The Samba-Bugzilla – Attachment 14854 Details for
Bug 13773
CVE-2019-3824 [SECURITY] ldb: Out of bound read in ldb_wildcard_compare
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch for version V4.10
CVE-2019-3824-v4-10.patch (text/plain), 144.62 KB, created by
Gary Lockyer
on 2019-02-20 03:29:28 UTC
(
hide
)
Description:
Proposed patch for version V4.10
Filename:
MIME Type:
Creator:
Gary Lockyer
Created:
2019-02-20 03:29:28 UTC
Size:
144.62 KB
patch
obsolete
>From 248c234e06bf09a7f6ca3f6cafbac47baea7b302 Mon Sep 17 00:00:00 2001 >From: Karolin Seeger <kseeger@samba.org> >Date: Tue, 15 Jan 2019 11:02:10 +0100 >Subject: [PATCH 01/47] VERSION: Bump version up to 4.10.0rc2... > >and re-enable GIT_SNAPSHOT. > >Signed-off-by: Karolin Seeger <kseeger@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> > >(replaces commit 75106e05b42e5d4629aacfa941213745d9d6e819) >--- > VERSION | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/VERSION b/VERSION >index fde61a99da4..60f28019c64 100644 >--- a/VERSION >+++ b/VERSION >@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= > # e.g. SAMBA_VERSION_RC_RELEASE=1 # > # -> "3.0.0rc1" # > ######################################################## >-SAMBA_VERSION_RC_RELEASE=1 >+SAMBA_VERSION_RC_RELEASE=2 > > ######################################################## > # To mark SVN snapshots this should be set to 'yes' # >@@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE=1 > # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # > # -> "3.0.0-SVN-build-199" # > ######################################################## >-SAMBA_VERSION_IS_GIT_SNAPSHOT=no >+SAMBA_VERSION_IS_GIT_SNAPSHOT=yes > > ######################################################## > # This is for specifying a release nickname # >-- >2.17.1 > > >From 529b29203d4263bb2e3263e7d873f74f5236814a Mon Sep 17 00:00:00 2001 >From: Justin Stephenson <jstephen@redhat.com> >Date: Mon, 14 Jan 2019 10:36:47 -0500 >Subject: [PATCH 02/47] s3:libsmb: Honor disable_netbios option in > smbsock_connect_send > >If disable_netbios is set, return before the tevent timer is triggered >to prevent outgoing netbios connections. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727 > >Signed-off-by: Justin Stephenson <jstephen@redhat.com> >Reviewed-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit c324f84a2fa25e29d2f7879fbcd35ce0e76a78f8) >--- > source3/libsmb/smbsock_connect.c | 7 +++++++ > 1 file changed, 7 insertions(+) > >diff --git a/source3/libsmb/smbsock_connect.c b/source3/libsmb/smbsock_connect.c >index bb3cb07646c..be52b9a4f79 100644 >--- a/source3/libsmb/smbsock_connect.c >+++ b/source3/libsmb/smbsock_connect.c >@@ -415,6 +415,13 @@ struct tevent_req *smbsock_connect_send(TALLOC_CTX *mem_ctx, > tevent_req_set_callback(state->req_445, smbsock_connect_connected, > req); > >+ /* >+ * Check for disable_netbios >+ */ >+ if (lp_disable_netbios()) { >+ return req; >+ } >+ > /* > * After 5 msecs, fire the 139 (NBT) request > */ >-- >2.17.1 > > >From f43abe39d56b772628a6b9f803f0bf68f5870d08 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Fri, 14 Dec 2018 10:37:11 +1300 >Subject: [PATCH 03/47] python/gpclass: Convert gpclass to use s3 SMB Python > bindings > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 3b2e86bba1f6b22b144b07db454b842f0c0779ae) >--- > python/samba/gpclass.py | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > >diff --git a/python/samba/gpclass.py b/python/samba/gpclass.py >index fb7c705a47e..0040f235e6e 100644 >--- a/python/samba/gpclass.py >+++ b/python/samba/gpclass.py >@@ -29,7 +29,8 @@ import xml.etree.ElementTree as etree > import re > from samba.net import Net > from samba.dcerpc import nbt >-from samba import smb >+from samba.samba3 import libsmb_samba_internal as libsmb >+from samba.samba3 import param as s3param > import samba.gpo as gpo > from samba.param import LoadParm > from uuid import UUID >@@ -386,7 +387,7 @@ def cache_gpo_dir(conn, cache, sub_dir): > if e.errno != errno.EEXIST: > raise > for fdata in conn.list(sub_dir): >- if fdata['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY: >+ if fdata['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY: > cache_gpo_dir(conn, cache, os.path.join(sub_dir, fdata['name'])) > else: > local_name = fdata['name'].upper() >@@ -407,7 +408,10 @@ def check_safe_path(path): > > > def check_refresh_gpo_list(dc_hostname, lp, creds, gpos): >- conn = smb.SMB(dc_hostname, 'sysvol', lp=lp, creds=creds, sign=True) >+ # the SMB bindings rely on having a s3 loadparm >+ s3_lp = s3param.get_context() >+ s3_lp.load(lp.configfile) >+ conn = libsmb.Conn(dc_hostname, 'sysvol', lp=s3_lp, creds=creds, sign=True) > cache_path = lp.cache_path('gpo_cache') > for gpo in gpos: > if not gpo.file_sys_path: >-- >2.17.1 > > >From 3ed03bd24eb6c236df23025aa25b9618a2d76a25 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Tue, 8 Jan 2019 14:42:05 +1300 >Subject: [PATCH 04/47] s3:pylibsmb: Add .set_acl API to SMB py bindings > >This is pretty similar code to py_smb_getacl(), except it's calling >cli_set_security_descriptor() instead of cli_query_security_descriptor() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit b982811b60521624f1f600841ffa05e306eb936a) >--- > source3/libsmb/pylibsmb.c | 51 +++++++++++++++++++++++++++++++++++++++ > 1 file changed, 51 insertions(+) > >diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c >index e0ce518d91b..ee1d91b90ed 100644 >--- a/source3/libsmb/pylibsmb.c >+++ b/source3/libsmb/pylibsmb.c >@@ -1525,6 +1525,54 @@ static PyObject *py_smb_getacl(struct py_cli_state *self, PyObject *args) > sd, sd); > } > >+/* >+ * Set ACL on file/directory using given security descriptor object >+ */ >+static PyObject *py_smb_setacl(struct py_cli_state *self, PyObject *args) >+{ >+ NTSTATUS status; >+ char *filename = NULL; >+ PyObject *py_sd = NULL; >+ struct security_descriptor *sd = NULL; >+ unsigned int sinfo = SECINFO_DEFAULT_FLAGS; >+ uint16_t fnum; >+ >+ /* there's no async version of cli_set_security_descriptor() */ >+ if (self->thread_state != NULL) { >+ PyErr_SetString(PyExc_RuntimeError, >+ "set_acl() is not supported on " >+ "a multi_threaded connection"); >+ return NULL; >+ } >+ >+ if (!PyArg_ParseTuple(args, "sO|I:set_acl", &filename, &py_sd, >+ &sinfo)) { >+ return NULL; >+ } >+ >+ sd = pytalloc_get_type(py_sd, struct security_descriptor); >+ if (!sd) { >+ PyErr_Format(PyExc_TypeError, >+ "Expected dcerpc.security.descriptor as argument, got %s", >+ talloc_get_name(pytalloc_get_ptr(py_sd))); >+ return NULL; >+ } >+ >+ status = cli_ntcreate(self->cli, filename, 0, >+ SEC_FLAG_MAXIMUM_ALLOWED, 0, >+ FILE_SHARE_READ|FILE_SHARE_WRITE, >+ FILE_OPEN, 0x0, 0x0, &fnum, NULL); >+ PyErr_NTSTATUS_IS_ERR_RAISE(status); >+ >+ status = cli_set_security_descriptor(self->cli, fnum, sinfo, sd); >+ PyErr_NTSTATUS_IS_ERR_RAISE(status); >+ >+ status = cli_close(self->cli, fnum); >+ PyErr_NTSTATUS_IS_ERR_RAISE(status); >+ >+ Py_RETURN_NONE; >+} >+ > static PyMethodDef py_cli_state_methods[] = { > { "settimeout", (PyCFunction)py_cli_settimeout, METH_VARARGS, > "settimeout(new_timeout_msecs) => return old_timeout_msecs" }, >@@ -1577,6 +1625,9 @@ static PyMethodDef py_cli_state_methods[] = { > { "get_acl", (PyCFunction)py_smb_getacl, METH_VARARGS, > "get_acl(path[, security_info=0]) -> security_descriptor object\n\n" > "\t\tGet security descriptor for file." }, >+ { "set_acl", (PyCFunction)py_smb_setacl, METH_VARARGS, >+ "set_acl(path, security_descriptor[, security_info=0]) -> None\n\n" >+ "\t\tSet security descriptor for file." }, > { NULL, NULL, 0, NULL } > }; > >-- >2.17.1 > > >From b47e42e04006549ae24360191e3b36f6cc01dc2f Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Tue, 8 Jan 2019 15:10:46 +1300 >Subject: [PATCH 05/47] netcmd: Change SMB flags from s4 Py bindings to s3 > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 345746ea5f4cca2620421ac0c8a649a596f5c19d) >--- > python/samba/netcmd/gpo.py | 13 +++++++------ > 1 file changed, 7 insertions(+), 6 deletions(-) > >diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py >index a064f44147a..d4431296508 100644 >--- a/python/samba/netcmd/gpo.py >+++ b/python/samba/netcmd/gpo.py >@@ -44,6 +44,7 @@ from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHE > from samba.netcmd.common import netcmd_finddc > from samba import policy > from samba import smb >+from samba.samba3 import libsmb_samba_internal as libsmb > from samba import NTSTATUSError > import uuid > from samba.ntacls import dsacl2fsacl >@@ -280,7 +281,7 @@ def backup_directory_remote_to_local(conn, remotedir, localdir): > r_name = r_dir + '\\' + e['name'] > l_name = os.path.join(l_dir, e['name']) > >- if e['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY: >+ if e['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY: > r_dirs.append(r_name) > l_dirs.append(l_name) > os.mkdir(l_name) >@@ -294,10 +295,10 @@ def backup_directory_remote_to_local(conn, remotedir, localdir): > parser.write_xml(l_name + '.xml') > > >-attr_flags = smb.FILE_ATTRIBUTE_SYSTEM | \ >- smb.FILE_ATTRIBUTE_DIRECTORY | \ >- smb.FILE_ATTRIBUTE_ARCHIVE | \ >- smb.FILE_ATTRIBUTE_HIDDEN >+attr_flags = libsmb.FILE_ATTRIBUTE_SYSTEM | \ >+ libsmb.FILE_ATTRIBUTE_DIRECTORY | \ >+ libsmb.FILE_ATTRIBUTE_ARCHIVE | \ >+ libsmb.FILE_ATTRIBUTE_HIDDEN > > > def copy_directory_remote_to_local(conn, remotedir, localdir): >@@ -315,7 +316,7 @@ def copy_directory_remote_to_local(conn, remotedir, localdir): > r_name = r_dir + '\\' + e['name'] > l_name = os.path.join(l_dir, e['name']) > >- if e['attrib'] & smb.FILE_ATTRIBUTE_DIRECTORY: >+ if e['attrib'] & libsmb.FILE_ATTRIBUTE_DIRECTORY: > r_dirs.append(r_name) > l_dirs.append(l_name) > os.mkdir(l_name) >-- >2.17.1 > > >From c9fdea2e361c842d566d662255a361c07932d003 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Fri, 11 Jan 2019 14:25:32 +1300 >Subject: [PATCH 06/47] s3:pylibsmb: Add FILE_READ_ATTRIBUTES access to > .loadfile() API > >Add FILE_READ_ATTRIBUTES when opening the file handle, as we need to >read the file's size. > >The .loadfile() API can end up calling cli_qfileinfo_basic() to get the >file size. This can end up doing a 'FILE_ALL_INFORMATION' SMBv2 request >underneath, which the MS-SMB2 spec (section 3.3.5.20.1 Handling >SMB2_0_INFO_FILE) says the file handle must have FILE_READ_ATTRIBUTES >access granted. > >I noticed this problem when running .loadfile() against the NTVFS >server. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 0304b08de5ba1b4a6e08568a559c52f7d9e943d3) >--- > source3/libsmb/pylibsmb.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/source3/libsmb/pylibsmb.c b/source3/libsmb/pylibsmb.c >index ee1d91b90ed..b4903a9b8c5 100644 >--- a/source3/libsmb/pylibsmb.c >+++ b/source3/libsmb/pylibsmb.c >@@ -928,7 +928,8 @@ static PyObject *py_smb_loadfile(struct py_cli_state *self, PyObject *args, > > /* get a read file handle */ > req = cli_ntcreate_send(NULL, self->ev, self->cli, filename, 0, >- FILE_READ_DATA, FILE_ATTRIBUTE_NORMAL, >+ FILE_READ_DATA | FILE_READ_ATTRIBUTES, >+ FILE_ATTRIBUTE_NORMAL, > FILE_SHARE_READ, FILE_OPEN, 0, > SMB2_IMPERSONATION_IMPERSONATION, 0); > if (!py_tevent_req_wait_exc(self, req)) { >-- >2.17.1 > > >From c4323c00ec59112bcd2160b87ae5fe37a95cd34b Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Fri, 11 Jan 2019 14:53:16 +1300 >Subject: [PATCH 07/47] netcmd: Change GPO commands to use s3 SMB Py bindings > >This means we can now use GPO commands on a DC that has SMBv1 disabled. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 08f1627cb3fa1c9ff7a0f74e32874d305647dc42) >--- > python/samba/netcmd/gpo.py | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > >diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py >index d4431296508..1b5e927f633 100644 >--- a/python/samba/netcmd/gpo.py >+++ b/python/samba/netcmd/gpo.py >@@ -43,7 +43,7 @@ import samba.auth > from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES > from samba.netcmd.common import netcmd_finddc > from samba import policy >-from samba import smb >+from samba.samba3 import param as s3param > from samba.samba3 import libsmb_samba_internal as libsmb > from samba import NTSTATUSError > import uuid >@@ -365,7 +365,10 @@ def create_directory_hier(conn, remotedir): > def smb_connection(dc_hostname, service, lp, creds, sign=False): > # SMB connect to DC > try: >- conn = smb.SMB(dc_hostname, service, lp=lp, creds=creds, sign=sign) >+ # the SMB bindings rely on having a s3 loadparm >+ s3_lp = s3param.get_context() >+ s3_lp.load(lp.configfile) >+ conn = libsmb.Conn(dc_hostname, service, lp=s3_lp, creds=creds, sign=sign) > except Exception: > raise CommandError("Error connecting to '%s' using SMB" % dc_hostname) > return conn >-- >2.17.1 > > >From 9d9b00566c1e7795600075f7a7c572d67fb0714d Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Fri, 11 Jan 2019 15:57:21 +1300 >Subject: [PATCH 08/47] s4:pysmb: Add error log that the s4 bindings are > deprecated > >We plan to delete the s4 SMB Python bindings in the next Samba release >after v4.10, but first give external consumers a heads-up, just in case >they are currently using the s4 bindings. > >Note the auth_log tests still use the s4 bindings, but all user-facing >tools should now be updated to use the s3 bindings. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 6a29e63f32c0024587020fc1f92b3d1ecaa0afbc) >--- > source4/libcli/pysmb.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > >diff --git a/source4/libcli/pysmb.c b/source4/libcli/pysmb.c >index 45ff9a0a7c0..5a028169661 100644 >--- a/source4/libcli/pysmb.c >+++ b/source4/libcli/pysmb.c >@@ -614,6 +614,18 @@ static PyObject *py_smb_new(PyTypeObject *type, PyObject *args, PyObject *kwargs > uint8_t use_spnego = 0xFF; > PyObject *sign = Py_False; > >+ /* >+ * These Python bindings are now deprecated because the s4 SMB client >+ * code doesn't support SMBv2 (and is unlikely to ever support it). >+ * The s3 libsmb_samba_internal bindings are a better choice for use >+ * within the Samba codebase, and support much the same API. >+ * This warning is mostly for external consumers that might be using >+ * these Python bindings (in which case, note libsmb_samba_internal >+ * is not a stable API and may change in future). >+ */ >+ DBG_ERR("The smb.SMB() Python bindings are now deprecated " >+ "and will be removed in the next samba release\n"); >+ > if (!PyArg_ParseTupleAndKeywords(args, kwargs, "zz|OObbO", > discard_const_p(char *, kwnames), > &hostname, &service, &py_creds, &py_lp, >-- >2.17.1 > > >From 6158ca6e2994c5090312cf4677024b43df6bcc7e Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Fri, 11 Jan 2019 15:09:48 +1300 >Subject: [PATCH 09/47] tests: Run samba_tool.gpo tests against backup testenvs > >Run the GPO tests against the backup/restore testenvs. > >Because the backup/restore preserves the NTACLs of the sysvol files, >running the GPO tests against the backup testenvs is a good sanity- >check. If fact it highlights that there is currently a problem with >restoring the GPO files - this shows up in 'samba-tool gpo aclcheck', >but we never noticed it until now. > >NTACL backup works slightly different for offline backups, and rename >backups end up with more sysvol files, so run the tests against both >these envs. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 2a7372da7b84921b247cefc23d7003b8056d74a4) >--- > selftest/knownfail.d/gpo | 3 +++ > source4/selftest/tests.py | 8 +++++--- > 2 files changed, 8 insertions(+), 3 deletions(-) > create mode 100644 selftest/knownfail.d/gpo > >diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo >new file mode 100644 >index 00000000000..fabe2babf0e >--- /dev/null >+++ b/selftest/knownfail.d/gpo >@@ -0,0 +1,3 @@ >+# 'samba-tool gpo aclcheck' currently fails against restored testenvs (due to a bug) >+samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(renamedc:local\) >+samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(offlinebackupdc:local\) >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index a1f38424af7..9d56e0bd2be 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -656,11 +656,13 @@ for env in ["ad_dc_ntvfs", "fl2000dc", "fl2003dc", "fl2008r2dc"]: > for env in ["ad_dc:local", "ad_dc_ntvfs:local", "fl2000dc:local", "fl2003dc:local", "fl2008r2dc:local"]: > plantestsuite("samba.tests.samba_tool.edit", env, [os.path.join(srcdir(), "python/samba/tests/samba_tool/edit.sh"), '$SERVER', '$USERNAME', '$PASSWORD']) > >-# We run this test against both AD DC implemetnations because it is >+# We run this test against both AD DC implementations because it is > # the only test we have of GPO get/set behaviour, and this involves > # the file server as well as the LDAP server. >-planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.gpo", py3_compatible=True) >-planpythontestsuite("ad_dc:local", "samba.tests.samba_tool.gpo", py3_compatible=True) >+# It's also a good sanity-check that sysvol backup worked correctly. >+for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc"]: >+ planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo", >+ py3_compatible=True) > > planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.processes", py3_compatible=True) > planpythontestsuite("ad_dc_ntvfs:local", "samba.tests.samba_tool.user", py3_compatible=True) >-- >2.17.1 > > >From e682347bc1863a800373703f33866ea9c1f11626 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Tue, 15 Jan 2019 14:09:15 +1300 >Subject: [PATCH 10/47] ntacls: Pass correct use_ntvfs through to setntacl() > >We were already checking the smb.conf to see if it uses the NTVFS file >server or the default smbd server. However, we weren't passing this >through to the setntacl() call. > >This fixes the problem we noticed with 'samba-tool gpo aclcheck' failing >after a restore. