[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Fri Jun 16 21:44:02 UTC 2017
The branch, master has been updated
via 60cae0a dsdb: Add comment explaining requirements on DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID
via 5561218 dsdb: Do not prevent searches for @ATTRIBUTES because the DB is not set up yet
via ec9b1e8 dsdb: Do not run dsdb_replace() on the calculated difference between old and new schema
via 5067bce selftest: confirm that two attributes are also correctly set in the @ records
via cccd578 selftest: Fix failure message in dsdb_schema_info
via b4ae820 krb5_wrap: handle KRB5_ERR_HOST_REALM_UNKNOWN in smb_krb5_get_realm_from_hostname()
via 3d96b09 s4:gensec_gssapi: fix CID 1409781: Possible Control flow issues (DEADCODE)
via 1b88c5d selftest: Also wait for winbindd to start
via 8d53ff1 selftest: Correctly print message when nbt is not up in 20 seconds
via 1fe7ec2 tevent_threads: Fix a rundown race introduced with 1828011317b
from aafc1c2 dsdb: Remember the last ACL we read during a search and what it expanded to
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 60cae0a7045a43f5da5c00e95308f2e1ec1b3161
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Jun 10 19:23:34 2017 +1200
dsdb: Add comment explaining requirements on DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Jun 16 23:43:46 CEST 2017 on sn-devel-144
commit 5561218d2811aa5e226d29bf2880e84a56bac904
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Jun 8 23:17:20 2017 +1200
dsdb: Do not prevent searches for @ATTRIBUTES because the DB is not set up yet
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit ec9b1e881c3eef503d6b4b311594113acf7d47d8
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jun 7 10:44:50 2017 +1200
dsdb: Do not run dsdb_replace() on the calculated difference between old and new schema
We can set the database @INDEXLIST and @ATTRIBUTES to the full calculated
values, not the difference, and let the ldb layer work it out under the
transaction lock.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 5067bceaa21fe86fa77a1aeb88a4bce3ba07e479
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Jun 16 14:13:42 2017 +1200
selftest: confirm that two attributes are also correctly set in the @ records
This shows that the current behaviour in dsdb_schema_set_indices_and_attributes(), while
not ideal, is not actually buggy.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit cccd5786f06a23d142d3a4cf75039d80b9987433
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jun 14 13:11:56 2017 +1200
selftest: Fix failure message in dsdb_schema_info
The rename changes the CN, not the lDAPDisplayName
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit b4ae820648dcbc265a89d271538c5e97137a8353
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Jun 11 23:19:01 2017 +0200
krb5_wrap: handle KRB5_ERR_HOST_REALM_UNKNOWN in smb_krb5_get_realm_from_hostname()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3d96b093b7d24534ae091b626ea044c6bae7930d
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue May 23 15:05:25 2017 +0200
s4:gensec_gssapi: fix CID 1409781: Possible Control flow issues (DEADCODE)
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 1b88c5d4c0e5da2e4092a06f6cd6bf3c8b767883
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Jun 15 16:20:11 2017 +1200
selftest: Also wait for winbindd to start
This ensures that the posixacl.py test does not race against winbindd starting up and so
give wrong mappings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12843
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 8d53ff10f8912f31e491b554d45aa0c9be041487
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Jun 15 16:19:17 2017 +1200
selftest: Correctly print message when nbt is not up in 20 seconds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12843
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 1fe7ec237a7036d76764ef1981de6b3000b2cfd3
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jun 15 11:48:24 2017 +0200
tevent_threads: Fix a rundown race introduced with 1828011317b
The race is easily reproduced by adding a poll(NULL,0,10) in between the two
pthread_mutex_unlock calls in _tevent_threaded_schedule_immediate.
Before 1828011317b, the main thread was signalled only after the helper
had already unlocked event_ctx_mutex.
Full explaination follows:
-----------------------------------------------------------------
Inside _tevent_threaded_schedule_immediate() we have:
476 ret = pthread_mutex_unlock(&ev->scheduled_mutex);
477 if (ret != 0) {
478 abort();
479 }
HERE!!!!
481 ret = pthread_mutex_unlock(&tctx->event_ctx_mutex);
482 if (ret != 0) {
483 abort();
484 }
At the HERE!!! point, what happens is tevent_common_threaded_activate_immediate(),
which is blocked on ev->scheduled_mutex, get released and does:
514 while (ev->scheduled_immediates != NULL) {
515 struct tevent_immediate *im = ev->scheduled_immediates;
516 DLIST_REMOVE(ev->scheduled_immediates, im);
517 DLIST_ADD_END(ev->immediate_events, im);
518 }
- making an immediate event ready to be scheduled.
