[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Fri Jun 30 04:24:02 UTC 2017
The branch, master has been updated
via 73bee8b show-deleted: Rename attr_filter to exclude_filter for clarity
via 92a30e5 show-deleted: Simplify the code to require as little logic as needed
via 618b5bd show-deleted: Remove an unnecessary search during connect
via 5c38760 show-deleted: Do not indicate an error if an object is missing.
via 587af50 dsdb: Add a dummy module to replace show_deleted
via 9e93abe travis-ci: Also build samba-systemkrb5
via 32de1f6 autobuild: Use new selftest.pl feature to run only some environments
via 6027721 selftest: Allow selftest.pl to run just some environments
via daeb74a debug: new debug class for kerberos
from 6cddaa5 auth/spnego: do basic state_position checking in gensec_spnego_update_in()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 73bee8b690edcc946f2e98aca711dd77d104e76e
Author: Garming Sam <garming at catalyst.net.nz>
Date: Fri Jun 23 12:37:01 2017 +1200
show-deleted: Rename attr_filter to exclude_filter for clarity
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Jun 30 06:23:39 CEST 2017 on sn-devel-144
commit 92a30e5ecbc0643a2ea8c09cda5ed95d01d04320
Author: Garming Sam <garming at catalyst.net.nz>
Date: Fri Jun 23 12:35:56 2017 +1200
show-deleted: Simplify the code to require as little logic as needed
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 618b5bd6eb00a523cdf25949086d2e2b439d0093
Author: Garming Sam <garming at catalyst.net.nz>
Date: Fri Jun 23 12:18:35 2017 +1200
show-deleted: Remove an unnecessary search during connect
This is only required if you supply SHOW_RECYCLED or SHOW_DELETED. Note
that any add does trigger this (through callbacks in the modules in acl,
objectclass etc.).
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5c3876070887fe9040583c311a299880fe838216
Author: Garming Sam <garming at catalyst.net.nz>
Date: Tue Jun 27 13:02:49 2017 +1200
show-deleted: Do not indicate an error if an object is missing.
This happens during provision, however due to the fact that the first
search in the rootDSE init does not check return codes, this was done
implicitly (and coincidentally).
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 587af5093651af6cc354acb4923ac8c97cef2885
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Jun 28 12:22:05 2017 +1200
dsdb: Add a dummy module to replace show_deleted
This helps when we improve show_deleted in a way that the fake database in samba3sam can not cover
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit 9e93abe8a25aa78af460cc13d5125863611243f2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri May 5 22:33:47 2017 +0200
travis-ci: Also build samba-systemkrb5
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit 32de1f6aa42637c5f3f19ae746e930dc406554e0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Jun 30 11:11:05 2017 +1200
autobuild: Use new selftest.pl feature to run only some environments
This is cleaner than test filtering with regular expressions
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit 602772159dfd1213385f42ecbf31136f57693b63
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Feb 28 10:45:24 2017 +1300
selftest: Allow selftest.pl to run just some environments
This makes it easier to declare that some autobuild environments
only run some selftest environments.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit daeb74aed8741ec80ccc2121da3a24b51ccfa021
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue May 16 08:32:03 2017 +1200
debug: new debug class for kerberos
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
.travis.yml | 1 +
docs-xml/smbdotconf/logging/loglevel.xml | 1 +
lib/util/debug.c | 1 +
lib/util/debug.h | 2 +
python/samba/tests/samba3sam.py | 2 +-
script/autobuild.py | 6 +-
selftest/selftest.pl | 34 ++++++++++-
source4/auth/kerberos/krb5_init_context.c | 2 +-
source4/dsdb/samdb/ldb_modules/samba3sam.c | 36 ++++++++++++
source4/dsdb/samdb/ldb_modules/show_deleted.c | 81 ++++++++++++++-------------
source4/dsdb/samdb/ldb_modules/util.c | 4 +-
11 files changed, 124 insertions(+), 46 deletions(-)
Changeset truncated at 500 lines:
diff --git a/.travis.yml b/.travis.yml
index ce0e745..4c68c72 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -13,6 +13,7 @@ env:
- TASK=samba-static
- TASK=samba-o3
- TASK=samba-nopython
+ - TASK=samba-systemkrb5
- TASK=ldb
- TASK=tdb
- TASK=talloc
diff --git a/docs-xml/smbdotconf/logging/loglevel.xml b/docs-xml/smbdotconf/logging/loglevel.xml
index 533ba3d..1a3767d 100644
--- a/docs-xml/smbdotconf/logging/loglevel.xml
+++ b/docs-xml/smbdotconf/logging/loglevel.xml
@@ -43,6 +43,7 @@
<listitem><para><parameter moreinfo="none">tevent</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">auth_audit</parameter></para></listitem>
<listitem><para><parameter moreinfo="none">auth_json_audit</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">kerberos</parameter></para></listitem>
</itemizedlist>
<para>Authentication and authorization audit information is logged
diff --git a/lib/util/debug.c b/lib/util/debug.c
index 5abca41..d30b1a9 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -539,6 +539,7 @@ static const char *default_classname_table[] = {
[DBGC_TEVENT] = "tevent",
[DBGC_AUTH_AUDIT] = "auth_audit",
[DBGC_AUTH_AUDIT_JSON] = "auth_json_audit",
+ [DBGC_KERBEROS] = "kerberos",
};
/*
diff --git a/lib/util/debug.h b/lib/util/debug.h
index 9d5f438..71d8ed6 100644
--- a/lib/util/debug.h
+++ b/lib/util/debug.h
@@ -91,6 +91,8 @@ bool dbghdr( int level, const char *location, const char *func);
#define DBGC_TEVENT 23
#define DBGC_AUTH_AUDIT 24
#define DBGC_AUTH_AUDIT_JSON 25
+#define DBGC_KERBEROS 26
+
/* So you can define DBGC_CLASS before including debug.h */
#ifndef DBGC_CLASS
#define DBGC_CLASS 0 /* override as shown above */
diff --git a/python/samba/tests/samba3sam.py b/python/samba/tests/samba3sam.py
index 3a189e0..929523b 100644
--- a/python/samba/tests/samba3sam.py
+++ b/python/samba/tests/samba3sam.py
@@ -53,7 +53,7 @@ class MapBaseTestCase(TestCaseInTempDir):
"@TO": "sambaDomainName=TESTS," + s3.basedn})
ldb.add({"dn": "@MODULES",
- "@LIST": "rootdse,paged_results,server_sort,asq,samldb,password_hash,operational,objectguid,rdn_name,samba3sam,samba3sid,show_deleted,dsdb_flags_ignore,partition"})
+ "@LIST": "rootdse,paged_results,server_sort,asq,samldb,password_hash,operational,objectguid,rdn_name,samba3sam,samba3sid,show_deleted_ignore,dsdb_flags_ignore,partition"})
ldb.add({"dn": "@PARTITION",
"partition": ["%s" % (s4.basedn_casefold),
diff --git a/script/autobuild.py b/script/autobuild.py
index e4a52ee..a4ad544 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -93,11 +93,11 @@ tasks = {
" --cross-answers=./bin-xe/cross-answers.txt --with-selftest-prefix=./bin-xa/ab" + samba_configure_params, "text/plain"),
("compare-results", "script/compare_cc_results.py ./bin/c4che/default.cache.py ./bin-xe/c4che/default.cache.py ./bin-xa/c4che/default.cache.py", "text/plain")],
- # test build with -O3 -- catches extra warnings and bugs
+ # test build with -O3 -- catches extra warnings and bugs, tests the ad_dc environments
"samba-o3" : [ ("random-sleep", "../script/random-sleep.sh 60 600", "text/plain"),
("configure", "ADDITIONAL_CFLAGS='-O3' ./configure.developer --with-selftest-prefix=./bin/ab --abi-check-disable" + samba_configure_params, "text/plain"),
("make", "make -j", "text/plain"),
- ("test", "make quicktest FAIL_IMMEDIATELY=1 TESTS='\(ad_dc\)'", "text/plain"),
+ ("test", "make quicktest FAIL_IMMEDIATELY=1 TESTS='--include-env=ad_dc'", "text/plain"),
("install", "make install", "text/plain"),
("check-clean-tree", "script/clean-source-tree.sh", "text/plain"),
("clean", "make clean", "text/plain") ],
@@ -173,7 +173,7 @@ tasks = {
("make", "make -j", "text/plain"),
# we currently cannot run a full make test, a limited list of tests could be run
# via "make test TESTS=sometests"
- ("test", "make test FAIL_IMMEDIATELY=1 TESTS='samba3.*ktest'", "text/plain"),
+ ("test", "make test FAIL_IMMEDIATELY=1 TESTS='--include-env=ktest'", "text/plain"),
("install", "make install", "text/plain"),
("check-clean-tree", "script/clean-source-tree.sh", "text/plain"),
("clean", "make clean", "text/plain")
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 6869132..38de96d 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -47,6 +47,8 @@ my $opt_random_order = 0;
my $opt_one = 0;
my @opt_exclude = ();
my @opt_include = ();
+my @opt_exclude_env = ();
+my @opt_include_env = ();