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit f3fe96fc2e2d942b4a2e241777b5ee12b2295b97) >--- > python/samba/ntacls.py | 3 ++- > selftest/knownfail.d/gpo | 3 --- > 2 files changed, 2 insertions(+), 4 deletions(-) > delete mode 100644 selftest/knownfail.d/gpo > >diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py >index 99245737529..5bf646caf9f 100644 >--- a/python/samba/ntacls.py >+++ b/python/samba/ntacls.py >@@ -454,7 +454,8 @@ class NtaclsHelper: > > def setntacl(self, path, ntacl_sd): > # ntacl_sd can be obj or str >- return setntacl(self.lp, path, ntacl_sd, self.dom_sid) >+ return setntacl(self.lp, path, ntacl_sd, self.dom_sid, >+ use_ntvfs=self.use_ntvfs) > > > def _create_ntacl_file(dst, ntacl_sddl_str): >diff --git a/selftest/knownfail.d/gpo b/selftest/knownfail.d/gpo >deleted file mode 100644 >index fabe2babf0e..00000000000 >--- a/selftest/knownfail.d/gpo >+++ /dev/null >@@ -1,3 +0,0 @@ >-# 'samba-tool gpo aclcheck' currently fails against restored testenvs (due to a bug) >-samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(renamedc:local\) >-samba.tests.samba_tool.gpo.samba.tests.samba_tool.gpo.GpoCmdTestCase.test_aclcheck\(offlinebackupdc:local\) >-- >2.17.1 > > >From 349cfec01df89f0591b04a5f39a9876b73d217d9 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Tue, 15 Jan 2019 17:12:20 +1300 >Subject: [PATCH 11/47] tests: Run GPO commands against testenv with SMBv1 > disabled > >Just to prove that they work across SMBv2. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit da33c2c4e4849f0985b08fbdc58cbd59b8426ec6) >--- > source4/selftest/tests.py | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 9d56e0bd2be..7073755f0b3 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -660,7 +660,8 @@ for env in ["ad_dc:local", "ad_dc_ntvfs:local", "fl2000dc:local", "fl2003dc:loca > # the only test we have of GPO get/set behaviour, and this involves > # the file server as well as the LDAP server. > # It's also a good sanity-check that sysvol backup worked correctly. >-for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc"]: >+for env in ["ad_dc_ntvfs", "ad_dc", "offlinebackupdc", "renamedc", >+ smbv1_disabled_testenv]: > planpythontestsuite(env + ":local", "samba.tests.samba_tool.gpo", > py3_compatible=True) > >-- >2.17.1 > > >From 7399fe07feadfe7adf76c650a511fb7948554d18 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Thu, 13 Dec 2018 16:29:33 +1300 >Subject: [PATCH 12/47] selftest: Give the backup testenvs a 'test1' share > >The ntacls_backup tests use the test1 share, and we want to run them >against the restoredc (which has SMBv1 disabled). > >The xattr.tdb file is needed for the backend_obj.wrap_getxattr() call >(in ntacls.py) to work. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit a310de2db13c02a602e74139cb47ea9a25628e01) >--- > selftest/target/Samba4.pm | 8 ++++++++ > 1 file changed, 8 insertions(+) > >diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm >index 5346cb172df..f2635e574cd 100755 >--- a/selftest/target/Samba4.pm >+++ b/selftest/target/Samba4.pm >@@ -3007,12 +3007,14 @@ sub prepare_dc_testenv > # add support for sysvol/netlogon/tmp shares > $ctx->{share} = "$ctx->{prefix_abs}/share"; > push(@{$ctx->{directories}}, "$ctx->{share}"); >+ push(@{$ctx->{directories}}, "$ctx->{share}/test1"); > > $ctx->{smb_conf_extra_options} = " > $conf_options > max xmit = 32K > server max protocol = SMB2 > samba kcc command = /bin/true >+ xattr_tdb:file = $ctx->{statedir}/xattr.tdb > > [sysvol] > path = $ctx->{statedir}/sysvol >@@ -3029,6 +3031,12 @@ sub prepare_dc_testenv > posix:oplocktimeout = 3 > posix:writetimeupdatedelay = 50000 > >+[test1] >+ path = $ctx->{share}/test1 >+ read only = no >+ posix:sharedelay = 100000 >+ posix:oplocktimeout = 3 >+ posix:writetimeupdatedelay = 500000 > "; > > my $env = $self->provision_raw_step1($ctx); >-- >2.17.1 > > >From f088f070b4cb5a18fdb6f819c5857ef325f53033 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Wed, 16 Jan 2019 10:02:07 +1300 >Subject: [PATCH 13/47] tests: Run ntacls_backup tests against testenv with > SMBv1 disabled > >Just to prove that the NTACL backup works over SMBv2. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >(cherry picked from commit 7fb93eaca74ffe17bbe7255210dd3090afe8d5dc) >--- > source4/selftest/tests.py | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 7073755f0b3..b8132086ef8 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -695,15 +695,13 @@ planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$U > > for env in ["ad_dc", smbv1_disabled_testenv]: > planoldpythontestsuite(env, "samba.tests.smb", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) >+ planoldpythontestsuite(env + ":local", "samba.tests.ntacls_backup", >+ extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) > > planoldpythontestsuite( > "ad_dc_ntvfs:local", "samba.tests.dcerpc.registry", > extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) > >-planoldpythontestsuite( >- "ad_dc:local", "samba.tests.ntacls_backup", >- extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) >- > planoldpythontestsuite("ad_dc_ntvfs", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) > planoldpythontestsuite("ad_dc", "samba.tests.dcerpc.dnsserver", extra_args=['-U"$USERNAME%$PASSWORD"'], py3_compatible=True) > planoldpythontestsuite("chgdcpass", "samba.tests.dcerpc.raw_protocol", py3_compatible=True, >-- >2.17.1 > > >From 26cd687f14d70676c41e038b98551944ebd95356 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Thu, 17 Jan 2019 09:41:21 +1300 >Subject: [PATCH 14/47] netcmd: Try to improve domain backup error message > >I ran this command as non-root by mistake and didn't find the error >message particularly helpful. Tweak the error message so it reminds the >user that they should be root. Also display the path we're looking for >the sam.ldb file in, to give them more clues. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Noel Power <npower@samba.org> > >Autobuild-User(master): Noel Power <npower@samba.org> >Autobuild-Date(master): Mon Jan 21 16:34:06 CET 2019 on sn-devel-144 > >(cherry picked from commit 10e54a095f005c0988a7e5e8a35cea6200197854) >--- > python/samba/netcmd/domain_backup.py | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > >diff --git a/python/samba/netcmd/domain_backup.py b/python/samba/netcmd/domain_backup.py >index 4cacf571f3d..4e32b4b9b1c 100644 >--- a/python/samba/netcmd/domain_backup.py >+++ b/python/samba/netcmd/domain_backup.py >@@ -1009,8 +1009,9 @@ class cmd_domain_backup_offline(samba.netcmd.Command): > > paths = samba.provision.provision_paths_from_lp(lp, lp.get('realm')) > if not (paths.samdb and os.path.exists(paths.samdb)): >- raise CommandError('No sam.db found. This backup ' + >- 'tool is only for AD DCs') >+ logger.error("No database found at {0}".format(paths.samdb)) >+ raise CommandError('Please check you are root, and ' + >+ 'are running this command on an AD DC') > > check_targetdir(logger, targetdir) > >-- >2.17.1 > > >From 16b1971ea0ae76d0738f1dae9997b58af1bd5eac Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Tue, 22 Jan 2019 11:08:13 +1300 >Subject: [PATCH 15/47] WHATSNEW: Update for Bug 13676 changes in Samba 4.10 > >Although it's unlikely that users will be using the 'smb' Python >bindings, it's probably worth noting in the release notes that these >bindings will be deprecated in future releases. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Jeremy Allison <jra@samba.org> >--- > WHATSNEW.txt | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > >diff --git a/WHATSNEW.txt b/WHATSNEW.txt >index 267cc5402a9..493d9c2b35f 100644 >--- a/WHATSNEW.txt >+++ b/WHATSNEW.txt >@@ -153,7 +153,13 @@ log entries has been removed to make the parsing of the JSON log messages > easier. JSON log entries now start with 2 spaces followed by an opening brace > i.e. " {" > >+SMBv2 samba-tool support >+------------------------ > >+On previous releases, some samba-tool commands would not work against a remote >+DC that had SMBv1 disabled. SMBv2 support has now been added for samba-tool. >+The affected commands are 'samba-tool domain backup|rename' and the >+'samba-tool gpo' set of commands. Refer also bug #13676. > > > REMOVED FEATURES >@@ -176,6 +182,14 @@ samba_backup > The samba_backup script has been removed. This has now been replaced by the > 'samba-tool domain backup offline' command. > >+SMB client Python bindings >+-------------------------- >+ >+The SMB client python bindings are now deprecated and will be removed in future >+Samba releases. This will only affects users that may have used the Samba >+Python bindings to write their own utilities, i.e. users with a custom Python >+script that includes the line 'from samba import smb'. >+ > smb.conf changes > ================ > >-- >2.17.1 > > >From a4466ec428265be9b31cec0820ce44c6c9bbc61e Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Mon, 14 Jan 2019 15:04:59 +0100 >Subject: [PATCH 16/47] ctdb: Print locks latency in machinereadable stats > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=13742 >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Martin Schwenke <martin@meltin.net> > >Autobuild-User(master): Volker Lendecke <vl@samba.org> >Autobuild-Date(master): Wed Jan 16 05:34:17 CET 2019 on sn-devel-144 > >(cherry picked from commit 193a0d6f01372604b925d1972591062a0bb2400f) > >Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org> >Autobuild-Date(v4-10-test): Mon Feb 4 13:09:49 CET 2019 on sn-devel-144 >--- > ctdb/tools/ctdb.c | 5 +++++ > 1 file changed, 5 insertions(+) > >diff --git a/ctdb/tools/ctdb.c b/ctdb/tools/ctdb.c >index eb4c684e8b0..ee64566ba04 100644 >--- a/ctdb/tools/ctdb.c >+++ b/ctdb/tools/ctdb.c >@@ -1237,6 +1237,11 @@ static void print_statistics_machine(struct ctdb_statistics *s, > printf("%.6f%s", LATENCY_AVG(s->call_latency), options.sep); > printf("%.6f%s", s->call_latency.max, options.sep); > >+ printf("%u%s", s->locks.latency.num, options.sep); >+ printf("%.6f%s", s->locks.latency.min, options.sep); >+ printf("%.6f%s", LATENCY_AVG(s->locks.latency), options.sep); >+ printf("%.6f%s", s->locks.latency.max, options.sep); >+ > printf("%d%s", s->childwrite_latency.num, options.sep); > printf("%.6f%s", s->childwrite_latency.min, options.sep); > printf("%.6f%s", LATENCY_AVG(s->childwrite_latency), options.sep); >-- >2.17.1 > > >From 9859cc5c1b052180435c1e11a89023726698f51c Mon Sep 17 00:00:00 2001 >From: Anoop C S <anoopcs@redhat.com> >Date: Mon, 21 Jan 2019 14:24:49 +0530 >Subject: [PATCH 17/47] WHATSNEW: Add missing parenthesis > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=13757 > >Signed-off-by: Anoop C S <anoopcs@redhat.com> >Reviewed-by: Guenther Deschner <gd@samba.org> >Reviewed-by: Noel Power <npower@samba.org> >--- > WHATSNEW.txt | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/WHATSNEW.txt b/WHATSNEW.txt >index 493d9c2b35f..e4f33e428bf 100644 >--- a/WHATSNEW.txt >+++ b/WHATSNEW.txt >@@ -103,7 +103,7 @@ the 'PYTHON' environent variable to override the python3 default for both > > Note: Support for python2 (with the exception of a build configured with > 'PYTHON=python2 ./configure --disable-python' and built with >- 'PYTHON=python2 make' will be deprecated in the next release. >+ 'PYTHON=python2 make') will be deprecated in the next release. > > JSON logging > ------------ >-- >2.17.1 > > >From 94aff506747acdc98582ca6426d34a68090077d3 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Tue, 22 Jan 2019 11:18:20 +0100 >Subject: [PATCH 18/47] WHATSNEW: fix typo. > >Guenther > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=13757 > >Signed-off-by: Guenther Deschner <gd@samba.org> >Reviewed-by: Noel Power <npower@samba.org> >--- > WHATSNEW.txt | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/WHATSNEW.txt b/WHATSNEW.txt >index e4f33e428bf..bed631c5eaa 100644 >--- a/WHATSNEW.txt >+++ b/WHATSNEW.txt >@@ -94,7 +94,7 @@ e.g. '--extra-python=/usr/bin/python2'. It should be noted that support for > this option will be deprecated in a future release. > > What if I need to build with python2? To build with python2 you *must* set >-the 'PYTHON' environent variable to override the python3 default for both >+the 'PYTHON' environment variable to override the python3 default for both > 'configure' and 'make' steps. > > 'PYTHON=python2 ./configure.developer' >-- >2.17.1 > > >From 9ae7ffa5f053c5f39691dd881d1adb290859bcad Mon Sep 17 00:00:00 2001 >From: Anoop C S <anoopcs@redhat.com> >Date: Tue, 20 Mar 2018 11:32:20 +0530 >Subject: [PATCH 19/47] vfs_glusterfs: Adapt to changes in libgfapi signatures > >VFS module for GlusterFS fails to compile due to recent changes done to >some API signatures. Therefore adding missing arguments to those APIs >adapting to new signatures. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13330 > >Signed-off-by: Anoop C S <anoopcs@redhat.com> >Reviewed-by: Guenther Deschner <gd@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Sun Feb 3 17:00:33 CET 2019 on sn-devel-144 > >(cherry picked from commit 0e3eda5bab5ae9316a42725aea048fb350020ec7) >--- > source3/modules/vfs_glusterfs.c | 19 +++++++++++++++++++ > source3/wscript | 3 +++ > 2 files changed, 22 insertions(+) > >diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c >index c9d57b4b646..a5d93ab5251 100644 >--- a/source3/modules/vfs_glusterfs.c >+++ b/source3/modules/vfs_glusterfs.c >@@ -633,7 +633,11 @@ static ssize_t vfs_gluster_pread(struct vfs_handle_struct *handle, > return -1; > } > >+#ifdef HAVE_GFAPI_VER_7_6 >+ return glfs_pread(glfd, data, n, offset, 0, NULL); >+#else > return glfs_pread(glfd, data, n, offset, 0); >+#endif > } > > struct glusterfs_aio_state; >@@ -664,7 +668,14 @@ static int aio_wrapper_destructor(struct glusterfs_aio_wrapper *wrap) > * threads once the async IO submitted is complete. To notify > * Samba of the completion we use a pipe based queue. > */ >+#ifdef HAVE_GFAPI_VER_7_6 >+static void aio_glusterfs_done(glfs_fd_t *fd, ssize_t ret, >+ struct glfs_stat *prestat, >+ struct glfs_stat *poststat, >+ void *data) >+#else > static void aio_glusterfs_done(glfs_fd_t *fd, ssize_t ret, void *data) >+#endif > { > struct glusterfs_aio_state *state = NULL; > int sts = 0; >@@ -954,7 +965,11 @@ static ssize_t vfs_gluster_pwrite(struct vfs_handle_struct *handle, > return -1; > } > >+#ifdef HAVE_GFAPI_VER_7_6 >+ return glfs_pwrite(glfd, data, n, offset, 0, NULL, NULL); >+#else > return glfs_pwrite(glfd, data, n, offset, 0); >+#endif > } > > static off_t vfs_gluster_lseek(struct vfs_handle_struct *handle, >@@ -1239,7 +1254,11 @@ static int vfs_gluster_ftruncate(struct vfs_handle_struct *handle, > return -1; > } > >+#ifdef HAVE_GFAPI_VER_7_6 >+ return glfs_ftruncate(glfd, offset, NULL, NULL); >+#else > return glfs_ftruncate(glfd, offset); >+#endif > } > > static int vfs_gluster_fallocate(struct vfs_handle_struct *handle, >diff --git a/source3/wscript b/source3/wscript >index 24e52e592c9..97fdae02203 100644 >--- a/source3/wscript >+++ b/source3/wscript >@@ -1570,6 +1570,9 @@ main() { > conf.CHECK_CFG(package='glusterfs-api', args='"glusterfs-api >= 6" --cflags --libs', > msg='Checking for glusterfs-api >= 6', > uselib_store="GFAPI_VER_6") >+ conf.CHECK_CFG(package='glusterfs-api', args='"glusterfs-api >= 7.6" --cflags --libs', >+ msg='Checking for glusterfs-api >= 7.6', >+ uselib_store="GFAPI_VER_7_6") > else: > conf.SET_TARGET_TYPE('gfapi', 'EMPTY') > conf.undefine('HAVE_GLUSTERFS') >-- >2.17.1 > > >From 334f1e6f56a10097ce918620dc484e9eb0a5b83b Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Wed, 16 Jan 2019 15:17:38 +1300 >Subject: [PATCH 20/47] join: Fix TypeError when handling exception > >When we can't resolve a domain name, we were inadvertently throwing a >TypeError whilst trying to output a helpful message. E.g. > >ERROR(<class 'TypeError'>): uncaught exception - 'NTSTATUSError' object >does not support indexing > >Instead of indexing the object, we want to index the Exception.args so >that we just display the string portion of the exception error. > >The same problem is also present for the domain trust commands. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Rowland Penny <rpenny@samba.org> >Reviewed-by: Jeremy Allison <rpenny@samba.org> >(cherry picked from commit 3bb7808984c163a7bba66fb983411d1281589722) >--- > python/samba/join.py | 2 +- > python/samba/netcmd/domain.py | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > >diff --git a/python/samba/join.py b/python/samba/join.py >index cf5d1b92b66..28b7f0b8300 100644 >--- a/python/samba/join.py >+++ b/python/samba/join.py >@@ -346,7 +346,7 @@ class DCJoinContext(object): > ctx.cldap_ret = ctx.net.finddc(domain=domain, flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE) > except NTSTATUSError as error: > raise Exception("Failed to find a writeable DC for domain '%s': %s" % >- (domain, error[1])) >+ (domain, error.args[1])) > except Exception: > raise Exception("Failed to find a writeable DC for domain '%s'" % domain) > if ctx.cldap_ret.client_site is not None and ctx.cldap_ret.client_site != "": >diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py >index 9c5ae21fdd7..b7aedc16a91 100644 >--- a/python/samba/netcmd/domain.py >+++ b/python/samba/netcmd/domain.py >@@ -1802,7 +1802,7 @@ class DomainTrustCommand(Command): > remote_info = remote_net.finddc(flags=remote_flags, domain=domain, address=remote_server) > except NTSTATUSError as error: > raise CommandError("Failed to find a writeable DC for domain '%s': %s" % >- (domain, error[1])) >+ (domain, error.args[1])) > except Exception: > raise CommandError("Failed to find a writeable DC for domain '%s'" % domain) > flag_map = { >-- >2.17.1 > > >From 56549fd07d690e8fe615f5dd291c1d798045a03b Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Wed, 16 Jan 2019 15:37:00 +1300 >Subject: [PATCH 21/47] join: Throw CommandError instead of Exception for > simple errors > >Throwing an exception here still dumps out the Python stack trace, which >can be a little disconcerting for users. > >In this case, the stack trace isn't going to really help at all (the >problem is pretty obvious), and it obscures the useful message >explaining what went wrong. > >Throw a CommandError instead, which samba-tool will catch and display >more nicely. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Rowland Penny <rpenny@samba.org> >Reviewed-by: Jeremy Allison <rpenny@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Wed Jan 16 22:11:04 CET 2019 on sn-devel-144 > >(cherry picked from commit 9e4b08f4c384b8cae5ad853a7be7cf03e2749be5) >--- > python/samba/join.py | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > >diff --git a/python/samba/join.py b/python/samba/join.py >index 28b7f0b8300..da8dcb050d3 100644 >--- a/python/samba/join.py >+++ b/python/samba/join.py >@@ -50,6 +50,7 @@ import os > import tempfile > from samba.compat import text_type > from samba.compat import get_string >+from samba.netcmd import CommandError > > > class DCJoinException(Exception): >@@ -345,10 +346,10 @@ class DCJoinContext(object): > try: > ctx.cldap_ret = ctx.net.finddc(domain=domain, flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS | nbt.NBT_SERVER_WRITABLE) > except NTSTATUSError as error: >- raise Exception("Failed to find a writeable DC for domain '%s': %s" % >- (domain, error.args[1])) >+ raise CommandError("Failed to find a writeable DC for domain '%s': %s" % >+ (domain, error.args[1])) > except Exception: >- raise Exception("Failed to find a writeable DC for domain '%s'" % domain) >+ raise CommandError("Failed to find a writeable DC for domain '%s'" % domain) > if ctx.cldap_ret.client_site is not None and ctx.cldap_ret.client_site != "": > ctx.site = ctx.cldap_ret.client_site > return ctx.cldap_ret.pdc_dns_name >-- >2.17.1 > > >From 6990f5018d90ba9be680f50cc812fafc73f67d7c Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Tue, 15 Jan 2019 08:45:26 -0800 >Subject: [PATCH 22/47] python: dns_hub: Fix indentation of 'raise' on error. > >Remove second socket.sendto(). > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=13750 >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Andreas Schneider <asn@samba.org> >(cherry picked from commit dd231a16a338cfe63d12cadf0fc3e2ebe7cac828) >--- > python/samba/tests/dns_forwarder_helpers/dns_hub.py | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > >diff --git a/python/samba/tests/dns_forwarder_helpers/dns_hub.py b/python/samba/tests/dns_forwarder_helpers/dns_hub.py >index 81aa478f4ba..cf9beb7fa7a 100755 >--- a/python/samba/tests/dns_forwarder_helpers/dns_hub.py >+++ b/python/samba/tests/dns_forwarder_helpers/dns_hub.py >@@ -123,9 +123,7 @@ class DnsHandler(sserver.BaseRequestHandler): > except socket.error as err: > print("Error sending %s to address %s for name %s: %s\n" % > (forwarder, self.client_address, name, err.errno)) >- raise >- >- socket.sendto(send_packet, self.client_address) >+ raise > > class server_thread(threading.Thread): > def __init__(self, server): >-- >2.17.1 > > >From 520c062db5fa67789133eaed0887367392b14fa6 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Tue, 22 Jan 2019 09:24:35 -0800 >Subject: [PATCH 23/47] libcli: dns: Change internal DNS_REQUEST_TIMEOUT from 2 > to 10 seconds. > >Should make us more robust when dealing with slow DNS servers. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13750 > >Signed-off-by: Jeremy Allison <jra@samba.org> >Reviewed-by: Volker Lendecke <vl@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Tue Jan 22 23:37:16 CET 2019 on sn-devel-144 > >(cherry picked from commit 36c42e6d629a0d4b0e5c60bdd68e08a8e60c477a) >--- > libcli/dns/dns.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/libcli/dns/dns.c b/libcli/dns/dns.c >index 1321b1d2d38..718bf56b3bd 100644 >--- a/libcli/dns/dns.c >+++ b/libcli/dns/dns.c >@@ -39,7 +39,7 @@ struct dns_udp_request_state { > size_t reply_len; > }; > >-#define DNS_REQUEST_TIMEOUT 2 >+#define DNS_REQUEST_TIMEOUT 10 > > /* Declare callback functions used below. */ > static void dns_udp_request_get_reply(struct tevent_req *subreq); >-- >2.17.1 > > >From 9d2e05b1a6d8872d6f059097ce5125d7f25c29aa Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 17 Jan 2019 16:29:37 +0100 >Subject: [PATCH 24/47] manpages/samba.7.xml: smbcontrol can also work with > 'samba' >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Björn Baumbach <bbaumbach@samba.org> >(cherry picked from commit 12b9adec3ff48f4356f9ff865891dc3c652ff86b) >--- > docs-xml/manpages/samba.7.xml | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/docs-xml/manpages/samba.7.xml b/docs-xml/manpages/samba.7.xml >index 5b72d659871..836ed23619f 100644 >--- a/docs-xml/manpages/samba.7.xml >+++ b/docs-xml/manpages/samba.7.xml >@@ -166,7 +166,7 @@ > <manvolnum>1</manvolnum></citerefentry></term> > <listitem><para><command>smbcontrol</command> is a utility > that can change the behaviour of running >- <command>smbd</command>, <command>nmbd</command> and >+ <command>samba</command>, <command>smbd</command>, <command>nmbd</command> and > <command>winbindd</command> daemons. > </para></listitem> > </varlistentry> >-- >2.17.1 > > >From f105c379545ad51227126a239a60f946a2ab4a09 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 15 Jan 2019 01:39:06 +0100 >Subject: [PATCH 25/47] s4:messaging: add support 'smbcontrol <pid> > debug/debuglevel' >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Björn Baumbach <bbaumbach@samba.org> >(cherry picked from commit 3a0c1da432c53de234b54bac90a3fb84534994eb) >--- > source4/lib/messaging/messaging.c | 72 +++++++++++++++++++++++++++++++ > 1 file changed, 72 insertions(+) > >diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c >index 6c10289515f..6cf58539a75 100644 >--- a/source4/lib/messaging/messaging.c >+++ b/source4/lib/messaging/messaging.c >@@ -121,6 +121,68 @@ static void ringbuf_log_msg(struct imessaging_context *msg, > imessaging_send(msg, src, MSG_RINGBUF_LOG, &blob); > } > >+/**************************************************************************** >+ Receive a "set debug level" message. >+****************************************************************************/ >+ >+static void debug_imessage(struct imessaging_context *msg_ctx, >+ void *private_data, >+ uint32_t msg_type, >+ struct server_id src, >+ DATA_BLOB *data) >+{ >+ const char *params_str = (const char *)data->data; >+ struct server_id_buf src_buf; >+ struct server_id dst = imessaging_get_server_id(msg_ctx); >+ struct server_id_buf dst_buf; >+ >+ /* Check, it's a proper string! */ >+ if (params_str[(data->length)-1] != '\0') { >+ DBG_ERR("Invalid debug message from pid %s to pid %s\n", >+ server_id_str_buf(src, &src_buf), >+ server_id_str_buf(dst, &dst_buf)); >+ return; >+ } >+ >+ DBG_ERR("INFO: Remote set of debug to `%s' (pid %s from pid %s)\n", >+ params_str, >+ server_id_str_buf(dst, &dst_buf), >+ server_id_str_buf(src, &src_buf)); >+ >+ debug_parse_levels(params_str); >+} >+ >+/**************************************************************************** >+ Return current debug level. >+****************************************************************************/ >+ >+static void debuglevel_imessage(struct imessaging_context *msg_ctx, >+ void *private_data, >+ uint32_t msg_type, >+ struct server_id src, >+ DATA_BLOB *data) >+{ >+ char *message = debug_list_class_names_and_levels(); >+ DATA_BLOB blob = data_blob_null; >+ struct server_id_buf src_buf; >+ struct server_id dst = imessaging_get_server_id(msg_ctx); >+ struct server_id_buf dst_buf; >+ >+ DBG_DEBUG("Received REQ_DEBUGLEVEL message (pid %s from pid %s)\n", >+ server_id_str_buf(dst, &dst_buf), >+ server_id_str_buf(src, &src_buf)); >+ >+ if (message == NULL) { >+ DBG_ERR("debug_list_class_names_and_levels returned NULL\n"); >+ return; >+ } >+ >+ blob = data_blob_string_const_null(message); >+ imessaging_send(msg_ctx, src, MSG_DEBUGLEVEL, &blob); >+ >+ TALLOC_FREE(message); >+} >+ > /* > return uptime of messaging server via irpc > */ >@@ -460,6 +522,16 @@ struct imessaging_context *imessaging_init(TALLOC_CTX *mem_ctx, > if (!NT_STATUS_IS_OK(status)) { > goto fail; > } >+ status = imessaging_register(msg, NULL, MSG_DEBUG, >+ debug_imessage); >+ if (!NT_STATUS_IS_OK(status)) { >+ goto fail; >+ } >+ status = imessaging_register(msg, NULL, MSG_REQ_DEBUGLEVEL, >+ debuglevel_imessage); >+ if (!NT_STATUS_IS_OK(status)) { >+ goto fail; >+ } > status = IRPC_REGISTER(msg, irpc, IRPC_UPTIME, irpc_uptime, msg); > if (!NT_STATUS_IS_OK(status)) { > goto fail; >-- >2.17.1 > > >From 45c19f4c25393bcc9db56e93a79ac25cef7e6280 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 28 Jan 2019 16:29:51 +0100 >Subject: [PATCH 26/47] s4:server: avoid using pid=0 for the parent 'samba' > process >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >It confuses the 'samba-tool processes' output and log messages. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Björn Baumbach <bbaumbach@samba.org> >(cherry picked from commit 5bd7a8e5685caa09067745b108ef7e53e3108e97) >--- > source4/smbd/server.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source4/smbd/server.c b/source4/smbd/server.c >index 086fed99273..0345c6ac7d3 100644 >--- a/source4/smbd/server.c >+++ b/source4/smbd/server.c >@@ -316,7 +316,7 @@ static NTSTATUS setup_parent_messaging(struct server_state *state, > > msg = imessaging_init(state->event_ctx, > lp_ctx, >- cluster_id(0, SAMBA_PARENT_TASKID), >+ cluster_id(getpid(), SAMBA_PARENT_TASKID), > state->event_ctx); > NT_STATUS_HAVE_NO_MEMORY(msg); > >-- >2.17.1 > > >From 902de86daa685b864594df5026f60d7cd7171b2e Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 17 Jan 2019 16:27:10 +0100 >Subject: [PATCH 27/47] s4:server: add support for 'smbcontrol samba shutdown' >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Björn Baumbach <bbaumbach@samba.org> >(cherry picked from commit 832776c0fcf7cc658c128765514755c2d15b06a6) >--- > source4/smbd/server.c | 37 ++++++++++++++++++++++++++++++++++++- > 1 file changed, 36 insertions(+), 1 deletion(-) > >diff --git a/source4/smbd/server.c b/source4/smbd/server.c >index 0345c6ac7d3..eeb46ffee6a 100644 >--- a/source4/smbd/server.c >+++ b/source4/smbd/server.c >@@ -45,6 +45,7 @@ > #include "libds/common/roles.h" > #include "lib/util/tfork.h" > #include "dsdb/samdb/ldb_modules/util.h" >+#include "lib/util/server_id.h" > > #ifdef HAVE_PTHREAD > #include <pthread.h> >@@ -291,6 +292,31 @@ static int prime_ldb_databases(struct tevent_context *event_ctx, bool *am_backup > return LDB_SUCCESS; > } > >+/* >+ called from 'smbcontrol samba shutdown' >+ */ >+static void samba_parent_shutdown(struct imessaging_context *msg, >+ void *private_data, >+ uint32_t msg_type, >+ struct server_id src, >+ DATA_BLOB *data) >+{ >+ struct server_state *state = >+ talloc_get_type_abort(private_data, >+ struct server_state); >+ struct server_id_buf src_buf; >+ struct server_id dst = imessaging_get_server_id(msg); >+ struct server_id_buf dst_buf; >+ >+ DBG_ERR("samba_shutdown of %s %s: from %s\n", >+ state->binary_name, >+ server_id_str_buf(dst, &dst_buf), >+ server_id_str_buf(src, &src_buf)); >+ >+ TALLOC_FREE(state); >+ exit(0); >+} >+ > /* > called when a fatal condition occurs in a child task > */ >@@ -325,10 +351,19 @@ static NTSTATUS setup_parent_messaging(struct server_state *state, > return status; > } > >+ status = imessaging_register(msg, state, MSG_SHUTDOWN, >+ samba_parent_shutdown); >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } >+ > status = IRPC_REGISTER(msg, irpc, SAMBA_TERMINATE, > samba_terminate, state); >+ if (!NT_STATUS_IS_OK(status)) { >+ return status; >+ } > >- return status; >+ return NT_STATUS_OK; > } > > >-- >2.17.1 > > >From a2e889740b3fa42e0287b499992366a73a3cae43 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Thu, 17 Jan 2019 23:50:45 +0100 >Subject: [PATCH 28/47] selftest:Samba4: use 'smbcontrol samba shutdown' >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >Reviewed-by: Björn Baumbach <bbaumbach@samba.org> > >Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> >Autobuild-Date(master): Wed Jan 30 01:51:48 CET 2019 on sn-devel-144 > >(cherry picked from commit d03991f569b54ae0a11911b622107fbae701715d) >--- > selftest/target/Samba4.pm | 9 +++++++++ > 1 file changed, 9 insertions(+) > >diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm >index f2635e574cd..b662776a847 100755 >--- a/selftest/target/Samba4.pm >+++ b/selftest/target/Samba4.pm >@@ -2221,6 +2221,15 @@ sub teardown_env_terminate($$) > my ($self, $envvars) = @_; > my $pid; > >+ # This should cause samba to terminate gracefully >+ my $smbcontrol = Samba::bindir_path($self, "smbcontrol"); >+ my $cmd = ""; >+ $cmd .= "$smbcontrol samba shutdown $envvars->{CONFIGURATION}"; >+ my $ret = system($cmd); >+ if ($ret != 0) { >+ warn "'$cmd' failed with '$ret'\n"; >+ } >+ > # This should cause samba to terminate gracefully > close($envvars->{STDIN_PIPE}); > >-- >2.17.1 > > >From f8773e8a78e6dc666f9b6b49e897b1a070898113 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Thu, 17 Jan 2019 15:21:07 +0100 >Subject: [PATCH 29/47] s3-vfs: add glusterfs_fuse vfs module. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >This module only implements the get_real_filename function by accessing >a distinct extended attribute that is available over a glusterfs fuse >mount. > >By implementing this vfs function users of a glusterfs fuse mount >achieve a much better performance in create based workloads where samba >then can avoid trying multiple case folding options to detect the real >filename. > >Patch is based on an initial patch provided by >Poornima G <pgurusid@redhat.com> > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13774 > >Guenther > >Signed-off-by: Günther Deschner <gd@samba.org> >Reviewed-by: Ralph Boehme <slow@samba.org> > >Autobuild-User(master): Günther Deschner <gd@samba.org> >Autobuild-Date(master): Tue Jan 22 18:37:56 CET 2019 on sn-devel-144 > >(cherry picked from commit adffe0dcf002aa4721dc7897261895e3486d5271) >--- > docs-xml/manpages/vfs_glusterfs_fuse.8.xml | 103 +++++++++++++++++++++ > docs-xml/wscript_build | 1 + > source3/modules/vfs_glusterfs_fuse.c | 71 ++++++++++++++ > source3/modules/wscript_build | 8 ++ > source3/wscript | 1 + > 5 files changed, 184 insertions(+) > create mode 100644 docs-xml/manpages/vfs_glusterfs_fuse.8.xml > create mode 100644 source3/modules/vfs_glusterfs_fuse.c > >diff --git a/docs-xml/manpages/vfs_glusterfs_fuse.8.xml b/docs-xml/manpages/vfs_glusterfs_fuse.8.xml >new file mode 100644 >index 00000000000..b9f7f42c6f2 >--- /dev/null >+++ b/docs-xml/manpages/vfs_glusterfs_fuse.8.xml >@@ -0,0 +1,103 @@ >+<?xml version="1.0" encoding="iso-8859-1"?> >+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> >+<refentry id="vfs_glusterfs_fuse.8"> >+ >+<refmeta> >+ <refentrytitle>vfs_glusterfs_fuse</refentrytitle> >+ <manvolnum>8</manvolnum> >+ <refmiscinfo class="source">Samba</refmiscinfo> >+ <refmiscinfo class="manual">System Administration tools</refmiscinfo> >+ <refmiscinfo class="version">&doc.version;</refmiscinfo> >+</refmeta> >+ >+ >+<refnamediv> >+ <refname>vfs_glusterfs_fuse</refname> >+ <refpurpose> >+ Utilize features provided by GlusterFS >+ </refpurpose> >+</refnamediv> >+ >+<refsynopsisdiv> >+ <cmdsynopsis> >+ <command>vfs objects = glusterfs_fuse</command> >+ </cmdsynopsis> >+</refsynopsisdiv> >+ >+<refsect1> >+ <title>DESCRIPTION</title> >+ >+ <para>This VFS module is part of the >+ <citerefentry><refentrytitle>samba</refentrytitle> >+ <manvolnum>8</manvolnum></citerefentry> suite.