This then returns into epoll_event_loop_once(), which then calls:
910 if (ev->immediate_events &&
911 tevent_common_loop_immediate(ev)) {
912 return 0;
913 }
which causes the immediate event to fire. This immediate
event is the pthread job terminate event, which was previously
set up in pthreadpool_tevent_job_signal() by:
198 if (state->tctx != NULL) {
199 /* with HAVE_PTHREAD */
200 tevent_threaded_schedule_immediate(state->tctx, state->im,
201 pthreadpool_tevent_job_done,
202 state);
So we now call pthreadpool_tevent_job_done() - which does:
225 TALLOC_FREE(state->tctx);
calling tevent_threaded_context_destructor():
384 ret = pthread_mutex_destroy(&tctx->event_ctx_mutex); <---------------- BOOM returns an error !
385 if (ret != 0) {
386 abort();
387 }
as we haven't gotten to line 481 above (the line after
HERE!!!!) so the tctx->event_ctx_mutex is still
locked when we try to destroy it.
So doing an additional:
ret = pthread_mutex_lock(&tctx->event_ctx_mutex);
ret = pthread_mutex_unlock(&tctx->event_ctx_mutex);
(error checking elided) forces tevent_threaded_context_destructor()
to wait until tctx->event_ctx_mutex is unlocked before it locks/unlocks
and then is guaranteed safe to destroy.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/krb5_wrap/krb5_samba.c | 4 +++
lib/tevent/tevent_threads.c | 17 +++++++++++
python/samba/tests/dsdb_schema_attributes.py | 41 +++++++++++++++++++++++++--
selftest/target/Samba4.pm | 24 +++++++++++++++-
source4/auth/gensec/gensec_gssapi.c | 5 +++-
source4/dsdb/samdb/ldb_modules/schema_load.c | 3 +-
source4/dsdb/samdb/ldb_modules/show_deleted.c | 5 ++++
source4/dsdb/schema/schema_set.c | 14 +++++++--
source4/dsdb/tests/python/dsdb_schema_info.py | 4 +--
9 files changed, 108 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 2e43f79..0c8b402 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -2669,6 +2669,10 @@ char *smb_krb5_get_realm_from_hostname(TALLOC_CTX *mem_ctx,
}
kerr = krb5_get_host_realm(ctx, hostname, &realm_list);
+ if (kerr == KRB5_ERR_HOST_REALM_UNKNOWN) {
+ realm_list = NULL;
+ kerr = 0;
+ }
if (kerr != 0) {
DEBUG(3,("kerberos_get_realm_from_hostname %s: "
"failed %s\n",
diff --git a/lib/tevent/tevent_threads.c b/lib/tevent/tevent_threads.c
index 8ecda02..4d1a880 100644
--- a/lib/tevent/tevent_threads.c
+++ b/lib/tevent/tevent_threads.c
@@ -381,6 +381,23 @@ static int tevent_threaded_context_destructor(
DLIST_REMOVE(tctx->event_ctx->threaded_contexts, tctx);
}
+ /*
+ * We have to coordinate with _tevent_threaded_schedule_immediate's
+ * unlock of the event_ctx_mutex. We're in the main thread here,
+ * and we can be scheduled before the helper thread finalizes its
+ * call _tevent_threaded_schedule_immediate. This means we would
+ * pthreadpool_destroy a locked mutex, which is illegal.
