: struct ldb_control *(struct ldb_context *, TALLOC_CTX *, const char *) +ldb_parse_control_strings: struct ldb_control **(struct ldb_context *, TALLOC_CTX *, const char **) +ldb_parse_tree: struct ldb_parse_tree *(TALLOC_CTX *, const char *) +ldb_parse_tree_attr_replace: void (struct ldb_parse_tree *, const char *, const char *) +ldb_parse_tree_copy_shallow: struct ldb_parse_tree *(TALLOC_CTX *, const struct ldb_parse_tree *) +ldb_parse_tree_walk: int (struct ldb_parse_tree *, int (*)(struct ldb_parse_tree *, void *), void *) +ldb_qsort: void (void * const, size_t, size_t, void *, ldb_qsort_cmp_fn_t) +ldb_register_backend: int (const char *, ldb_connect_fn, bool) +ldb_register_extended_match_rule: int (struct ldb_context *, const struct ldb_extended_match_rule *) +ldb_register_hook: int (ldb_hook_fn) +ldb_register_module: int (const struct ldb_module_ops *) +ldb_rename: int (struct ldb_context *, struct ldb_dn *, struct ldb_dn *) +ldb_reply_add_control: int (struct ldb_reply *, const char *, bool, void *) +ldb_reply_get_control: struct ldb_control *(struct ldb_reply *, const char *) +ldb_req_get_custom_flags: uint32_t (struct ldb_request *) +ldb_req_is_untrusted: bool (struct ldb_request *) +ldb_req_location: const char *(struct ldb_request *) +ldb_req_mark_trusted: void (struct ldb_request *) +ldb_req_mark_untrusted: void (struct ldb_request *) +ldb_req_set_custom_flags: void (struct ldb_request *, uint32_t) +ldb_req_set_location: void (struct ldb_request *, const char *) +ldb_request: int (struct ldb_context *, struct ldb_request *) +ldb_request_add_control: int (struct ldb_request *, const char *, bool, void *) +ldb_request_done: int (struct ldb_request *, int) +ldb_request_get_control: struct ldb_control *(struct ldb_request *, const char *) +ldb_request_get_status: int (struct ldb_request *) +ldb_request_replace_control: int (struct ldb_request *, const char *, bool, void *) +ldb_request_set_state: void (struct ldb_request *, int) +ldb_reset_err_string: void (struct ldb_context *) +ldb_save_controls: int (struct ldb_control *, struct ldb_request *, struct ldb_control ***) +ldb_schema_attribute_add: int (struct ldb_context *, const char *, unsigned int, const char *) +ldb_schema_attribute_add_with_syntax: int (struct ldb_context *, const char *, unsigned int, const struct ldb_schema_syntax *) +ldb_schema_attribute_by_name: const struct ldb_schema_attribute *(struct ldb_context *, const char *) +ldb_schema_attribute_fill_with_syntax: int (struct ldb_context *, TALLOC_CTX *, const char *, unsigned int, const struct ldb_schema_syntax *, struct ldb_schema_attribute *) +ldb_schema_attribute_remove: void (struct ldb_context *, const char *) +ldb_schema_attribute_remove_flagged: void (struct ldb_context *, unsigned int) +ldb_schema_attribute_set_override_handler: void (struct ldb_context *, ldb_attribute_handler_override_fn_t, void *) +ldb_schema_set_override_GUID_index: void (struct ldb_context *, const char *, const char *) +ldb_schema_set_override_indexlist: void (struct ldb_context *, bool) +ldb_search: int (struct ldb_context *, TALLOC_CTX *, struct ldb_result **, struct ldb_dn *, enum ldb_scope, const char * const *, const char *, ...) +ldb_search_default_callback: int (struct ldb_request *, struct ldb_reply *) +ldb_sequence_number: int (struct ldb_context *, enum ldb_sequence_type, uint64_t *) +ldb_set_create_perms: void (struct ldb_context *, unsigned