</para> >+ >+ <para> >+ GlusterFS >+ (<ulink url="http://www.gluster.org/">http://www.gluster.org</ulink>) >+ is an Open Source clustered file system capable of scaling to >+ several peta-bytes. With its FUSE based native client, >+ GlusterFS is available as a POSIX compliant file system and can >+ hence be shared by Samba without additional steps. >+ </para> >+ >+ <para> >+ The <command>vfs_glusterfs_fuse</command> VFS module provides an enhanced way >+ to access a Gluster filesystem using a Gluster FUSE mount. It provides support >+ for the <command>get_real_filename</command> VFS call which enhances file access performance >+ by avoiding multiple expensive case folding lookup calls to detect the appropriate >+ case of an exisiting filename. >+ </para> >+ >+ <para> >+ This module can be combined with other modules, but it >+ should be the last module in the <command>vfs objects</command> >+ list. Modules added to this list to the right of the glusterfs >+ entry may not have any effect at all. >+ </para> >+</refsect1> >+ >+<refsect1> >+ <title>CONFIGURATION</title> >+ >+ <para> >+ A basic configuration looks like this. >+ </para> >+ >+ <programlisting> >+ <smbconfsection name="[share]"/> >+ <smbconfoption name="vfs objects">glusterfs_fuse</smbconfoption> >+ <smbconfoption name="path">/absolute/path_of_fusemount</smbconfoption> >+ </programlisting> >+ >+ <para> >+ Note that <command>vfs_glusterfs_fuse</command> requires a Gluster mount. For accessing glusterfs directly >+ over the GFAPI library please use the <command>vfs_glusterfs</command> module. >+ </para> >+</refsect1> >+ >+<refsect1> >+ <title>OPTIONS</title> >+ <para> >+ This module does currently have no further options. >+ </para> >+</refsect1> >+ >+<refsect1> >+ <title>VERSION</title> >+ >+ <para> >+ This man page is part of version &doc.version; of the Samba suite. >+ </para> >+</refsect1> >+ >+<refsect1> >+ <title>AUTHOR</title> >+ >+ <para>The original Samba software and related utilities >+ were created by Andrew Tridgell. Samba is now developed >+ by the Samba Team as an Open Source project similar >+ to the way the Linux kernel is developed.</para> >+ >+</refsect1> >+ >+</refentry> >diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build >index 1b4335cbb5d..86600ae4a82 100644 >--- a/docs-xml/wscript_build >+++ b/docs-xml/wscript_build >@@ -82,6 +82,7 @@ vfs_module_manpages = ['vfs_acl_tdb', > 'vfs_fruit', > 'vfs_full_audit', > 'vfs_glusterfs', >+ 'vfs_glusterfs_fuse', > 'vfs_gpfs', > 'vfs_linux_xfs_sgid', > 'vfs_media_harmony', >diff --git a/source3/modules/vfs_glusterfs_fuse.c b/source3/modules/vfs_glusterfs_fuse.c >new file mode 100644 >index 00000000000..64c1b0035c1 >--- /dev/null >+++ b/source3/modules/vfs_glusterfs_fuse.c >@@ -0,0 +1,71 @@ >+/* >+ Unix SMB/CIFS implementation. >+ >+ Copyright (c) 2019 Guenther Deschner <gd@samba.org> >+ >+ This program is free software; you can redistribute it and/or modify >+ it under the terms of the GNU General Public License as published by >+ the Free Software Foundation; either version 3 of the License, or >+ (at your option) any later version. >+ >+ This program is distributed in the hope that it will be useful, >+ but WITHOUT ANY WARRANTY; without even the implied warranty of >+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+ GNU General Public License for more details. >+ >+ You should have received a copy of the GNU General Public License >+ along with this program. If not, see <http://www.gnu.org/licenses/>. >+*/ >+ >+#include "includes.h" >+#include "smbd/smbd.h" >+#include "system/filesys.h" >+ >+static int vfs_gluster_fuse_get_real_filename(struct vfs_handle_struct *handle, >+ const char *path, >+ const char *name, >+ TALLOC_CTX *mem_ctx, >+ char **_found_name) >+{ >+ int ret; >+ char key_buf[NAME_MAX + 64]; >+ char val_buf[NAME_MAX + 1]; >+ char *found_name = NULL; >+ >+ if (strlen(name) >= NAME_MAX) { >+ errno = ENAMETOOLONG; >+ return -1; >+ } >+ >+ snprintf(key_buf, NAME_MAX + 64, >+ "glusterfs.get_real_filename:%s", name); >+ >+ ret = getxattr(path, key_buf, val_buf, NAME_MAX + 1); >+ if (ret == -1) { >+ if (errno == ENODATA) { >+ errno = EOPNOTSUPP; >+ } >+ return -1; >+ } >+ >+ found_name = talloc_strdup(mem_ctx, val_buf); >+ if (found_name == NULL) { >+ errno = ENOMEM; >+ return -1; >+ } >+ *_found_name = found_name; >+ return 0; >+} >+ >+struct vfs_fn_pointers glusterfs_fuse_fns = { >+ >+ /* File Operations */ >+ .get_real_filename_fn = vfs_gluster_fuse_get_real_filename, >+}; >+ >+static_decl_vfs; >+NTSTATUS vfs_glusterfs_fuse_init(TALLOC_CTX *ctx) >+{ >+ return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, >+ "glusterfs_fuse", &glusterfs_fuse_fns); >+} >diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build >index db083f50646..4a51002182f 100644 >--- a/source3/modules/wscript_build >+++ b/source3/modules/wscript_build >@@ -515,6 +515,14 @@ bld.SAMBA3_MODULE('vfs_glusterfs', > internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_glusterfs'), > enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_glusterfs')) > >+bld.SAMBA3_MODULE('vfs_glusterfs_fuse', >+ subsystem='vfs', >+ source='vfs_glusterfs_fuse.c', >+ deps='', >+ init_function='', >+ internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_glusterfs_fuse'), >+ enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_glusterfs_fuse')) >+ > bld.SAMBA3_MODULE('vfs_worm', > subsystem='vfs', > source='vfs_worm.c', >diff --git a/source3/wscript b/source3/wscript >index 97fdae02203..17331a1aa50 100644 >--- a/source3/wscript >+++ b/source3/wscript >@@ -1664,6 +1664,7 @@ main() { > vfs_media_harmony vfs_unityed_media vfs_fruit vfs_shell_snap > vfs_commit vfs_worm vfs_crossrename vfs_linux_xfs_sgid > vfs_time_audit vfs_offline vfs_virusfilter >+ vfs_glusterfs_fuse > ''')) > default_shared_modules.extend(TO_LIST('auth_script idmap_tdb2 idmap_script')) > # these have broken dependencies >-- >2.17.1 > > >From 676b549321abe61c63cb07681bd566b05369a876 Mon Sep 17 00:00:00 2001 >From: Anoop C S <anoopcs@redhat.com> >Date: Wed, 23 Jan 2019 15:40:43 +0530 >Subject: [PATCH 30/47] s3-vfs: Use ENOATTR in errno comparison for getxattr > >* ENODATA is not defined in FreeBSD >* ENOATTR is defined to be a synonym for ENODATA in Linux >* In its absence Samba already defines ENOATTR to either > ENODATA or ENOENT > >Thus it is safe and correct to compare with ENOATTR rather >than ENODATA. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13774 > >Signed-off-by: Anoop C S <anoopcs@redhat.com> >Reviewed-by: Uri Simchoni <uri@samba.org> >Reviewed-by: Jeremy Allison <jra@samba.org> > >Autobuild-User(master): Jeremy Allison <jra@samba.org> >Autobuild-Date(master): Wed Jan 23 21:59:10 CET 2019 on sn-devel-144 > >(cherry picked from commit c99402724a65f4e1f8ed4dcd236a43e0603bef0a) > >Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org> >Autobuild-Date(v4-10-test): Tue Feb 5 23:59:06 CET 2019 on sn-devel-144 >--- > source3/modules/posixacl_xattr.c | 4 ++-- > source3/modules/vfs_glusterfs.c | 2 +- > source3/modules/vfs_glusterfs_fuse.c | 2 +- > 3 files changed, 4 insertions(+), 4 deletions(-) > >diff --git a/source3/modules/posixacl_xattr.c b/source3/modules/posixacl_xattr.c >index 8f6f365bff9..6f016e17e0b 100644 >--- a/source3/modules/posixacl_xattr.c >+++ b/source3/modules/posixacl_xattr.c >@@ -379,7 +379,7 @@ SMB_ACL_T posixacl_xattr_acl_get_file(vfs_handle_struct *handle, > if (ret > 0) { > return posixacl_xattr_to_smb_acl(buf, ret, mem_ctx); > } >- if (ret == 0 || errno == ENOATTR || errno == ENODATA) { >+ if (ret == 0 || errno == ENOATTR) { > mode_t mode = 0; > TALLOC_CTX *frame = talloc_stackframe(); > struct smb_filename *smb_fname_tmp = >@@ -434,7 +434,7 @@ SMB_ACL_T posixacl_xattr_acl_get_fd(vfs_handle_struct *handle, > if (ret > 0) { > return posixacl_xattr_to_smb_acl(buf, ret, mem_ctx); > } >- if (ret == 0 || errno == ENOATTR || errno == ENODATA) { >+ if (ret == 0 || errno == ENOATTR) { > SMB_STRUCT_STAT sbuf; > ret = SMB_VFS_FSTAT(fsp, &sbuf); > if (ret == 0) >diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c >index a5d93ab5251..601be5a2da4 100644 >--- a/source3/modules/vfs_glusterfs.c >+++ b/source3/modules/vfs_glusterfs.c >@@ -1462,7 +1462,7 @@ static int vfs_gluster_get_real_filename(struct vfs_handle_struct *handle, > > ret = glfs_getxattr(handle->data, path, key_buf, val_buf, NAME_MAX + 1); > if (ret == -1) { >- if (errno == ENODATA) { >+ if (errno == ENOATTR) { > errno = EOPNOTSUPP; > } > return -1; >diff --git a/source3/modules/vfs_glusterfs_fuse.c b/source3/modules/vfs_glusterfs_fuse.c >index 64c1b0035c1..8855cd18d01 100644 >--- a/source3/modules/vfs_glusterfs_fuse.c >+++ b/source3/modules/vfs_glusterfs_fuse.c >@@ -42,7 +42,7 @@ static int vfs_gluster_fuse_get_real_filename(struct vfs_handle_struct *handle, > > ret = getxattr(path, key_buf, val_buf, NAME_MAX + 1); > if (ret == -1) { >- if (errno == ENODATA) { >+ if (errno == ENOATTR) { > errno = EOPNOTSUPP; > } > return -1; >-- >2.17.1 > > >From d902eec5bae7e862ee8a19460f028189c8eb39d2 Mon Sep 17 00:00:00 2001 >From: Karolin Seeger <kseeger@samba.org> >Date: Wed, 6 Feb 2019 08:57:04 +0100 >Subject: [PATCH 31/47] WHATSNEW: Add release notes for Samba 4.10.0rc2. > >Signed-off-by: Karolin Seeger <kseeger@samba.org> >--- > WHATSNEW.txt | 32 +++++++++++++++++++++++++++++++- > 1 file changed, 31 insertions(+), 1 deletion(-) > >diff --git a/WHATSNEW.txt b/WHATSNEW.txt >index bed631c5eaa..8bbb1fd705f 100644 >--- a/WHATSNEW.txt >+++ b/WHATSNEW.txt >@@ -1,7 +1,7 @@ > Release Announcements > ===================== > >-This is the first release candidate of Samba 4.10. This is *not* >+This is the second release candidate of Samba 4.10. This is *not* > intended for production environments and is designed for testing > purposes only. Please report any defects via the Samba bug reporting > system at https://bugzilla.samba.org/. >@@ -208,6 +208,36 @@ smb.conf changes > smbd getinfo ask sharemode New: similar to "smbd search ask yes > sharemode" but for SMB getinfo > >+ >+CHANGES SINCE 4.10.0rc1 >+======================= >+ >+o Jeremy Allison <jra@samba.org> >+ * BUG 13750: libcli: dns: Change internal DNS_REQUEST_TIMEOUT from 2 to 10 >+ seconds. >+ >+o Tim Beale <timbeale@catalyst.net.nz> >+ * BUG 13676: samba-tool SMB/sysvol connections do not work if SMBv1 is >+ disabled. >+ * BUG 13747: join: Throw CommandError instead of Exception for simple errors. >+ >+o Günther Deschner <gd@samba.org> >+ * BUG 13774: s3-vfs: Add glusterfs_fuse vfs module. >+ >+o Volker Lendecke <vl@samba.org> >+ * BUG 13742: ctdb: Print locks latency in machinereadable stats. >+ >+o Stefan Metzmacher <metze@samba.org> >+ * BUG 13752: s4:server: Add support for 'smbcontrol samba shutdown'. >+ >+o Anoop C S <anoopcs@redhat.com> >+ * BUG 13330: vfs_glusterfs: Adapt to changes in libgfapi signatures. >+ * BUG 13774: s3-vfs: Use ENOATTR in errno comparison for getxattr. >+ >+o Justin Stephenson <jstephen@redhat.com> >+ * BUG 13727: s3:libsmb: Honor disable_netbios option in smbsock_connect_send. >+ >+ > KNOWN ISSUES > ============ > >-- >2.17.1 > > >From 61e654828c1340a6b5814a62ada39491ca2c6380 Mon Sep 17 00:00:00 2001 >From: Karolin Seeger <kseeger@samba.org> >Date: Wed, 6 Feb 2019 08:59:54 +0100 >Subject: [PATCH 32/47] VERSION: Diable GIT_SNAPSHOT for the 4.10.0rc2 release. > >Signed-off-by: Karolin Seeger <kseeger@samba.org> >--- > VERSION | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/VERSION b/VERSION >index 60f28019c64..a251f875c42 100644 >--- a/VERSION >+++ b/VERSION >@@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE=2 > # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # > # -> "3.0.0-SVN-build-199" # > ######################################################## >-SAMBA_VERSION_IS_GIT_SNAPSHOT=yes >+SAMBA_VERSION_IS_GIT_SNAPSHOT=no > > ######################################################## > # This is for specifying a release nickname # >-- >2.17.1 > > >From 0c75bfe674b9e2d3fc9671fb85b334c0a392e13d Mon Sep 17 00:00:00 2001 >From: Karolin Seeger <kseeger@samba.org> >Date: Wed, 6 Feb 2019 09:00:43 +0100 >Subject: [PATCH 33/47] VERSION: Bump version up to 4.10.0rc2... > >and re-enable GIT_SNAPSHOT. > >Signed-off-by: Karolin Seeger <kseeger@samba.org> >--- > VERSION | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/VERSION b/VERSION >index a251f875c42..d457f23e00e 100644 >--- a/VERSION >+++ b/VERSION >@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= > # e.g. SAMBA_VERSION_RC_RELEASE=1 # > # -> "3.0.0rc1" # > ######################################################## >-SAMBA_VERSION_RC_RELEASE=2 >+SAMBA_VERSION_RC_RELEASE=3 > > ######################################################## > # To mark SVN snapshots this should be set to 'yes' # >@@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE=2 > # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # > # -> "3.0.0-SVN-build-199" # > ######################################################## >-SAMBA_VERSION_IS_GIT_SNAPSHOT=no >+SAMBA_VERSION_IS_GIT_SNAPSHOT=yes > > ######################################################## > # This is for specifying a release nickname # >-- >2.17.1 > > >From 7fc3481765720d2fa0324f297e4a658520fb092f Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Thu, 10 Jan 2019 13:34:18 +1300 >Subject: [PATCH 34/47] ldb: Avoid inefficient one-level searches > >Commit 88ae60ed186c9 introduced a problem that made one-level >searches inefficient if there were a lot of child objects in the same >level, and the requested object didn't exist. Basically, it ignored the >case where ldb_kv_index_dn() returned LDB_ERR_NO_SUCH_OBJECT, i.e. the >indexed lookup was successful, but didn't find a match. At which point, >there was no more processing we needed to do. > >The behaviour after 88ae60ed186c9 was to fall-through and run the >ldb_kv_index_filter() function over *all* the children. This still >returned the correct result, but could be costly if there were a lot of >children. > >The case 88ae60ed186c9 was trying to fix was where we could not do >an indexed search (e.g. trying to match on a 'attribute=*' filter). In >which case we want to ignore the LDB_ERR_OPERATIONS_ERROR and just run >ldb_kv_index_filter() over all the children. This is still more >efficient than the fallback of doing a full database scan. > >This patch adds in a short-circuit for the NO_SUCH_OBJECT case, so we >can skip the unnecessary ldb_kv_index_filter() work. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 9a893f9613bd6440abd8e487d22a39ab5b82a7b9) >--- > lib/ldb/ldb_key_value/ldb_kv_index.c | 17 ++++++++++++++--- > 1 file changed, 14 insertions(+), 3 deletions(-) > >diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c >index 6c21c19d654..2ada48d0840 100644 >--- a/lib/ldb/ldb_key_value/ldb_kv_index.c >+++ b/lib/ldb/ldb_key_value/ldb_kv_index.c >@@ -2051,13 +2051,24 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) > } > /* > * Here we load the index for the tree. >- * >+ */ >+ ret = ldb_kv_index_dn( >+ ac->module, ldb_kv, ac->tree, idx_one_tree_list); >+ >+ /* >+ * We can stop if we're sure the object doesn't exist >+ */ >+ if (ret == LDB_ERR_NO_SUCH_OBJECT) { >+ talloc_free(idx_one_tree_list); >+ talloc_free(dn_list); >+ return LDB_ERR_NO_SUCH_OBJECT; >+ } >+ >+ /* > * We only care if this is successful, if the > * index can't trim the result list down then > * the ONELEVEL index is still good enough. > */ >- ret = ldb_kv_index_dn( >- ac->module, ldb_kv, ac->tree, idx_one_tree_list); > if (ret == LDB_SUCCESS) { > if (!list_intersect(ldb, > ldb_kv, >-- >2.17.1 > > >From f7774530936bc3e9795b2f0089c984641ab5c5c9 Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Thu, 10 Jan 2019 13:53:47 +1300 >Subject: [PATCH 35/47] ldb: Remove comment that no longer makes sense > >This comment was written before the GUID_index_attribute block of code >existed. So we now *do* load the index values and *do* check for a >strict intersect, so the comment is redundant. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 72928444823c5b18ac9ef98e7432c999d70aa571) >--- > lib/ldb/ldb_key_value/ldb_kv_index.c | 5 ----- > 1 file changed, 5 deletions(-) > >diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c >index 2ada48d0840..9c65b6fb92a 100644 >--- a/lib/ldb/ldb_key_value/ldb_kv_index.c >+++ b/lib/ldb/ldb_key_value/ldb_kv_index.c >@@ -2008,11 +2008,6 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) > return ldb_operr(ldb); > > case LDB_SCOPE_ONELEVEL: >- /* >- * If we ever start to also load the index values for >- * the tree, we must ensure we strictly intersect with >- * this list, as we trust the ONELEVEL index >- */ > ret = ldb_kv_index_dn_one(ac->module, > ldb_kv, > ac->base, >-- >2.17.1 > > >From 62fea7e9c3f94d254e6c9f72cd690137c2ee556c Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Thu, 10 Jan 2019 14:19:19 +1300 >Subject: [PATCH 36/47] ldb: Elaborate on ldb_kv_search_indexed() comments > >Disclaimer: this is based on my limited understanding of what the code >is doing. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 132600685b8c5d4964f20634cd7a64b14f41cfa7) >--- > lib/ldb/ldb_key_value/ldb_kv_index.c | 33 ++++++++++++++++++++++------ > 1 file changed, 26 insertions(+), 7 deletions(-) > >diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c >index 9c65b6fb92a..d8bdf61fc1b 100644 >--- a/lib/ldb/ldb_key_value/ldb_kv_index.c >+++ b/lib/ldb/ldb_key_value/ldb_kv_index.c >@@ -2008,6 +2008,12 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) > return ldb_operr(ldb); > > case LDB_SCOPE_ONELEVEL: >+ >+ /* >+ * First, load all the one-level child objects (regardless of >+ * whether they match the search filter or not). The database >+ * maintains a one-level index, so retrieving this is quick. >+ */ > ret = ldb_kv_index_dn_one(ac->module, > ldb_kv, > ac->base, >@@ -2019,9 +2025,12 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) > } > > /* >- * If we have too many matches, running the filter >- * tree over the SCOPE_ONELEVEL can be quite expensive >- * so we now check the filter tree index as well. >+ * If we have too many children, running ldb_kv_index_filter() >+ * over all the child objects can be quite expensive. So next >+ * we do a separate indexed query using the search filter. >+ * >+ * This should be quick, but it may return objects that are not >+ * the direct one-level child objects we're interested in. > * > * We only do this in the GUID index mode, which is > * O(n*log(m)) otherwise the intersection below will >@@ -2044,8 +2053,9 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) > talloc_free(dn_list); > return LDB_ERR_OPERATIONS_ERROR; > } >+ > /* >- * Here we load the index for the tree. >+ * Try to do an indexed database search > */ > ret = ldb_kv_index_dn( > ac->module, ldb_kv, ac->tree, idx_one_tree_list); >@@ -2060,9 +2070,18 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) > } > > /* >- * We only care if this is successful, if the >- * index can't trim the result list down then >- * the ONELEVEL index is still good enough. >+ * Once we have a successful search result, we >+ * intersect it with the one-level children (dn_list). >+ * This should give us exactly the result we're after >+ * (we still need to run ldb_kv_index_filter() to >+ * handle potential index truncation cases). >+ * >+ * The indexed search may fail because we don't support >+ * indexing on that type of search operation, e.g. >+ * matching against '*'. In which case we fall through >+ * and run ldb_kv_index_filter() over all the one-level >+ * children (which is still better than bailing out here >+ * and falling back to a full DB scan). > */ > if (ret == LDB_SUCCESS) { > if (!list_intersect(ldb, >-- >2.17.1 > > >From 2a915942295e6cdc87dc9aab6cf2c8c78741f26e Mon Sep 17 00:00:00 2001 >From: Tim Beale <timbeale@catalyst.net.nz> >Date: Thu, 10 Jan 2019 14:25:06 +1300 >Subject: [PATCH 37/47] ldb: Rename variable > >The old name confused me because it's not really related to the >one-level index at all. It's the result from evaluating the indexed >search specified in the ac->tree. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 > >Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 57a565b2fd680fc1a34f4ab91c6f6314f68ef67f) >--- > lib/ldb/ldb_key_value/ldb_kv_index.c | 15 ++++++++------- > 1 file changed, 8 insertions(+), 7 deletions(-) > >diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c >index d8bdf61fc1b..9a4a0db7e74 100644 >--- a/lib/ldb/ldb_key_value/ldb_kv_index.c >+++ b/lib/ldb/ldb_key_value/ldb_kv_index.c >@@ -2041,15 +2041,15 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) > * fast enough in the small case. > */ > if (ldb_kv->cache->GUID_index_attribute != NULL) { >- struct dn_list *idx_one_tree_list >+ struct dn_list *indexed_search_result > = talloc_zero(ac, struct dn_list); >- if (idx_one_tree_list == NULL) { >+ if (indexed_search_result == NULL) { > talloc_free(dn_list); > return ldb_module_oom(ac->module); > } > > if (!ldb_kv->cache->attribute_indexes) { >- talloc_free(idx_one_tree_list); >+ talloc_free(indexed_search_result); > talloc_free(dn_list); > return LDB_ERR_OPERATIONS_ERROR; > } >@@ -2058,13 +2058,14 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) > * Try to do an indexed database search > */ > ret = ldb_kv_index_dn( >- ac->module, ldb_kv, ac->tree, idx_one_tree_list); >+ ac->module, ldb_kv, ac->tree, >+ indexed_search_result); > > /* > * We can stop if we're sure the object doesn't exist > */ > if (ret == LDB_ERR_NO_SUCH_OBJECT) { >- talloc_free(idx_one_tree_list); >+ talloc_free(indexed_search_result); > talloc_free(dn_list); > return LDB_ERR_NO_SUCH_OBJECT; > } >@@ -2087,8 +2088,8 @@ int ldb_kv_search_indexed(struct ldb_kv_context *ac, uint32_t *match_count) > if (!list_intersect(ldb, > ldb_kv, > dn_list, >- idx_one_tree_list)) { >- talloc_free(idx_one_tree_list); >+ indexed_search_result)) { >+ talloc_free(indexed_search_result); > talloc_free(dn_list); > return LDB_ERR_OPERATIONS_ERROR; > } >-- >2.17.1 > > >From bb850a075024ad8ac26a25681339f6ce88334aba Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 1 Feb 2019 14:22:17 +1300 >Subject: [PATCH 38/47] ldb: Add even more comments on what strict does to the > list intersections > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >(cherry picked from commit e7f524fd2128aacb82e980652af8eb6fd275e1a8) >--- > lib/ldb/ldb_key_value/ldb_kv_index.c | 16 +++++++++++++++- > 1 file changed, 15 insertions(+), 1 deletion(-) > >diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c b/lib/ldb/ldb_key_value/ldb_kv_index.c >index 9a4a0db7e74..6d02c91a597 100644 >--- a/lib/ldb/ldb_key_value/ldb_kv_index.c >+++ b/lib/ldb/ldb_key_value/ldb_kv_index.c >@@ -1259,6 +1259,14 @@ static bool list_intersect(struct ldb_context *ldb, > return true; > } > >+ /* >+ * In both of the below we check for strict and in that >+ * case do not optimise the intersection of this list, >+ * we must never return an entry not in this >+ * list. This allows the index for >+ * SCOPE_ONELEVEL to be trusted. >+ */ >+ > /* the indexing code is allowed to return a longer list than > what really matches, as all results are filtered by the > full expression at the end - this shortcut avoids a lot of >@@ -1660,7 +1668,13 @@ static int ldb_kv_index_dn_one(struct ldb_module *module, > struct dn_list *list, > enum key_truncation *truncation) > { >- /* Ensure we do not shortcut on intersection for this list */ >+ /* >+ * Ensure we do not shortcut on intersection for this list. >+ * We must never be lazy and return an entry not in this >+ * list. This allows the index for >+ * SCOPE_ONELEVEL to be trusted. >+ */ >+ > list->strict = true; > return ldb_kv_index_dn_attr( > module, ldb_kv, LDB_KV_IDXONE, parent_dn, list, truncation); >-- >2.17.1 > > >From e21e24d8345e441d639020affc1f6ee59762725d Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 1 Feb 2019 14:41:18 +1300 >Subject: [PATCH 39/47] ldb: Release ldb 1.5.3 > >* Avoid inefficient one-level searches (bug 13762) >* The test api.py should not rely on order of entries in dict (bug 13772) > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762 >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13772 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >Reviewed-by: Garming Sam <garming@catalyst.net.nz> >(cherry picked from commit 5e716c0256a6bec92e7855ccfc077a328320f2ea) > >Autobuild-User(v4-10-test): Stefan Metzmacher <metze@samba.org> >Autobuild-Date(v4-10-test): Wed Feb 13 16:24:32 CET 2019 on sn-devel-144 >--- > lib/ldb/ABI/ldb-1.5.3.sigs | 280 ++++++++++++++++++++++++++ > lib/ldb/ABI/pyldb-util-1.5.3.sigs | 2 + > lib/ldb/ABI/pyldb-util.py3-1.5.3.sigs | 2 + > lib/ldb/wscript | 2 +- > 4 files changed, 285 insertions(+), 1 deletion(-) > create mode 100644 lib/ldb/ABI/ldb-1.5.3.sigs > create mode 100644 lib/ldb/ABI/pyldb-util-1.5.3.sigs > create mode 100644 lib/ldb/ABI/pyldb-util.py3-1.5.3.sigs > >diff --git a/lib/ldb/ABI/ldb-1.5.3.sigs b/lib/ldb/ABI/ldb-1.5.3.sigs >new file mode 100644 >index 00000000000..0c1234f1c97 >--- /dev/null >+++ b/lib/ldb/ABI/ldb-1.5.3.sigs >@@ -0,0 +1,280 @@ >+ldb_add: int (struct ldb_context *, const struct ldb_message *) >+ldb_any_comparison: int (struct ldb_context *, void *, ldb_attr_handler_t, const struct ldb_val *, const struct ldb_val *) >+ldb_asprintf_errstring: void (struct ldb_context *, const char *, ...) >+ldb_attr_casefold: char *(TALLOC_CTX *, const char *) >+ldb_attr_dn: int (const char *) >+ldb_attr_in_list: int (const char * const *, const char *) >+ldb_attr_list_copy: const char **(TALLOC_CTX *, const char * const *) >+ldb_attr_list_copy_add: const char **(TALLOC_CTX *, const char * const *, const char *) >+ldb_base64_decode: int (char *) >+ldb_base64_encode: char *(TALLOC_CTX *, const char *, int) >+ldb_binary_decode: struct ldb_val (TALLOC_CTX *, const char *) >+ldb_binary_encode: char *(TALLOC_CTX *, struct ldb_val) >+ldb_binary_encode_string: char *(TALLOC_CTX *, const char *) >+ldb_build_add_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_del_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_extended_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const char *, void *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_mod_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_rename_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_search_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, const char *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_search_req_ex: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, struct ldb_parse_tree *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_casefold: char *(struct ldb_context *, TALLOC_CTX *, const char *, size_t) >+ldb_casefold_default: char *(void *, TALLOC_CTX *, const char *, size_t) >+ldb_check_critical_controls: int (struct ldb_control **) >+ldb_comparison_binary: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *) >+ldb_comparison_fold: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *) >+ldb_connect: int (struct ldb_context *, const char *, unsigned int, const char **) >+ldb_control_to_string: char *(TALLOC_CTX *, const struct ldb_control *) >+ldb_controls_except_specified: struct ldb_control **(struct ldb_control **, TALLOC_CTX *, struct ldb_control *) >+ldb_debug: void (struct ldb_context *, enum ldb_debug_level, const char *, ...) >+ldb_debug_add: void (struct ldb_context *, const char *, ...) >+ldb_debug_end: void (struct ldb_context *, enum ldb_debug_level) >+ldb_debug_set: void (struct ldb_context *, enum ldb_debug_level, const char *, ...) >+ldb_delete: int (struct ldb_context *, struct ldb_dn *) >+ldb_dn_add_base: bool (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_add_base_fmt: bool (struct ldb_dn *, const char *, ...) >+ldb_dn_add_child: bool (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_add_child_fmt: bool (struct ldb_dn *, const char *, ...) >+ldb_dn_add_child_val: bool (struct ldb_dn *, const char *, struct ldb_val) >+ldb_dn_alloc_casefold: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_alloc_linearized: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_canonical_ex_string: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_canonical_string: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_check_local: bool (struct ldb_module *, struct ldb_dn *) >+ldb_dn_check_special: bool (struct ldb_dn *, const char *) >+ldb_dn_compare: int (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_compare_base: int (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_copy: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_escape_value: char *(TALLOC_CTX *, struct ldb_val) >+ldb_dn_extended_add_syntax: int (struct ldb_context *, unsigned int, const struct ldb_dn_extended_syntax *) >+ldb_dn_extended_filter: void (struct ldb_dn *, const char * const *) >+ldb_dn_extended_syntax_by_name: const struct ldb_dn_extended_syntax *(struct ldb_context *, const char *) >+ldb_dn_from_ldb_val: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const struct ldb_val *) >+ldb_dn_get_casefold: const char *(struct ldb_dn *) >+ldb_dn_get_comp_num: int (struct ldb_dn *) >+ldb_dn_get_component_name: const char *(struct ldb_dn *, unsigned int) >+ldb_dn_get_component_val: const struct ldb_val *(struct ldb_dn *, unsigned int) >+ldb_dn_get_extended_comp_num: int (struct ldb_dn *) >+ldb_dn_get_extended_component: const struct ldb_val *(struct ldb_dn *, const char *) >+ldb_dn_get_extended_linearized: char *(TALLOC_CTX *, struct ldb_dn *, int) >+ldb_dn_get_ldb_context: struct ldb_context *(struct ldb_dn *) >+ldb_dn_get_linearized: const char *(struct ldb_dn *) >+ldb_dn_get_parent: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_get_rdn_name: const char *(struct ldb_dn *) >+ldb_dn_get_rdn_val: const struct ldb_val *(struct ldb_dn *) >+ldb_dn_has_extended: bool (struct ldb_dn *) >+ldb_dn_is_null: bool (struct ldb_dn *) >+ldb_dn_is_special: bool (struct ldb_dn *) >+ldb_dn_is_valid: bool (struct ldb_dn *) >+ldb_dn_map_local: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) >+ldb_dn_map_rebase_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) >+ldb_dn_map_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) >+ldb_dn_minimise: bool (struct ldb_dn *) >+ldb_dn_new: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *) >+ldb_dn_new_fmt: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *, ...) >+ldb_dn_remove_base_components: bool (struct ldb_dn *, unsigned int) >+ldb_dn_remove_child_components: bool (struct ldb_dn *, unsigned int) >+ldb_dn_remove_extended_components: void (struct ldb_dn *) >+ldb_dn_replace_components: bool (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_set_component: int (struct ldb_dn *, int, const char *, const struct ldb_val) >+ldb_dn_set_extended_component: int (struct ldb_dn *, const char *, const struct ldb_val *) >+ldb_dn_update_components: int (struct ldb_dn *, const struct ldb_dn *) >+ldb_dn_validate: bool (struct ldb_dn *) >+ldb_dump_results: void (struct ldb_context *, struct ldb_result *, FILE *) >+ldb_error_at: int (struct ldb_context *, int, const char *, const char *, int) >+ldb_errstring: const char *(struct ldb_context *) >+ldb_extended: int (struct ldb_context *, const char *, void *, struct ldb_result **) >+ldb_extended_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_filter_from_tree: char *(TALLOC_CTX *, const struct ldb_parse_tree *) >+ldb_get_config_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_get_create_perms: unsigned int (struct ldb_context *) >+ldb_get_default_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_get_event_context: struct tevent_context *(struct ldb_context *) >+ldb_get_flags: unsigned int (struct ldb_context *) >+ldb_get_opaque: void *(struct ldb_context *, const char *) >+ldb_get_root_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_get_schema_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_global_init: int (void) >+ldb_handle_get_event_context: struct tevent_context *(struct ldb_handle *) >+ldb_handle_new: struct ldb_handle *(TALLOC_CTX *, struct ldb_context *) >+ldb_handle_use_global_event_context: void (struct ldb_handle *) >+ldb_handler_copy: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *) >+ldb_handler_fold: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *) >+ldb_init: struct ldb_context *(TALLOC_CTX *, struct tevent_context *) >+ldb_ldif_message_redacted_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *) >+ldb_ldif_message_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *) >+ldb_ldif_parse_modrdn: int (struct ldb_context *, const struct ldb_ldif *, TALLOC_CTX *, struct ldb_dn **, struct ldb_dn **, bool *, struct ldb_dn **, struct ldb_dn **) >+ldb_ldif_read: struct ldb_ldif *(struct ldb_context *, int (*)(void *), void *) >+ldb_ldif_read_file: struct ldb_ldif *(struct ldb_context *, FILE *) >+ldb_ldif_read_file_state: struct ldb_ldif *(struct ldb_context *, struct ldif_read_file_state *) >+ldb_ldif_read_free: void (struct ldb_context *, struct ldb_ldif *) >+ldb_ldif_read_string: struct ldb_ldif *(struct ldb_context *, const char **) >+ldb_ldif_write: int (struct ldb_context *, int (*)(void *, const char *, ...), void *, const struct ldb_ldif *) >+ldb_ldif_write_file: int (struct ldb_context *, FILE *, const struct ldb_ldif *) >+ldb_ldif_write_redacted_trace_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *) >+ldb_ldif_write_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *) >+ldb_load_modules: int (struct ldb_context *, const char **) >+ldb_map_add: int (struct ldb_module *, struct ldb_request *) >+ldb_map_delete: int (struct ldb_module *, struct ldb_request *) >+ldb_map_init: int (struct ldb_module *, const struct ldb_map_attribute *, const struct ldb_map_objectclass *, const char * const *, const char *, const char *) >+ldb_map_modify: int (struct ldb_module *, struct ldb_request *) >+ldb_map_rename: int (struct ldb_module *, struct ldb_request *) >+ldb_map_search: int (struct ldb_module *, struct ldb_request *) >+ldb_match_message: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, enum ldb_scope, bool *) >+ldb_match_msg: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope) >+ldb_match_msg_error: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope, bool *) >+ldb_match_msg_objectclass: int (const struct ldb_message *, const char *) >+ldb_mod_register_control: int (struct ldb_module *, const char *) >+ldb_modify: int (struct ldb_context *, const struct ldb_message *) >+ldb_modify_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_module_call_chain: char *(struct ldb_request *, TALLOC_CTX *) >+ldb_module_connect_backend: int (struct ldb_context *, const char *, const char **, struct ldb_module **) >+ldb_module_done: int (struct ldb_request *, struct ldb_control **, struct ldb_extended *, int) >+ldb_module_flags: uint32_t (struct ldb_context *) >+ldb_module_get_ctx: struct ldb_context *(struct ldb_module *) >+ldb_module_get_name: const char *(struct ldb_module *) >+ldb_module_get_ops: const struct ldb_module_ops *(struct ldb_module *) >+ldb_module_get_private: void *(struct ldb_module *) >+ldb_module_init_chain: int (struct ldb_context *, struct ldb_module *) >+ldb_module_load_list: int (struct ldb_context *, const char **, struct ldb_module *, struct ldb_module **) >+ldb_module_new: struct ldb_module *(TALLOC_CTX *, struct ldb_context *, const char *, const struct ldb_module_ops *) >+ldb_module_next: struct ldb_module *(struct ldb_module *) >+ldb_module_popt_options: struct poptOption **(struct ldb_context *) >+ldb_module_send_entry: int (struct ldb_request *, struct ldb_message *, struct ldb_control **) >+ldb_module_send_referral: int (struct ldb_request *, char *) >+ldb_module_set_next: void (struct ldb_module *, struct ldb_module *) >+ldb_module_set_private: void (struct ldb_module *, void *) >+ldb_modules_hook: int (struct