+ */
+ ret = pthread_mutex_lock(&tctx->event_ctx_mutex);
+ if (ret != 0) {
+ abort();
+ }
+
+ ret = pthread_mutex_unlock(&tctx->event_ctx_mutex);
+ if (ret != 0) {
+ abort();
+ }
+
ret = pthread_mutex_destroy(&tctx->event_ctx_mutex);
if (ret != 0) {
abort();
diff --git a/python/samba/tests/dsdb_schema_attributes.py b/python/samba/tests/dsdb_schema_attributes.py
index 28f9078..df6c8bb 100644
--- a/python/samba/tests/dsdb_schema_attributes.py
+++ b/python/samba/tests/dsdb_schema_attributes.py
@@ -112,9 +112,7 @@ systemOnly: FALSE
self.assertIn(attr_ldap_name, [str(x) for x in idx_res[0]["@IDXATTR"]])
-
def test_AddUnIndexedAttribute(self):
-
# create names for an attribute to add
(attr_name, attr_ldap_name, attr_dn) = self._make_obj_names("schemaAttributes-Attr-")
ldif = self._make_attr_ldif(attr_name, attr_dn, 2)
@@ -136,3 +134,42 @@ systemOnly: FALSE
idx_res = self.samdb.search(base="@INDEXLIST", scope=ldb.SCOPE_BASE)
self.assertNotIn(attr_ldap_name, [str(x) for x in idx_res[0]["@IDXATTR"]])
+
+
+ def test_AddTwoIndexedAttributes(self):
+ # create names for an attribute to add
+ (attr_name, attr_ldap_name, attr_dn) = self._make_obj_names("schemaAttributes-Attr-")
+ ldif = self._make_attr_ldif(attr_name, attr_dn, 3,
+ "searchFlags: %d" % samba.dsdb.SEARCH_FLAG_ATTINDEX)
+
+ # add the new attribute
+ self.samdb.add_ldif(ldif)
+ self._ldap_schemaUpdateNow()
+
+ # create names for an attribute to add
+ (attr_name2, attr_ldap_name2, attr_dn2) = self._make_obj_names("schemaAttributes-Attr-")
+ ldif = self._make_attr_ldif(attr_name2, attr_dn2, 4,
+ "searchFlags: %d" % samba.dsdb.SEARCH_FLAG_ATTINDEX)
+
+ # add the new attribute
+ self.samdb.add_ldif(ldif)
+ self._ldap_schemaUpdateNow()
+
+ # Check @ATTRIBUTES
+
+ attr_res = self.samdb.search(base="@ATTRIBUTES", scope=ldb.SCOPE_BASE)
+
+ self.assertIn(attr_ldap_name, attr_res[0])
+ self.assertEquals(len(attr_res[0][attr_ldap_name]), 1)
+ self.assertEquals(attr_res[0][attr_ldap_name][0], "CASE_INSENSITIVE")
+
+ self.assertIn(attr_ldap_name2, attr_res[0])
+ self.assertEquals(len(attr_res[0][attr_ldap_name2]), 1)
+ self.assertEquals(attr_res[0][attr_ldap_name2][0], "CASE_INSENSITIVE")
+
+ # Check @INDEXLIST
+
+ idx_res = self.samdb.search(base="@INDEXLIST", scope=ldb.SCOPE_BASE)
+
+ self.assertIn(attr_ldap_name, [str(x) for x in idx_res[0]["@IDXATTR"]])
+ self.assertIn(attr_ldap_name2, [str(x) for x in idx_res[0]["@IDXATTR"]])
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 316ef83..ea81d7d 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -207,7 +207,7 @@ sub wait_for_start($$)
}
$count++;
} while ($ret != 0 && $count < 20);
- if ($count == 10) {
+ if ($count == 20) {
warn("nbt not reachable after 20 retries\n");
teardown_env($self, $testenv_vars);
return 0;
@@ -245,6 +245,28 @@ sub wait_for_start($$)
sleep(1);
}
}
+
+ my $wbinfo = Samba::bindir_path($self, "wbinfo");
+
+ $count = 0;
+ do {
+ my $cmd = "NSS_WRAPPER_PASSWD=$testenv_vars->{NSS_WRAPPER_PASSWD} ";
+ $cmd .= "NSS_WRAPPER_GROUP=$testenv_vars->{NSS_WRAPPER_GROUP} ";
+ $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=$testenv_vars->{SELFTEST_WINBINDD_SOCKET_DIR} ";
+ $cmd .= "$wbinfo -p";
+ $ret = system($cmd);
+
+ if ($ret != 0) {
+ sleep(1);
+ }
+ $count++;
+ } while ($ret != 0 && $count < 20);
+ if ($count == 20) {
+ warn("winbind not reachable after 20 retries\n");
+ teardown_env($self, $testenv_vars);
+ return 0;
+ }
+
print $self->getlog_env($testenv_vars);
return $ret
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index 8bc5452..a61b2b2 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -457,10 +457,11 @@ static NTSTATUS gensec_gssapi_update_internal(struct gensec_security *gensec_sec
switch (gensec_security->gensec_role) {
case GENSEC_CLIENT:
{
- bool fallback = false;