int) +ldb_set_debug: int (struct ldb_context *, void (*)(void *, enum ldb_debug_level, const char *, va_list), void *) +ldb_set_debug_stderr: int (struct ldb_context *) +ldb_set_default_dns: void (struct ldb_context *) +ldb_set_errstring: void (struct ldb_context *, const char *) +ldb_set_event_context: void (struct ldb_context *, struct tevent_context *) +ldb_set_flags: void (struct ldb_context *, unsigned int) +ldb_set_modules_dir: void (struct ldb_context *, const char *) +ldb_set_opaque: int (struct ldb_context *, const char *, void *) +ldb_set_require_private_event_context: void (struct ldb_context *) +ldb_set_timeout: int (struct ldb_context *, struct ldb_request *, int) +ldb_set_timeout_from_prev_req: int (struct ldb_context *, struct ldb_request *, struct ldb_request *) +ldb_set_utf8_default: void (struct ldb_context *) +ldb_set_utf8_fns: void (struct ldb_context *, void *, char *(*)(void *, void *, const char *, size_t)) +ldb_setup_wellknown_attributes: int (struct ldb_context *) +ldb_should_b64_encode: int (struct ldb_context *, const struct ldb_val *) +ldb_standard_syntax_by_name: const struct ldb_schema_syntax *(struct ldb_context *, const char *) +ldb_strerror: const char *(int) +ldb_string_to_time: time_t (const char *) +ldb_string_utc_to_time: time_t (const char *) +ldb_timestring: char *(TALLOC_CTX *, time_t) +ldb_timestring_utc: char *(TALLOC_CTX *, time_t) +ldb_transaction_cancel: int (struct ldb_context *) +ldb_transaction_cancel_noerr: int (struct ldb_context *) +ldb_transaction_commit: int (struct ldb_context *) +ldb_transaction_prepare_commit: int (struct ldb_context *) +ldb_transaction_start: int (struct ldb_context *) +ldb_unpack_data: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *) +ldb_unpack_data_only_attr_list: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int *) +ldb_unpack_data_only_attr_list_flags: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int, unsigned int *) +ldb_val_dup: struct ldb_val (TALLOC_CTX *, const struct ldb_val *) +ldb_val_equal_exact: int (const struct ldb_val *, const struct ldb_val *) +ldb_val_map_local: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) +ldb_val_map_remote: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) +ldb_val_string_cmp: int (const struct ldb_val *, const char *) +ldb_val_to_time: int (const struct ldb_val *, time_t *) +ldb_valid_attr_name: int (const char *) +ldb_vdebug: void (struct ldb_context *, enum ldb_debug_level, const char *, va_list) +ldb_wait: int (struct ldb_handle *, enum ldb_wait_type) diff --git a/lib/ldb/ABI/pyldb-util-1.5.4.sigs b/lib/ldb/ABI/pyldb-util-1.5.4.sigs new file mode 100644 index 00000000000..74d6719d2bc --- /dev/null +++ b/lib/ldb/ABI/pyldb-util-1.5.4.sigs @@ -0,0 +1,2 @@ +pyldb_Dn_FromDn: PyObject *(struct ldb_dn *) +pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **) diff --git a/lib/ldb/ABI/pyldb-util.py3-1.5.4.sigs b/lib/ldb/ABI/pyldb-util.py3-1.5.4.sigs new file mode 100644 index 00000000000..74d6719d2bc --- /dev/null +++ b/lib/ldb/ABI/pyldb-util.py3-1.5.4.sigs @@ -0,0 +1,2 @@ +pyldb_Dn_FromDn: PyObject *(struct ldb_dn *) +pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **) diff --git a/lib/ldb/wscript b/lib/ldb/wscript index cff3ee2d2d3..d3402a7b5b2 100644 --- a/lib/ldb/wscript +++ b/lib/ldb/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'ldb' -VERSION = '1.5.3' +VERSION = '1.5.4' import sys, os -- 2.17.1