my $opt_testenv = 0;
my $opt_list = 0;
my $opt_mitkrb5 = 0;
@@ -198,6 +200,8 @@ Generic options:
--testlist=FILE file to read available tests from
--exclude=FILE Exclude tests listed in the file
--include=FILE Include tests listed in the file
+ --exclude-env=ENV Exclude tests for the specified environment
+ --include-env=ENV Include tests for the specified environment
Paths:
--prefix=DIR prefix to run tests in [st]
@@ -243,6 +247,8 @@ my $result = GetOptions (
'one' => \$opt_one,
'exclude=s' => \@opt_exclude,
'include=s' => \@opt_include,
+ 'exclude-env=s' => \@opt_exclude_env,
+ 'include-env=s' => \@opt_include_env,
'srcdir=s' => \$srcdir,
'bindir=s' => \$bindir,
'testenv' => \$opt_testenv,
@@ -1080,12 +1086,38 @@ $envvarstr
my $name = $$_[0];
my $envname = $$_[1];
- my $envvars = setup_env($envname, $prefix);
+ my $envvars = "SKIP";
+
+ if (@opt_include_env) {
+ foreach my $env (@opt_include_env) {
+ if ($envname eq $env) {
+ $envvars = setup_env($envname, $prefix);
+ }
+ }
+ } elsif (@opt_exclude_env) {
+ my $excluded = 0;
+ foreach my $env (@opt_exclude_env) {
+ if ($envname eq $env) {
+ $excluded = 1;
+ }
+ }
+ if ($excluded == 0) {
+ $envvars = setup_env($envname, $prefix);
+ }
+ } else {
+ $envvars = setup_env($envname, $prefix);
+ }
+
if (not defined($envvars)) {
Subunit::start_testsuite($name);
Subunit::end_testsuite($name, "error",
"unable to set up environment $envname - exiting");
next;
+ } elsif ($envvars eq "SKIP") {
+ Subunit::start_testsuite($name);
+ Subunit::end_testsuite($name, "skip",
+ "environment $envname is disabled (via --exclude-env / --include-env command line options) in this test run - skipping");
+ next;
} elsif ($envvars eq "UNKNOWN") {
Subunit::start_testsuite($name);
Subunit::end_testsuite($name, "skip",
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index 7fcc8a6..e2c837a 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -77,7 +77,7 @@ static void smb_krb5_debug_close(void *private_data) {
#ifdef SAMBA4_USES_HEIMDAL
static void smb_krb5_debug_wrapper(const char *timestr, const char *msg, void *private_data)
{
- DEBUG(3, ("Kerberos: %s\n", msg));
+ DEBUGC(DBGC_KERBEROS, 3, ("Kerberos: %s\n", msg));
}
#endif
diff --git a/source4/dsdb/samdb/ldb_modules/samba3sam.c b/source4/dsdb/samdb/ldb_modules/samba3sam.c
index e9830c9..31c01a7 100644
--- a/source4/dsdb/samdb/ldb_modules/samba3sam.c
+++ b/source4/dsdb/samdb/ldb_modules/samba3sam.c
@@ -934,8 +934,44 @@ static const struct ldb_module_ops ldb_samba3sam_module_ops = {
.init_context = samba3sam_init,
};
+
+/* A dummy module to help the samba3sam tests */
+static int show_deleted_ignore_search(struct ldb_module *module, struct ldb_request *req)
+{
+ struct ldb_control *show_del, *show_rec;
+
+ /* check if there's a show deleted control */
+ show_del = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID);
+ /* check if there's a show recycled control */
+ show_rec = ldb_request_get_control(req, LDB_CONTROL_SHOW_RECYCLED_OID);
+
+ /* mark the controls as done */
+ if (show_del != NULL) {
+ show_del->critical = 0;
+ }
+ if (show_rec != NULL) {
+ show_rec->critical = 0;
+ }
+
+ /* perform the search */
+ return ldb_next_request(module, req);
+}
+
+static const struct ldb_module_ops ldb_show_deleted_module_ops = {
+ .name = "show_deleted_ignore",
+ .search = show_deleted_ignore_search
+};
+
int ldb_samba3sam_module_init(const char *version)
{
+ int ret;
+
LDB_MODULE_CHECK_VERSION(version);
+ ret = ldb_register_module(&ldb_show_deleted_module_ops);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
return ldb_register_module(&ldb_samba3sam_module_ops);
}
+
diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c
index 6b5fdaa..e3dcad5 100644
--- a/source4/dsdb/samdb/ldb_modules/show_deleted.c
+++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c
@@ -49,7 +49,7 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
struct ldb_parse_tree *new_tree = req->op.search.tree;
struct show_deleted_state *state;
int ret;
- const char *attr_filter = NULL;
+ const char *exclude_filter = NULL;
/* do not manipulate our control entries */
if (ldb_dn_is_special(req->op.search.base)) {
@@ -58,17 +58,6 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
ldb = ldb_module_get_ctx(module);