#ifdef SAMBA4_USES_HEIMDAL
struct gsskrb5_send_to_kdc send_to_kdc;
krb5_error_code ret;
+#else
+ bool fallback = false;
#endif
nt_status = gensec_gssapi_client_creds(gensec_security, ev);
@@ -581,10 +582,12 @@ static NTSTATUS gensec_gssapi_update_internal(struct gensec_security *gensec_sec
return NT_STATUS_NO_MEMORY;
}
+#ifndef SAMBA4_USES_HEIMDAL
if (fallback &&
strequal(client_realm, server_realm)) {
goto init_sec_context_done;
}
+#endif /* !SAMBA4_USES_HEIMDAL */
nt_status = gensec_gssapi_setup_server_principal(gensec_gssapi_state,
target_principal,
diff --git a/source4/dsdb/samdb/ldb_modules/schema_load.c b/source4/dsdb/samdb/ldb_modules/schema_load.c
index 6ffa465..a2f8e57 100644
--- a/source4/dsdb/samdb/ldb_modules/schema_load.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_load.c
@@ -512,12 +512,13 @@ static int schema_load_del_transaction(struct ldb_module *module)
return ldb_next_del_trans(module);
}
+/* This is called in a transaction held by the callers */
static int schema_load_extended(struct ldb_module *module, struct ldb_request *req)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
struct dsdb_schema *schema;
int ret;
-
+
if (strcmp(req->op.extended.oid, DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID) != 0) {
return ldb_next_request(module, req);
}
diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c
index 773dcfb..6b5fdaa 100644
--- a/source4/dsdb/samdb/ldb_modules/show_deleted.c
+++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c
@@ -51,6 +51,11 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
int ret;
const char *attr_filter = NULL;
+ /* do not manipulate our control entries */
+ if (ldb_dn_is_special(req->op.search.base)) {
+ return ldb_next_request(module, req);
+ }
+
ldb = ldb_module_get_ctx(module);
state = talloc_get_type(ldb_module_get_private(module), struct show_deleted_state);
diff --git a/source4/dsdb/schema/schema_set.c b/source4/dsdb/schema/schema_set.c
index 977c9e3..df27e19 100644
--- a/source4/dsdb/schema/schema_set.c
+++ b/source4/dsdb/schema/schema_set.c
@@ -174,7 +174,12 @@ int dsdb_schema_set_indices_and_attributes(struct ldb_context *ldb,
goto op_error;
}
if (mod_msg->num_elements > 0) {
- ret = dsdb_replace(ldb, mod_msg, 0);
+ /*
+ * Do the replace with the constructed message,
+ * to avoid needing a lock between this search
+ * and the replace
+ */
+ ret = dsdb_replace(ldb, msg, 0);
}
talloc_free(mod_msg);
}
@@ -210,7 +215,12 @@ int dsdb_schema_set_indices_and_attributes(struct ldb_context *ldb,
goto op_error;
}
if (mod_msg->num_elements > 0) {
- ret = dsdb_replace(ldb, mod_msg, 0);
+ /*
+ * Do the replace with the constructed message,
+ * to avoid needing a lock between this search
+ * and the replace
+ */
+ ret = dsdb_replace(ldb, msg_idx, 0);
}
talloc_free(mod_msg);
}
diff --git a/source4/dsdb/tests/python/dsdb_schema_info.py b/source4/dsdb/tests/python/dsdb_schema_info.py
index 0ae95b3..f3452d6 100755
--- a/source4/dsdb/tests/python/dsdb_schema_info.py
+++ b/source4/dsdb/tests/python/dsdb_schema_info.py
@@ -141,7 +141,7 @@ systemOnly: FALSE
try:
self.sam_db.rename(attr_dn, attr_dn_new)
except LdbError, (num, _):
- self.fail("failed to change lDAPDisplayName for %s: %s" % (attr_name, _))
+ self.fail("failed to change CN for %s: %s" % (attr_name, _))
# compare resulting schemaInfo
schi_after = self._getSchemaInfo()
@@ -187,7 +187,7 @@ systemOnly: FALSE
try:
self.sam_db.rename(class_dn, class_dn_new)
except LdbError, (num, _):
- self.fail("failed to change lDAPDisplayName for %s: %s" % (class_name, _))
+ self.fail("failed to change CN for %s: %s" % (class_name, _))
# compare resulting schemaInfo
schi_after = self._getSchemaInfo()
--
Samba Shared Repository
More information about the samba-cvs
mailing list