ldb_context *, enum ldb_module_hook_type) >+ldb_modules_list_from_string: const char **(struct ldb_context *, TALLOC_CTX *, const char *) >+ldb_modules_load: int (const char *, const char *) >+ldb_msg_add: int (struct ldb_message *, const struct ldb_message_element *, int) >+ldb_msg_add_empty: int (struct ldb_message *, const char *, int, struct ldb_message_element **) >+ldb_msg_add_fmt: int (struct ldb_message *, const char *, const char *, ...) >+ldb_msg_add_linearized_dn: int (struct ldb_message *, const char *, struct ldb_dn *) >+ldb_msg_add_steal_string: int (struct ldb_message *, const char *, char *) >+ldb_msg_add_steal_value: int (struct ldb_message *, const char *, struct ldb_val *) >+ldb_msg_add_string: int (struct ldb_message *, const char *, const char *) >+ldb_msg_add_value: int (struct ldb_message *, const char *, const struct ldb_val *, struct ldb_message_element **) >+ldb_msg_canonicalize: struct ldb_message *(struct ldb_context *, const struct ldb_message *) >+ldb_msg_check_string_attribute: int (const struct ldb_message *, const char *, const char *) >+ldb_msg_copy: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *) >+ldb_msg_copy_attr: int (struct ldb_message *, const char *, const char *) >+ldb_msg_copy_shallow: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *) >+ldb_msg_diff: struct ldb_message *(struct ldb_context *, struct ldb_message *, struct ldb_message *) >+ldb_msg_difference: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message *, struct ldb_message *, struct ldb_message **) >+ldb_msg_element_compare: int (struct ldb_message_element *, struct ldb_message_element *) >+ldb_msg_element_compare_name: int (struct ldb_message_element *, struct ldb_message_element *) >+ldb_msg_element_equal_ordered: bool (const struct ldb_message_element *, const struct ldb_message_element *) >+ldb_msg_find_attr_as_bool: int (const struct ldb_message *, const char *, int) >+ldb_msg_find_attr_as_dn: struct ldb_dn *(struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, const char *) >+ldb_msg_find_attr_as_double: double (const struct ldb_message *, const char *, double) >+ldb_msg_find_attr_as_int: int (const struct ldb_message *, const char *, int) >+ldb_msg_find_attr_as_int64: int64_t (const struct ldb_message *, const char *, int64_t) >+ldb_msg_find_attr_as_string: const char *(const struct ldb_message *, const char *, const char *) >+ldb_msg_find_attr_as_uint: unsigned int (const struct ldb_message *, const char *, unsigned int) >+ldb_msg_find_attr_as_uint64: uint64_t (const struct ldb_message *, const char *, uint64_t) >+ldb_msg_find_common_values: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message_element *, struct ldb_message_element *, uint32_t) >+ldb_msg_find_duplicate_val: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message_element *, struct ldb_val **, uint32_t) >+ldb_msg_find_element: struct ldb_message_element *(const struct ldb_message *, const char *) >+ldb_msg_find_ldb_val: const struct ldb_val *(const struct ldb_message *, const char *) >+ldb_msg_find_val: struct ldb_val *(const struct ldb_message_element *, struct ldb_val *) >+ldb_msg_new: struct ldb_message *(TALLOC_CTX *) >+ldb_msg_normalize: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_message **) >+ldb_msg_remove_attr: void (struct ldb_message *, const char *) >+ldb_msg_remove_element: void (struct ldb_message *, struct ldb_message_element *) >+ldb_msg_rename_attr: int (struct ldb_message *, const char *, const char *) >+ldb_msg_sanity_check: int (struct ldb_context *, const struct ldb_message *) >+ldb_msg_sort_elements: void (struct ldb_message *) >+ldb_next_del_trans: int (struct ldb_module *) >+ldb_next_end_trans: int (struct ldb_module *) >+ldb_next_init: int (struct ldb_module *) >+ldb_next_prepare_commit: int (struct ldb_module *) >+ldb_next_read_lock: int (struct ldb_module *) >+ldb_next_read_unlock: int (struct ldb_module *) >+ldb_next_remote_request: int (struct ldb_module *, struct ldb_request *) >+ldb_next_request: int (struct ldb_module *, struct ldb_request *) >+ldb_next_start_trans: int (struct ldb_module *) >+ldb_op_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_options_find: const char *(struct ldb_context *, const char **, const char *) >+ldb_pack_data: int (struct ldb_context *, const struct ldb_message *, struct ldb_val *) >+ldb_parse_control_from_string: struct ldb_control *(struct ldb_context *, TALLOC_CTX *, const char *) >+ldb_parse_control_strings: struct ldb_control **(struct ldb_context *, TALLOC_CTX *, const char **) >+ldb_parse_tree: struct ldb_parse_tree *(TALLOC_CTX *, const char *) >+ldb_parse_tree_attr_replace: void (struct ldb_parse_tree *, const char *, const char *) >+ldb_parse_tree_copy_shallow: struct ldb_parse_tree *(TALLOC_CTX *, const struct ldb_parse_tree *) >+ldb_parse_tree_walk: int (struct ldb_parse_tree *, int (*)(struct ldb_parse_tree *, void *), void *) >+ldb_qsort: void (void * const, size_t, size_t, void *, ldb_qsort_cmp_fn_t) >+ldb_register_backend: int (const char *, ldb_connect_fn, bool) >+ldb_register_extended_match_rule: int (struct ldb_context *, const struct ldb_extended_match_rule *) >+ldb_register_hook: int (ldb_hook_fn) >+ldb_register_module: int (const struct ldb_module_ops *) >+ldb_rename: int (struct ldb_context *, struct ldb_dn *, struct ldb_dn *) >+ldb_reply_add_control: int (struct ldb_reply *, const char *, bool, void *) >+ldb_reply_get_control: struct ldb_control *(struct ldb_reply *, const char *) >+ldb_req_get_custom_flags: uint32_t (struct ldb_request *) >+ldb_req_is_untrusted: bool (struct ldb_request *) >+ldb_req_location: const char *(struct ldb_request *) >+ldb_req_mark_trusted: void (struct ldb_request *) >+ldb_req_mark_untrusted: void (struct ldb_request *) >+ldb_req_set_custom_flags: void (struct ldb_request *, uint32_t) >+ldb_req_set_location: void (struct ldb_request *, const char *) >+ldb_request: int (struct ldb_context *, struct ldb_request *) >+ldb_request_add_control: int (struct ldb_request *, const char *, bool, void *) >+ldb_request_done: int (struct ldb_request *, int) >+ldb_request_get_control: struct ldb_control *(struct ldb_request *, const char *) >+ldb_request_get_status: int (struct ldb_request *) >+ldb_request_replace_control: int (struct ldb_request *, const char *, bool, void *) >+ldb_request_set_state: void (struct ldb_request *, int) >+ldb_reset_err_string: void (struct ldb_context *) >+ldb_save_controls: int (struct ldb_control *, struct ldb_request *, struct ldb_control ***) >+ldb_schema_attribute_add: int (struct ldb_context *, const char *, unsigned int, const char *) >+ldb_schema_attribute_add_with_syntax: int (struct ldb_context *, const char *, unsigned int, const struct ldb_schema_syntax *) >+ldb_schema_attribute_by_name: const struct ldb_schema_attribute *(struct ldb_context *, const char *) >+ldb_schema_attribute_fill_with_syntax: int (struct ldb_context *, TALLOC_CTX *, const char *, unsigned int, const struct ldb_schema_syntax *, struct ldb_schema_attribute *) >+ldb_schema_attribute_remove: void (struct ldb_context *, const char *) >+ldb_schema_attribute_remove_flagged: void (struct ldb_context *, unsigned int) >+ldb_schema_attribute_set_override_handler: void (struct ldb_context *, ldb_attribute_handler_override_fn_t, void *) >+ldb_schema_set_override_GUID_index: void (struct ldb_context *, const char *, const char *) >+ldb_schema_set_override_indexlist: void (struct ldb_context *, bool) >+ldb_search: int (struct ldb_context *, TALLOC_CTX *, struct ldb_result **, struct ldb_dn *, enum ldb_scope, const char * const *, const char *, ...) >+ldb_search_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_sequence_number: int (struct ldb_context *, enum ldb_sequence_type, uint64_t *) >+ldb_set_create_perms: void (struct ldb_context *, unsigned int) >+ldb_set_debug: int (struct ldb_context *, void (*)(void *, enum ldb_debug_level, const char *, va_list), void *) >+ldb_set_debug_stderr: int (struct ldb_context *) >+ldb_set_default_dns: void (struct ldb_context *) >+ldb_set_errstring: void (struct ldb_context *, const char *) >+ldb_set_event_context: void (struct ldb_context *, struct tevent_context *) >+ldb_set_flags: void (struct ldb_context *, unsigned int) >+ldb_set_modules_dir: void (struct ldb_context *, const char *) >+ldb_set_opaque: int (struct ldb_context *, const char *, void *) >+ldb_set_require_private_event_context: void (struct ldb_context *) >+ldb_set_timeout: int (struct ldb_context *, struct ldb_request *, int) >+ldb_set_timeout_from_prev_req: int (struct ldb_context *, struct ldb_request *, struct ldb_request *) >+ldb_set_utf8_default: void (struct ldb_context *) >+ldb_set_utf8_fns: void (struct ldb_context *, void *, char *(*)(void *, void *, const char *, size_t)) >+ldb_setup_wellknown_attributes: int (struct ldb_context *) >+ldb_should_b64_encode: int (struct ldb_context *, const struct ldb_val *) >+ldb_standard_syntax_by_name: const struct ldb_schema_syntax *(struct ldb_context *, const char *) >+ldb_strerror: const char *(int) >+ldb_string_to_time: time_t (const char *) >+ldb_string_utc_to_time: time_t (const char *) >+ldb_timestring: char *(TALLOC_CTX *, time_t) >+ldb_timestring_utc: char *(TALLOC_CTX *, time_t) >+ldb_transaction_cancel: int (struct ldb_context *) >+ldb_transaction_cancel_noerr: int (struct ldb_context *) >+ldb_transaction_commit: int (struct ldb_context *) >+ldb_transaction_prepare_commit: int (struct ldb_context *) >+ldb_transaction_start: int (struct ldb_context *) >+ldb_unpack_data: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *) >+ldb_unpack_data_only_attr_list: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int *) >+ldb_unpack_data_only_attr_list_flags: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int, unsigned int *) >+ldb_val_dup: struct ldb_val (TALLOC_CTX *, const struct ldb_val *) >+ldb_val_equal_exact: int (const struct ldb_val *, const struct ldb_val *) >+ldb_val_map_local: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) >+ldb_val_map_remote: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) >+ldb_val_string_cmp: int (const struct ldb_val *, const char *) >+ldb_val_to_time: int (const struct ldb_val *, time_t *) >+ldb_valid_attr_name: int (const char *) >+ldb_vdebug: void (struct ldb_context *, enum ldb_debug_level, const char *, va_list) >+ldb_wait: int (struct ldb_handle *, enum ldb_wait_type) >diff --git a/lib/ldb/ABI/pyldb-util-1.5.3.sigs b/lib/ldb/ABI/pyldb-util-1.5.3.sigs >new file mode 100644 >index 00000000000..74d6719d2bc >--- /dev/null >+++ b/lib/ldb/ABI/pyldb-util-1.5.3.sigs >@@ -0,0 +1,2 @@ >+pyldb_Dn_FromDn: PyObject *(struct ldb_dn *) >+pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **) >diff --git a/lib/ldb/ABI/pyldb-util.py3-1.5.3.sigs b/lib/ldb/ABI/pyldb-util.py3-1.5.3.sigs >new file mode 100644 >index 00000000000..74d6719d2bc >--- /dev/null >+++ b/lib/ldb/ABI/pyldb-util.py3-1.5.3.sigs >@@ -0,0 +1,2 @@ >+pyldb_Dn_FromDn: PyObject *(struct ldb_dn *) >+pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **) >diff --git a/lib/ldb/wscript b/lib/ldb/wscript >index ca0bf410f10..855ee4d556c 100644 >--- a/lib/ldb/wscript >+++ b/lib/ldb/wscript >@@ -1,7 +1,7 @@ > #!/usr/bin/env python > > APPNAME = 'ldb' >-VERSION = '1.5.2' >+VERSION = '1.5.3' > > import sys, os > >-- >2.17.1 > > >From efe137d05231f04355a82f9ad2b40d08489a82f1 Mon Sep 17 00:00:00 2001 >From: Lukas Slebodnik <lslebodn@fedoraproject.org> >Date: Fri, 18 Jan 2019 16:37:24 +0100 >Subject: [PATCH 40/47] CVE-2019-3824 ldb: Out of bound read in > ldb_wildcard_compare > >There is valgrind error in few tests tests/test-generic.sh > 91 echo "Test wildcard match" > 92 $VALGRIND ldbadd $LDBDIR/tests/test-wildcard.ldif || exit 1 > 93 $VALGRIND ldbsearch '(cn=test*multi)' || exit 1 > 95 $VALGRIND ldbsearch '(cn=*test_multi)' || exit 1 > 97 $VALGRIND ldbsearch '(cn=test*multi*test*multi)' || exit 1 > >e.g. > ==3098== Memcheck, a memory error detector > ==3098== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. > ==3098== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info > ==3098== Command: ./bin/ldbsearch (cn=test*multi) > ==3098== > ==3098== Invalid read of size 1 > ==3098== at 0x483CEE7: memchr (vg_replace_strmem.c:890) > ==3098== by 0x49A9073: memmem (in /usr/lib64/libc-2.28.9000.so) > ==3098== by 0x485DFE9: ldb_wildcard_compare (ldb_match.c:313) > ==3098== by 0x485DFE9: ldb_match_substring (ldb_match.c:360) > ==3098== by 0x485DFE9: ldb_match_message (ldb_match.c:572) > ==3098== by 0x558F8FA: search_func (ldb_kv_search.c:549) > ==3098== by 0x48C78CA: ??? (in /usr/lib64/libtdb.so.1.3.17) > ==3098== by 0x48C7A60: tdb_traverse_read (in /usr/lib64/libtdb.so.1.3.17) > ==3098== by 0x557B7C4: ltdb_traverse_fn (ldb_tdb.c:274) > ==3098== by 0x558FBFA: ldb_kv_search_full (ldb_kv_search.c:594) > ==3098== by 0x558FBFA: ldb_kv_search (ldb_kv_search.c:854) > ==3098== by 0x558E497: ldb_kv_callback (ldb_kv.c:1713) > ==3098== by 0x48FCD58: tevent_common_invoke_timer_handler (in /usr/lib64/libtevent.so.0.9.38) > ==3098== by 0x48FCEFD: tevent_common_loop_timer_delay (in /usr/lib64/libtevent.so.0.9.38) > ==3098== by 0x48FE14A: ??? (in /usr/lib64/libtevent.so.0.9.38) > ==3098== Address 0x4b4ab81 is 0 bytes after a block of size 129 alloc'd > ==3098== at 0x483880B: malloc (vg_replace_malloc.c:309) > ==3098== by 0x491048B: talloc_strndup (in /usr/lib64/libtalloc.so.2.1.15) > ==3098== by 0x48593CA: ldb_casefold_default (ldb_utf8.c:59) > ==3098== by 0x485F68D: ldb_handler_fold (attrib_handlers.c:64) > ==3098== by 0x485DB88: ldb_wildcard_compare (ldb_match.c:257) > ==3098== by 0x485DB88: ldb_match_substring (ldb_match.c:360) > ==3098== by 0x485DB88: ldb_match_message (ldb_match.c:572) > ==3098== by 0x558F8FA: search_func (ldb_kv_search.c:549) > ==3098== by 0x48C78CA: ??? (in /usr/lib64/libtdb.so.1.3.17) > ==3098== by 0x48C7A60: tdb_traverse_read (in /usr/lib64/libtdb.so.1.3.17) > ==3098== by 0x557B7C4: ltdb_traverse_fn (ldb_tdb.c:274) > ==3098== by 0x558FBFA: ldb_kv_search_full (ldb_kv_search.c:594) > ==3098== by 0x558FBFA: ldb_kv_search (ldb_kv_search.c:854) > ==3098== by 0x558E497: ldb_kv_callback (ldb_kv.c:1713) > ==3098== by 0x48FCD58: tevent_common_invoke_timer_handler (in /usr/lib64/libtevent.so.0.9.38) > ==3098== > # record 1 > dn: cn=test_multi_test_multi_test_multi,o=University of Michigan,c=TEST > cn: test_multi_test_multi_test_multi > description: test multi wildcards matching > objectclass: person > sn: multi_test > name: test_multi_test_multi_test_multi > distinguishedName: cn=test_multi_test_multi_test_multi,o=University of Michiga > n,c=TEST > > # returned 1 records > # 1 entries > # 0 referrals > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 > >Signed-off-by: Lukas Slebodnik <lslebodn@fedoraproject.org> >--- > lib/ldb/common/ldb_match.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c >index 25fe3f9c21b..8eeedfb12e0 100644 >--- a/lib/ldb/common/ldb_match.c >+++ b/lib/ldb/common/ldb_match.c >@@ -308,9 +308,10 @@ static int ldb_wildcard_compare(struct ldb_context *ldb, > if (p == NULL) goto mismatch; > if ( (! tree->u.substring.chunks[c + 1]) && (! tree->u.substring.end_with_wildcard) ) { > uint8_t *g; >+ uint8_t *end = val.data + val.length; > do { /* greedy */ > g = memmem(p + cnk.length, >- val.length - (p - val.data), >+ end - (p + cnk.length), > (const uint8_t *)cnk.data, > cnk.length); > if (g) p = g; >-- >2.17.1 > > >From ec479147365bfc7c7462b6ea99f72178c683a93d Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 4 Feb 2019 11:22:34 +1300 >Subject: [PATCH 41/47] CVE-2019-3824 ldb: Extra comments to clarify no pointer > wrap in wildcard processing > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > lib/ldb/common/ldb_match.c | 25 +++++++++++++++++++++++-- > 1 file changed, 23 insertions(+), 2 deletions(-) > >diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c >index 8eeedfb12e0..1920b661f75 100644 >--- a/lib/ldb/common/ldb_match.c >+++ b/lib/ldb/common/ldb_match.c >@@ -306,12 +306,33 @@ static int ldb_wildcard_compare(struct ldb_context *ldb, > p = memmem((const void *)val.data,val.length, > (const void *)cnk.data, cnk.length); > if (p == NULL) goto mismatch; >+ >+ /* >+ * At this point we know cnk.length <= val.length as >+ * otherwise there could be no match >+ */ >+ > if ( (! tree->u.substring.chunks[c + 1]) && (! tree->u.substring.end_with_wildcard) ) { > uint8_t *g; > uint8_t *end = val.data + val.length; > do { /* greedy */ >- g = memmem(p + cnk.length, >- end - (p + cnk.length), >+ >+ /* >+ * haystack is a valid pointer in val >+ * because the memmem() can only >+ * succeed if the needle (cnk.length) >+ * is <= haystacklen >+ * >+ * p will be a pointer at least >+ * cnk.length from the end of haystack >+ */ >+ uint8_t *haystack >+ = p + cnk.length; >+ size_t haystacklen >+ = end - (haystack); >+ >+ g = memmem(haystack, >+ haystacklen, > (const uint8_t *)cnk.data, > cnk.length); > if (g) p = g; >-- >2.17.1 > > >From 88a28281ad5c6b0908a127a909197f25f3341e31 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 4 Feb 2019 11:22:50 +1300 >Subject: [PATCH 42/47] CVE-2019-3824 ldb: Improve code style and layout in > wildcard processing > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > lib/ldb/common/ldb_match.