- state = talloc_get_type(ldb_module_get_private(module), struct show_deleted_state);
-
- /* note that state may be NULL during initialisation */
- if (state != NULL && state->need_refresh) {
- state->need_refresh = false;
- ret = dsdb_recyclebin_enabled(module, &state->recycle_bin_enabled);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
- }
-
/* This is the logic from MS-ADTS 3.1.1.3.4.1.14 that
determines if objects are visible
@@ -89,35 +78,51 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
/* check if there's a show recycled control */
show_rec = ldb_request_get_control(req, LDB_CONTROL_SHOW_RECYCLED_OID);
-
- if (state == NULL || !state->recycle_bin_enabled) {
- /* when recycle bin is not enabled, then all we look
- at is the isDeleted attribute. We hide objects with this
- attribute set to TRUE when the client has not specified either
- SHOW_DELETED or SHOW_RECYCLED
- */
- if (show_del != NULL || show_rec != NULL) {
- attr_filter = NULL;
- } else {
- attr_filter = "isDeleted";
- }
+ /*
+ * When recycle bin is not enabled, then all we look
+ * at is the isDeleted attribute. We hide objects with this
+ * attribute set to TRUE when the client has not specified either
+ * SHOW_DELETED or SHOW_RECYCLED
+ */
+ if (show_rec == NULL && show_del == NULL) {
+ /* We don't want deleted or recycled objects,
+ * which we get by filtering on isDeleted */
+ exclude_filter = "isDeleted";
} else {
- /* the recycle bin is enabled
- */
- if (show_rec != NULL) {
- attr_filter = NULL;
- } else if (show_del != NULL) {
- /* we want deleted but not recycled objects */
- attr_filter = "isRecycled";
- } else {
- /* we don't want deleted or recycled objects,
- * which we get by filtering on isDeleted */
- attr_filter = "isDeleted";
+ state = talloc_get_type(ldb_module_get_private(module), struct show_deleted_state);
+
+ /* Note that state may be NULL during initialisation */
+ if (state != NULL && state->need_refresh) {
+ /* Do not move this assignment, it can cause recursion loops! */
+ state->need_refresh = false;
+ ret = dsdb_recyclebin_enabled(module, &state->recycle_bin_enabled);
+ if (ret != LDB_SUCCESS) {
+ state->recycle_bin_enabled = false;
+ /*
+ * We can fail to find the feature object
+ * during provision. Ignore any such error and
+ * assume the recycle bin cannot be enabled at
+ * this point in time.
+ */
+ if (ret != LDB_ERR_NO_SUCH_OBJECT) {
+ state->need_refresh = true;
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+ }
}
- }
+ if (state != NULL && state->recycle_bin_enabled) {
+ /*
+ * The recycle bin is enabled, so we want deleted not
+ * recycled.
+ */
+ if (show_rec == NULL) {
+ exclude_filter = "isRecycled";
+ }
+ }
+ }
- if (attr_filter != NULL) {
+ if (exclude_filter != NULL) {
new_tree = talloc(req, struct ldb_parse_tree);
if (!new_tree) {
return ldb_oom(ldb);
@@ -137,7 +142,7 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
return ldb_oom(ldb);
}
new_tree->u.list.elements[0]->u.isnot.child->operation = LDB_OP_EQUALITY;
- new_tree->u.list.elements[0]->u.isnot.child->u.equality.attr = attr_filter;
+ new_tree->u.list.elements[0]->u.isnot.child->u.equality.attr = exclude_filter;
new_tree->u.list.elements[0]->u.isnot.child->u.equality.value = data_blob_string_const("TRUE");
new_tree->u.list.elements[1] = req->op.search.tree;
}
diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c
index 1d3dab0..36d35b7 100644
--- a/source4/dsdb/samdb/ldb_modules/util.c
+++ b/source4/dsdb/samdb/ldb_modules/util.c
@@ -719,7 +719,7 @@ int dsdb_check_optional_feature(struct ldb_module *module, struct GUID op_featur
"Could not find the feature object - dn: %s\n",
ldb_dn_get_linearized(feature_dn));
talloc_free(tmp_ctx);
- return LDB_ERR_OPERATIONS_ERROR;
+ return LDB_ERR_NO_SUCH_OBJECT;
}
if (res->msgs[0]->num_elements > 0) {
const char *attrs2[] = {"msDS-OptionalFeatureGUID", NULL};
@@ -1055,7 +1055,7 @@ int dsdb_recyclebin_enabled(struct ldb_module *module, bool *enabled)
ret = dsdb_check_optional_feature(module, recyclebin_guid, enabled);
if (ret != LDB_SUCCESS) {
ldb_asprintf_errstring(ldb, "Could not verify if Recycle Bin is enabled \n");
- return LDB_ERR_UNWILLING_TO_PERFORM;
+ return ret;
}
return LDB_SUCCESS;
--
Samba Shared Repository
More information about the samba-cvs
mailing list