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > >diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c >index 1920b661f75..ab0a89888f0 100644 >--- a/lib/ldb/common/ldb_match.c >+++ b/lib/ldb/common/ldb_match.c >@@ -333,9 +333,11 @@ static int ldb_wildcard_compare(struct ldb_context *ldb, > > g = memmem(haystack, > haystacklen, >- (const uint8_t *)cnk.data, >- cnk.length); >- if (g) p = g; >+ (const uint8_t *)cnk.data, >+ cnk.length); >+ if (g) { >+ p = g; >+ } > } while(g); > } > val.length = val.length - (p - (uint8_t *)(val.data)) - cnk.length; >-- >2.17.1 > > >From df5c0f74eb4af2fe803bb149c1498f58068abe78 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 19 Feb 2019 10:25:24 +1300 >Subject: [PATCH 43/47] CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero > >Initialise the created ldb_parse_tree with talloc_zero, this ensures >that it is correctly initialised if inadvertently passed to a function >expecting a different operation type. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >--- > lib/ldb/common/ldb_parse.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/lib/ldb/common/ldb_parse.c b/lib/ldb/common/ldb_parse.c >index 5fa5a74afa9..db420091311 100644 >--- a/lib/ldb/common/ldb_parse.c >+++ b/lib/ldb/common/ldb_parse.c >@@ -389,7 +389,7 @@ static struct ldb_parse_tree *ldb_parse_simple(TALLOC_CTX *mem_ctx, const char * > struct ldb_parse_tree *ret; > enum ldb_parse_op filtertype; > >- ret = talloc(mem_ctx, struct ldb_parse_tree); >+ ret = talloc_zero(mem_ctx, struct ldb_parse_tree); > if (!ret) { > errno = ENOMEM; > return NULL; >-- >2.17.1 > > >From bbc6357489827646a10b0c77d2ba76a3c837a908 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 19 Feb 2019 10:26:25 +1300 >Subject: [PATCH 44/47] CVE-2019-3824 ldb: wildcard_match check tree operation > >Check the operation type of the passed parse tree, and return >LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING. > >A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the >operation and failing ldb_wildcard_match should help prevent confusion >writing tests. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >--- > lib/ldb/common/ldb_match.c | 5 +++++ > 1 file changed, 5 insertions(+) > >diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c >index ab0a89888f0..59f48b52b70 100644 >--- a/lib/ldb/common/ldb_match.c >+++ b/lib/ldb/common/ldb_match.c >@@ -244,6 +244,11 @@ static int ldb_wildcard_compare(struct ldb_context *ldb, > uint8_t *save_p = NULL; > unsigned int c = 0; > >+ if (tree->operation != LDB_OP_SUBSTRING) { >+ *matched = false; >+ return LDB_ERR_INAPPROPRIATE_MATCHING; >+ } >+ > a = ldb_schema_attribute_by_name(ldb, tree->u.substring.attr); > if (!a) { > return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; >-- >2.17.1 > > >From 515e774e02ef30e4ef3cf8833b48ca2a6799cd47 Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 19 Feb 2019 10:26:56 +1300 >Subject: [PATCH 45/47] CVE-2019-3824 ldb: wildcard_match end of data check > >ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0' >to the data, to make them safe to use the C string functions on. > >However testing for the trailing '\0' is not the correct way to test for >the end of a value, the length should be checked instead. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >--- > lib/ldb/common/ldb_match.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/lib/ldb/common/ldb_match.c b/lib/ldb/common/ldb_match.c >index 59f48b52b70..829afa77e71 100644 >--- a/lib/ldb/common/ldb_match.c >+++ b/lib/ldb/common/ldb_match.c >@@ -353,7 +353,7 @@ static int ldb_wildcard_compare(struct ldb_context *ldb, > } > > /* last chunk may not have reached end of string */ >- if ( (! tree->u.substring.end_with_wildcard) && (*(val.data) != 0) ) goto mismatch; >+ if ( (! tree->u.substring.end_with_wildcard) && (val.length != 0) ) goto mismatch; > talloc_free(save_p); > *matched = true; > return LDB_SUCCESS; >-- >2.17.1 > > >From 7cc9d01f2ceb2395039beaf9e35fe7da3013559d Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Tue, 19 Feb 2019 10:24:38 +1300 >Subject: [PATCH 46/47] CVE-2019-3824 ldb: Add tests for ldb_wildcard_match > >Add cmocka tests for ldb_wildcard_match. > >Running test_wildcard_match under valgrind reproduces > CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) > > valgrind --suppressions=lib/ldb/tests/ldb_match_test.valgrind\ > bin/ldb_match_test > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >--- > lib/ldb/tests/ldb_match_test.c | 191 ++++++++++++++++++++++++++ > lib/ldb/tests/ldb_match_test.valgrind | 16 +++ > lib/ldb/wscript | 8 +- > 3 files changed, 214 insertions(+), 1 deletion(-) > create mode 100644 lib/ldb/tests/ldb_match_test.c > create mode 100644 lib/ldb/tests/ldb_match_test.valgrind > >diff --git a/lib/ldb/tests/ldb_match_test.c b/lib/ldb/tests/ldb_match_test.c >new file mode 100644 >index 00000000000..e09f50c86ba >--- /dev/null >+++ b/lib/ldb/tests/ldb_match_test.c >@@ -0,0 +1,191 @@ >+/* >+ * Tests exercising the ldb match operations. >+ * >+ * >+ * Copyright (C) Catalyst.NET Ltd 2017 >+ * >+ * This program is free software; you can redistribute it and/or modify >+ * it under the terms of the GNU General Public License as published by >+ * the Free Software Foundation; either version 3 of the License, or >+ * (at your option) any later version. >+ * >+ * This program is distributed in the hope that it will be useful, >+ * but WITHOUT ANY WARRANTY; without even the implied warranty of >+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+ * GNU General Public License for more details. >+ * >+ * You should have received a copy of the GNU General Public License >+ * along with this program. If not, see <http://www.gnu.org/licenses/>. >+ * >+ */ >+ >+/* >+ * from cmocka.c: >+ * These headers or their equivalents should be included prior to >+ * including >+ * this header file. >+ * >+ * #include <stdarg.h> >+ * #include <stddef.h> >+ * #include <setjmp.h> >+ * >+ * This allows test applications to use custom definitions of C standard >+ * library functions and types. >+ */ >+#include <stdarg.h> >+#include <stddef.h> >+#include <stdint.h> >+#include <setjmp.h> >+#include <cmocka.h> >+ >+#include "../common/ldb_match.c" >+ >+#include "../include/ldb.h" >+ >+struct ldbtest_ctx { >+ struct tevent_context *ev; >+ struct ldb_context *ldb; >+}; >+ >+static int ldb_test_canonicalise( >+ struct ldb_context *ldb, >+ void *mem_ctx, >+ const struct ldb_val *in, >+ struct ldb_val *out) >+{ >+ out->length = in->length; >+ out->data = in->data; >+ return 0; >+} >+ >+static int setup(void **state) >+{ >+ struct ldbtest_ctx *test_ctx; >+ struct ldb_schema_syntax *syntax = NULL; >+ int ret; >+ >+ test_ctx = talloc_zero(NULL, struct ldbtest_ctx); >+ assert_non_null(test_ctx); >+ >+ test_ctx->ev = tevent_context_init(test_ctx); >+ assert_non_null(test_ctx->ev); >+ >+ test_ctx->ldb = ldb_init(test_ctx, test_ctx->ev); >+ assert_non_null(test_ctx->ldb); >+ >+ syntax = talloc_zero(test_ctx, struct ldb_schema_syntax); >+ assert_non_null(syntax); >+ syntax->canonicalise_fn = ldb_test_canonicalise; >+ >+ ret = ldb_schema_attribute_add_with_syntax( >+ test_ctx->ldb, "a", LDB_ATTR_FLAG_FIXED, syntax); >+ assert_int_equal(LDB_SUCCESS, ret); >+ >+ *state = test_ctx; >+ return 0; >+} >+ >+static int teardown(void **state) >+{ >+ talloc_free(*state); >+ return 0; >+} >+ >+ >+/* >+ * The wild card pattern "attribute=*" is parsed as an LDB_OP_PRESENT operation >+ * rather than a LDB_OP_???? >+ * >+ * This test serves to document that behaviour, and to confirm that >+ * ldb_wildcard_compare handles this case appropriately. >+ */ >+static void test_wildcard_match_star(void **state) >+{ >+ struct ldbtest_ctx *ctx = *state; >+ bool matched = false; >+ int ret; >+ >+ uint8_t value[] = "The value.......end"; >+ struct ldb_val val = { >+ .data = value, >+ .length = (sizeof(value)) >+ }; >+ struct ldb_parse_tree *tree = ldb_parse_tree(ctx, "a=*"); >+ assert_non_null(tree); >+ >+ ret = ldb_wildcard_compare(ctx->ldb, tree, val, &matched); >+ assert_false(matched); >+ assert_int_equal(LDB_ERR_INAPPROPRIATE_MATCHING, ret); >+} >+ >+/* >+ * Test basic wild card matching >+ * >+ */ >+static void test_wildcard_match(void **state) >+{ >+ struct ldbtest_ctx *ctx = *state; >+ bool matched = false; >+ >+ uint8_t value[] = "The value.......end"; >+ struct ldb_val val = { >+ .data = value, >+ .length = (sizeof(value)) >+ }; >+ struct ldb_parse_tree *tree = ldb_parse_tree(ctx, "objectClass=*end"); >+ assert_non_null(tree); >+ >+ ldb_wildcard_compare(ctx->ldb, tree, val, &matched); >+ assert_true(matched); >+} >+ >+ >+/* >+ * ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0' >+ * to the data, to make them safe to use the C string functions on. >+ * >+ * However testing for the trailing '\0' is not the correct way to test for >+ * the end of a value, the length should be checked instead. >+ */ >+static void test_wildcard_match_end_condition(void **state) >+{ >+ struct ldbtest_ctx *ctx = *state; >+ bool matched = false; >+ >+ uint8_t value[] = "hellomynameisbobx"; >+ struct ldb_val val = { >+ .data = talloc_memdup(NULL, value, sizeof(value)), >+ .length = (sizeof(value) - 2) >+ }; >+ struct ldb_parse_tree *tree = ldb_parse_tree(ctx, "a=*hello*mynameis*bob"); >+ assert_non_null(tree); >+ >+ ldb_wildcard_compare(ctx->ldb, tree, val, &matched); >+ assert_true(matched); >+} >+ >+/* >+ * Note: to run under valgrind use: >+ * valgrind \ >+ * --suppressions=lib/ldb/tests/ldb_match_test.valgrind \ >+ * bin/ldb_match_test >+ */ >+int main(int argc, const char **argv) >+{ >+ const struct CMUnitTest tests[] = { >+ cmocka_unit_test_setup_teardown( >+ test_wildcard_match_star, >+ setup, >+ teardown), >+ cmocka_unit_test_setup_teardown( >+ test_wildcard_match, >+ setup, >+ teardown), >+ cmocka_unit_test_setup_teardown( >+ test_wildcard_match_end_condition, >+ setup, >+ teardown), >+ }; >+ >+ return cmocka_run_group_tests(tests, NULL, NULL); >+} >diff --git a/lib/ldb/tests/ldb_match_test.valgrind b/lib/ldb/tests/ldb_match_test.valgrind >new file mode 100644 >index 00000000000..660bd5a6b46 >--- /dev/null >+++ b/lib/ldb/tests/ldb_match_test.valgrind >@@ -0,0 +1,16 @@ >+{ >+ Memory allocated in set-up >+ Memcheck:Leak >+ match-leak-kinds: possible >+ fun:malloc >+ ... >+ fun:setup >+} >+{ >+ Memory allocated by ldb_init >+ Memcheck:Leak >+ match-leak-kinds: possible >+ fun:malloc >+ ... >+ fun:ldb_init >+} >diff --git a/lib/ldb/wscript b/lib/ldb/wscript >index 855ee4d556c..cff3ee2d2d3 100644 >--- a/lib/ldb/wscript >+++ b/lib/ldb/wscript >@@ -511,6 +511,11 @@ def build(bld): > deps='cmocka ldb', > install=False) > >+ bld.SAMBA_BINARY('ldb_match_test', >+ source='tests/ldb_match_test.c', >+ deps='cmocka ldb', >+ install=False) >+ > if bld.CONFIG_SET('HAVE_LMDB'): > bld.SAMBA_BINARY('ldb_mdb_mod_op_test', > source='tests/ldb_mod_op_test.c', >@@ -578,7 +583,8 @@ def test(ctx): > # we don't want to run ldb_lmdb_size_test (which proves we can > # fit > 4G of data into the DB), it would fill up the disk on > # many of our test instances >- 'ldb_mdb_kv_ops_test'] >+ 'ldb_mdb_kv_ops_test', >+ 'ldb_match_test'] > > for test_exe in test_exes: > cmd = os.path.join(Context.g_module.out, test_exe) >-- >2.17.1 > > >From 87782852b137ea1a9c044200201de24f4e08844b Mon Sep 17 00:00:00 2001 >From: Gary Lockyer <gary@catalyst.net.nz> >Date: Wed, 20 Feb 2019 09:51:55 +1300 >Subject: [PATCH 47/47] CVE-2019-3824 ldb: Release ldb 1.5.4 > >* CVE-2019-3824 out of bounds read in wildcard compare (bug 13773) > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773 > >Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> >--- > lib/ldb/ABI/ldb-1.5.4.sigs | 280 ++++++++++++++++++++++++++ > lib/ldb/ABI/pyldb-util-1.5.4.sigs | 2 + > lib/ldb/ABI/pyldb-util.py3-1.5.4.sigs | 2 + > lib/ldb/wscript | 2 +- > 4 files changed, 285 insertions(+), 1 deletion(-) > create mode 100644 lib/ldb/ABI/ldb-1.5.4.sigs > create mode 100644 lib/ldb/ABI/pyldb-util-1.5.4.sigs > create mode 100644 lib/ldb/ABI/pyldb-util.py3-1.5.4.sigs > >diff --git a/lib/ldb/ABI/ldb-1.5.4.sigs b/lib/ldb/ABI/ldb-1.5.4.sigs >new file mode 100644 >index 00000000000..0c1234f1c97 >--- /dev/null >+++ b/lib/ldb/ABI/ldb-1.5.4.sigs >@@ -0,0 +1,280 @@ >+ldb_add: int (struct ldb_context *, const struct ldb_message *) >+ldb_any_comparison: int (struct ldb_context *, void *, ldb_attr_handler_t, const struct ldb_val *, const struct ldb_val *) >+ldb_asprintf_errstring: void (struct ldb_context *, const char *, ...) >+ldb_attr_casefold: char *(TALLOC_CTX *, const char *) >+ldb_attr_dn: int (const char *) >+ldb_attr_in_list: int (const char * const *, const char *) >+ldb_attr_list_copy: const char **(TALLOC_CTX *, const char * const *) >+ldb_attr_list_copy_add: const char **(TALLOC_CTX *, const char * const *, const char *) >+ldb_base64_decode: int (char *) >+ldb_base64_encode: char *(TALLOC_CTX *, const char *, int) >+ldb_binary_decode: struct ldb_val (TALLOC_CTX *, const char *) >+ldb_binary_encode: char *(TALLOC_CTX *, struct ldb_val) >+ldb_binary_encode_string: char *(TALLOC_CTX *, const char *) >+ldb_build_add_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_del_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_extended_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const char *, void *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_mod_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_rename_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, struct ldb_dn *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_search_req: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, const char *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_build_search_req_ex: int (struct ldb_request **, struct ldb_context *, TALLOC_CTX *, struct ldb_dn *, enum ldb_scope, struct ldb_parse_tree *, const char * const *, struct ldb_control **, void *, ldb_request_callback_t, struct ldb_request *) >+ldb_casefold: char *(struct ldb_context *, TALLOC_CTX *, const char *, size_t) >+ldb_casefold_default: char *(void *, TALLOC_CTX *, const char *, size_t) >+ldb_check_critical_controls: int (struct ldb_control **) >+ldb_comparison_binary: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *) >+ldb_comparison_fold: int (struct ldb_context *, void *, const struct ldb_val *, const struct ldb_val *) >+ldb_connect: int (struct ldb_context *, const char *, unsigned int, const char **) >+ldb_control_to_string: char *(TALLOC_CTX *, const struct ldb_control *) >+ldb_controls_except_specified: struct ldb_control **(struct ldb_control **, TALLOC_CTX *, struct ldb_control *) >+ldb_debug: void (struct ldb_context *, enum ldb_debug_level, const char *, ...) >+ldb_debug_add: void (struct ldb_context *, const char *, ...) >+ldb_debug_end: void (struct ldb_context *, enum ldb_debug_level) >+ldb_debug_set: void (struct ldb_context *, enum ldb_debug_level, const char *, ...) >+ldb_delete: int (struct ldb_context *, struct ldb_dn *) >+ldb_dn_add_base: bool (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_add_base_fmt: bool (struct ldb_dn *, const char *, ...) >+ldb_dn_add_child: bool (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_add_child_fmt: bool (struct ldb_dn *, const char *, ...) >+ldb_dn_add_child_val: bool (struct ldb_dn *, const char *, struct ldb_val) >+ldb_dn_alloc_casefold: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_alloc_linearized: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_canonical_ex_string: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_canonical_string: char *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_check_local: bool (struct ldb_module *, struct ldb_dn *) >+ldb_dn_check_special: bool (struct ldb_dn *, const char *) >+ldb_dn_compare: int (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_compare_base: int (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_copy: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_escape_value: char *(TALLOC_CTX *, struct ldb_val) >+ldb_dn_extended_add_syntax: int (struct ldb_context *, unsigned int, const struct ldb_dn_extended_syntax *) >+ldb_dn_extended_filter: void (struct ldb_dn *, const char * const *) >+ldb_dn_extended_syntax_by_name: const struct ldb_dn_extended_syntax *(struct ldb_context *, const char *) >+ldb_dn_from_ldb_val: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const struct ldb_val *) >+ldb_dn_get_casefold: const char *(struct ldb_dn *) >+ldb_dn_get_comp_num: int (struct ldb_dn *) >+ldb_dn_get_component_name: const char *(struct ldb_dn *, unsigned int) >+ldb_dn_get_component_val: const struct ldb_val *(struct ldb_dn *, unsigned int) >+ldb_dn_get_extended_comp_num: int (struct ldb_dn *) >+ldb_dn_get_extended_component: const struct ldb_val *(struct ldb_dn *, const char *) >+ldb_dn_get_extended_linearized: char *(TALLOC_CTX *, struct ldb_dn *, int) >+ldb_dn_get_ldb_context: struct ldb_context *(struct ldb_dn *) >+ldb_dn_get_linearized: const char *(struct ldb_dn *) >+ldb_dn_get_parent: struct ldb_dn *(TALLOC_CTX *, struct ldb_dn *) >+ldb_dn_get_rdn_name: const char *(struct ldb_dn *) >+ldb_dn_get_rdn_val: const struct ldb_val *(struct ldb_dn *) >+ldb_dn_has_extended: bool (struct ldb_dn *) >+ldb_dn_is_null: bool (struct ldb_dn *) >+ldb_dn_is_special: bool (struct ldb_dn *) >+ldb_dn_is_valid: bool (struct ldb_dn *) >+ldb_dn_map_local: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) >+ldb_dn_map_rebase_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) >+ldb_dn_map_remote: struct ldb_dn *(struct ldb_module *, void *, struct ldb_dn *) >+ldb_dn_minimise: bool (struct ldb_dn *) >+ldb_dn_new: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *) >+ldb_dn_new_fmt: struct ldb_dn *(TALLOC_CTX *, struct ldb_context *, const char *, ...) >+ldb_dn_remove_base_components: bool (struct ldb_dn *, unsigned int) >+ldb_dn_remove_child_components: bool (struct ldb_dn *, unsigned int) >+ldb_dn_remove_extended_components: void (struct ldb_dn *) >+ldb_dn_replace_components: bool (struct ldb_dn *, struct ldb_dn *) >+ldb_dn_set_component: int (struct ldb_dn *, int, const char *, const struct ldb_val) >+ldb_dn_set_extended_component: int (struct ldb_dn *, const char *, const struct ldb_val *) >+ldb_dn_update_components: int (struct ldb_dn *, const struct ldb_dn *) >+ldb_dn_validate: bool (struct ldb_dn *) >+ldb_dump_results: void (struct ldb_context *, struct ldb_result *, FILE *) >+ldb_error_at: int (struct ldb_context *, int, const char *, const char *, int) >+ldb_errstring: const char *(struct ldb_context *) >+ldb_extended: int (struct ldb_context *, const char *, void *, struct ldb_result **) >+ldb_extended_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_filter_from_tree: char *(TALLOC_CTX *, const struct ldb_parse_tree *) >+ldb_get_config_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_get_create_perms: unsigned int (struct ldb_context *) >+ldb_get_default_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_get_event_context: struct tevent_context *(struct ldb_context *) >+ldb_get_flags: unsigned int (struct ldb_context *) >+ldb_get_opaque: void *(struct ldb_context *, const char *) >+ldb_get_root_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_get_schema_basedn: struct ldb_dn *(struct ldb_context *) >+ldb_global_init: int (void) >+ldb_handle_get_event_context: struct tevent_context *(struct ldb_handle *) >+ldb_handle_new: struct ldb_handle *(TALLOC_CTX *, struct ldb_context *) >+ldb_handle_use_global_event_context: void (struct ldb_handle *) >+ldb_handler_copy: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *) >+ldb_handler_fold: int (struct ldb_context *, void *, const struct ldb_val *, struct ldb_val *) >+ldb_init: struct ldb_context *(TALLOC_CTX *, struct tevent_context *) >+ldb_ldif_message_redacted_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *) >+ldb_ldif_message_string: char *(struct ldb_context *, TALLOC_CTX *, enum ldb_changetype, const struct ldb_message *) >+ldb_ldif_parse_modrdn: int (struct ldb_context *, const struct ldb_ldif *, TALLOC_CTX *, struct ldb_dn **, struct ldb_dn **, bool *, struct ldb_dn **, struct ldb_dn **) >+ldb_ldif_read: struct ldb_ldif *(struct ldb_context *, int (*)(void *), void *) >+ldb_ldif_read_file: struct ldb_ldif *(struct ldb_context *, FILE *) >+ldb_ldif_read_file_state: struct ldb_ldif *(struct ldb_context *, struct ldif_read_file_state *) >+ldb_ldif_read_free: void (struct ldb_context *, struct ldb_ldif *) >+ldb_ldif_read_string: struct ldb_ldif *(struct ldb_context *, const char **) >+ldb_ldif_write: int (struct ldb_context *, int (*)(void *, const char *, ...), void *, const struct ldb_ldif *) >+ldb_ldif_write_file: int (struct ldb_context *, FILE *, const struct ldb_ldif *) >+ldb_ldif_write_redacted_trace_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *) >+ldb_ldif_write_string: char *(struct ldb_context *, TALLOC_CTX *, const struct ldb_ldif *) >+ldb_load_modules: int (struct ldb_context *, const char **) >+ldb_map_add: int (struct ldb_module *, struct ldb_request *) >+ldb_map_delete: int (struct ldb_module *, struct ldb_request *) >+ldb_map_init: int (struct ldb_module *, const struct ldb_map_attribute *, const struct ldb_map_objectclass *, const char * const *, const char *, const char *) >+ldb_map_modify: int (struct ldb_module *, struct ldb_request *) >+ldb_map_rename: int (struct ldb_module *, struct ldb_request *) >+ldb_map_search: int (struct ldb_module *, struct ldb_request *) >+ldb_match_message: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, enum ldb_scope, bool *) >+ldb_match_msg: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope) >+ldb_match_msg_error: int (struct ldb_context *, const struct ldb_message *, const struct ldb_parse_tree *, struct ldb_dn *, enum ldb_scope, bool *) >+ldb_match_msg_objectclass: int (const struct ldb_message *, const char *) >+ldb_mod_register_control: int (struct ldb_module *, const char *) >+ldb_modify: int (struct ldb_context *, const struct ldb_message *) >+ldb_modify_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_module_call_chain: char *(struct ldb_request *, TALLOC_CTX *) >+ldb_module_connect_backend: int (struct ldb_context *, const char *, const char **, struct ldb_module **) >+ldb_module_done: int (struct ldb_request *, struct ldb_control **, struct ldb_extended *, int) >+ldb_module_flags: uint32_t (struct ldb_context *) >+ldb_module_get_ctx: struct ldb_context *(struct ldb_module *) >+ldb_module_get_name: const char *(struct ldb_module *) >+ldb_module_get_ops: const struct ldb_module_ops *(struct ldb_module *) >+ldb_module_get_private: void *(struct ldb_module *) >+ldb_module_init_chain: int (struct ldb_context *, struct ldb_module *) >+ldb_module_load_list: int (struct ldb_context *, const char **, struct ldb_module *, struct ldb_module **) >+ldb_module_new: struct ldb_module *(TALLOC_CTX *, struct ldb_context *, const char *, const struct ldb_module_ops *) >+ldb_module_next: struct ldb_module *(struct ldb_module *) >+ldb_module_popt_options: struct poptOption **(struct ldb_context *) >+ldb_module_send_entry: int (struct ldb_request *, struct ldb_message *, struct ldb_control **) >+ldb_module_send_referral: int (struct ldb_request *, char *) >+ldb_module_set_next: void (struct ldb_module *, struct ldb_module *) >+ldb_module_set_private: void (struct ldb_module *, void *) >+ldb_modules_hook: int (struct ldb_context *, enum ldb_module_hook_type) >+ldb_modules_list_from_string: const char **(struct ldb_context *, TALLOC_CTX *, const char *) >+ldb_modules_load: int (const char *, const char *) >+ldb_msg_add: int (struct ldb_message *, const struct ldb_message_element *, int) >+ldb_msg_add_empty: int (struct ldb_message *, const char *, int, struct ldb_message_element **) >+ldb_msg_add_fmt: int (struct ldb_message *, const char *, const char *, ...) >+ldb_msg_add_linearized_dn: int (struct ldb_message *, const char *, struct ldb_dn *) >+ldb_msg_add_steal_string: int (struct ldb_message *, const char *, char *) >+ldb_msg_add_steal_value: int (struct ldb_message *, const char *, struct ldb_val *) >+ldb_msg_add_string: int (struct ldb_message *, const char *, const char *) >+ldb_msg_add_value: int (struct ldb_message *, const char *, const struct ldb_val *, struct ldb_message_element **) >+ldb_msg_canonicalize: struct ldb_message *(struct ldb_context *, const struct ldb_message *) >+ldb_msg_check_string_attribute: int (const struct ldb_message *, const char *, const char *) >+ldb_msg_copy: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *) >+ldb_msg_copy_attr: int (struct ldb_message *, const char *, const char *) >+ldb_msg_copy_shallow: struct ldb_message *(TALLOC_CTX *, const struct ldb_message *) >+ldb_msg_diff: struct ldb_message *(struct ldb_context *, struct ldb_message *, struct ldb_message *) >+ldb_msg_difference: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message *, struct ldb_message *, struct ldb_message **) >+ldb_msg_element_compare: int (struct ldb_message_element *, struct ldb_message_element *) >+ldb_msg_element_compare_name: int (struct ldb_message_element *, struct ldb_message_element *) >+ldb_msg_element_equal_ordered: bool (const struct ldb_message_element *, const struct ldb_message_element *) >+ldb_msg_find_attr_as_bool: int (const struct ldb_message *, const char *, int) >+ldb_msg_find_attr_as_dn: struct ldb_dn *(struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, const char *) >+ldb_msg_find_attr_as_double: double (const struct ldb_message *, const char *, double) >+ldb_msg_find_attr_as_int: int (const struct ldb_message *, const char *, int) >+ldb_msg_find_attr_as_int64: int64_t (const struct ldb_message *, const char *, int64_t) >+ldb_msg_find_attr_as_string: const char *(const struct ldb_message *, const char *, const char *) >+ldb_msg_find_attr_as_uint: unsigned int (const struct ldb_message *, const char *, unsigned int) >+ldb_msg_find_attr_as_uint64: uint64_t (const struct ldb_message *, const char *, uint64_t) >+ldb_msg_find_common_values: int (struct ldb_context *, TALLOC_CTX *, struct ldb_message_element *, struct ldb_message_element *, uint32_t) >+ldb_msg_find_duplicate_val: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message_element *, struct ldb_val **, uint32_t) >+ldb_msg_find_element: struct ldb_message_element *(const struct ldb_message *, const char *) >+ldb_msg_find_ldb_val: const struct ldb_val *(const struct ldb_message *, const char *) >+ldb_msg_find_val: struct ldb_val *(const struct ldb_message_element *, struct ldb_val *) >+ldb_msg_new: struct ldb_message *(TALLOC_CTX *) >+ldb_msg_normalize: int (struct ldb_context *, TALLOC_CTX *, const struct ldb_message *, struct ldb_message **) >+ldb_msg_remove_attr: void (struct ldb_message *, const char *) >+ldb_msg_remove_element: void (struct ldb_message *, struct ldb_message_element *) >+ldb_msg_rename_attr: int (struct ldb_message *, const char *, const char *) >+ldb_msg_sanity_check: int (struct ldb_context *, const struct ldb_message *) >+ldb_msg_sort_elements: void (struct ldb_message *) >+ldb_next_del_trans: int (struct ldb_module *) >+ldb_next_end_trans: int (struct ldb_module *) >+ldb_next_init: int (struct ldb_module *) >+ldb_next_prepare_commit: int (struct ldb_module *) >+ldb_next_read_lock: int (struct ldb_module *) >+ldb_next_read_unlock: int (struct ldb_module *) >+ldb_next_remote_request: int (struct ldb_module *, struct ldb_request *) >+ldb_next_request: int (struct ldb_module *, struct ldb_request *) >+ldb_next_start_trans: int (struct ldb_module *) >+ldb_op_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_options_find: const char *(struct ldb_context *, const char **, const char *) >+ldb_pack_data: int (struct ldb_context *, const struct ldb_message *, struct ldb_val *) >+ldb_parse_control_from_string: struct ldb_control *(struct ldb_context *, TALLOC_CTX *, const char *) >+ldb_parse_control_strings: struct ldb_control **(struct ldb_context *, TALLOC_CTX *, const char **) >+ldb_parse_tree: struct ldb_parse_tree *(TALLOC_CTX *, const char *) >+ldb_parse_tree_attr_replace: void (struct ldb_parse_tree *, const char *, const char *) >+ldb_parse_tree_copy_shallow: struct ldb_parse_tree *(TALLOC_CTX *, const struct ldb_parse_tree *) >+ldb_parse_tree_walk: int (struct ldb_parse_tree *, int (*)(struct ldb_parse_tree *, void *), void *) >+ldb_qsort: void (void * const, size_t, size_t, void *, ldb_qsort_cmp_fn_t) >+ldb_register_backend: int (const char *, ldb_connect_fn, bool) >+ldb_register_extended_match_rule: int (struct ldb_context *, const struct ldb_extended_match_rule *) >+ldb_register_hook: int (ldb_hook_fn) >+ldb_register_module: int (const struct ldb_module_ops *) >+ldb_rename: int (struct ldb_context *, struct ldb_dn *, struct ldb_dn *) >+ldb_reply_add_control: int (struct ldb_reply *, const char *, bool, void *) >+ldb_reply_get_control: struct ldb_control *(struct ldb_reply *, const char *) >+ldb_req_get_custom_flags: uint32_t (struct ldb_request *) >+ldb_req_is_untrusted: bool (struct ldb_request *) >+ldb_req_location: const char *(struct ldb_request *) >+ldb_req_mark_trusted: void (struct ldb_request *) >+ldb_req_mark_untrusted: void (struct ldb_request *) >+ldb_req_set_custom_flags: void (struct ldb_request *, uint32_t) >+ldb_req_set_location: void (struct ldb_request *, const char *) >+ldb_request: int (struct ldb_context *, struct ldb_request *) >+ldb_request_add_control: int (struct ldb_request *, const char *, bool, void *) >+ldb_request_done: int (struct ldb_request *, int) >+ldb_request_get_control: struct ldb_control *(struct ldb_request *, const char *) >+ldb_request_get_status: int (struct ldb_request *) >+ldb_request_replace_control: int (struct ldb_request *, const char *, bool, void *) >+ldb_request_set_state: void (struct ldb_request *, int) >+ldb_reset_err_string: void (struct ldb_context *) >+ldb_save_controls: int (struct ldb_control *, struct ldb_request *, struct ldb_control ***) >+ldb_schema_attribute_add: int (struct ldb_context *, const char *, unsigned int, const char *) >+ldb_schema_attribute_add_with_syntax: int (struct ldb_context *, const char *, unsigned int, const struct ldb_schema_syntax *) >+ldb_schema_attribute_by_name: const struct ldb_schema_attribute *(struct ldb_context *, const char *) >+ldb_schema_attribute_fill_with_syntax: int (struct ldb_context *, TALLOC_CTX *, const char *, unsigned int, const struct ldb_schema_syntax *, struct ldb_schema_attribute *) >+ldb_schema_attribute_remove: void (struct ldb_context *, const char *) >+ldb_schema_attribute_remove_flagged: void (struct ldb_context *, unsigned int) >+ldb_schema_attribute_set_override_handler: void (struct ldb_context *, ldb_attribute_handler_override_fn_t, void *) >+ldb_schema_set_override_GUID_index: void (struct ldb_context *, const char *, const char *) >+ldb_schema_set_override_indexlist: void (struct ldb_context *, bool) >+ldb_search: int (struct ldb_context *, TALLOC_CTX *, struct ldb_result **, struct ldb_dn *, enum ldb_scope, const char * const *, const char *, ...) >+ldb_search_default_callback: int (struct ldb_request *, struct ldb_reply *) >+ldb_sequence_number: int (struct ldb_context *, enum ldb_sequence_type, uint64_t *) >+ldb_set_create_perms: void (struct ldb_context *, unsigned int) >+ldb_set_debug: int (struct ldb_context *, void (*)(void *, enum ldb_debug_level, const char *, va_list), void *) >+ldb_set_debug_stderr: int (struct ldb_context *) >+ldb_set_default_dns: void (struct ldb_context *) >+ldb_set_errstring: void (struct ldb_context *, const char *) >+ldb_set_event_context: void (struct ldb_context *, struct tevent_context *) >+ldb_set_flags: void (struct ldb_context *, unsigned int) >+ldb_set_modules_dir: void (struct ldb_context *, const char *) >+ldb_set_opaque: int (struct ldb_context *, const char *, void *) >+ldb_set_require_private_event_context: void (struct ldb_context *) >+ldb_set_timeout: int (struct ldb_context *, struct ldb_request *, int) >+ldb_set_timeout_from_prev_req: int (struct ldb_context *, struct ldb_request *, struct ldb_request *) >+ldb_set_utf8_default: void (struct ldb_context *) >+ldb_set_utf8_fns: void (struct ldb_context *, void *, char *(*)(void *, void *, const char *, size_t)) >+ldb_setup_wellknown_attributes: int (struct ldb_context *) >+ldb_should_b64_encode: int (struct ldb_context *, const struct ldb_val *) >+ldb_standard_syntax_by_name: const struct ldb_schema_syntax *(struct ldb_context *, const char *) >+ldb_strerror: const char *(int) >+ldb_string_to_time: time_t (const char *) >+ldb_string_utc_to_time: time_t (const char *) >+ldb_timestring: char *(TALLOC_CTX *, time_t) >+ldb_timestring_utc: char *(TALLOC_CTX *, time_t) >+ldb_transaction_cancel: int (struct ldb_context *) >+ldb_transaction_cancel_noerr: int (struct ldb_context *) >+ldb_transaction_commit: int (struct ldb_context *) >+ldb_transaction_prepare_commit: int (struct ldb_context *) >+ldb_transaction_start: int (struct ldb_context *) >+ldb_unpack_data: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *) >+ldb_unpack_data_only_attr_list: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int *) >+ldb_unpack_data_only_attr_list_flags: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int, unsigned int *) >+ldb_val_dup: struct ldb_val (TALLOC_CTX *, const struct ldb_val *) >+ldb_val_equal_exact: int (const struct ldb_val *, const struct ldb_val *) >+ldb_val_map_local: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) >+ldb_val_map_remote: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *) >+ldb_val_string_cmp: int (const struct ldb_val *, const char *) >+ldb_val_to_time: int (const struct ldb_val *, time_t *) >+ldb_valid_attr_name: int (const char *) >+ldb_vdebug: void (struct ldb_context *, enum ldb_debug_level, const char *, va_list) >+ldb_wait: int (struct ldb_handle *, enum ldb_wait_type) >diff --git a/lib/ldb/ABI/pyldb-util-1.5.4.sigs b/lib/ldb/ABI/pyldb-util-1.5.4.sigs >new file mode 100644 >index 00000000000..74d6719d2bc >--- /dev/null >+++ b/lib/ldb/ABI/pyldb-util-1.5.4.sigs >@@ -0,0 +1,2 @@ >+pyldb_Dn_FromDn: PyObject *(struct ldb_dn *) >+pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **) >diff --git a/lib/ldb/ABI/pyldb-util.py3-1.5.4.sigs b/lib/ldb/ABI/pyldb-util.py3-1.5.4.sigs >new file mode 100644 >index 00000000000..74d6719d2bc >--- /dev/null >+++ b/lib/ldb/ABI/pyldb-util.py3-1.5.4.sigs >@@ -0,0 +1,2 @@ >+pyldb_Dn_FromDn: PyObject *(struct ldb_dn *) >+pyldb_Object_AsDn: bool (TALLOC_CTX *, PyObject *, struct ldb_context *, struct ldb_dn **) >diff --git a/lib/ldb/wscript b/lib/ldb/wscript >index cff3ee2d2d3..d3402a7b5b2 100644 >--- a/lib/ldb/wscript >+++ b/lib/ldb/wscript >@@ -1,7 +1,7 @@ > #!/usr/bin/env python > > APPNAME = 'ldb' >-VERSION = '1.5.3' >+VERSION = '1.5.4' > > import sys, os > >-- >2.17.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=14854">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
abartlet
:
review-
Actions:
View
Attachments on
bug 13773
:
14814
|
14815
|
14819
|
14845
|
14852
|
14853
|
14854
|
14855
|
14856
|
14857
|
14858
|
14859