[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Thu Mar 7 01:31:02 UTC 2019


The branch, master has been updated
       via  ccb64532146 passdb: Increase ABI version to 0.28.0
       via  4d2260d86d4 web_server: Remove the web port smb.conf parameter
       via  72c79e30f07 web_server: Remove the unused Python WSGI web server
      from  d94c8992f9a sam.c: allocate account_sid on tmp_ctx

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit ccb645321460034d4f33674854877620810b83e0
Author: Christof Schmitt <cs at samba.org>
Date:   Wed Mar 6 16:18:51 2019 -0800

    passdb: Increase ABI version to 0.28.0
    
    The change from c906153cc lib: Remove some unused code
    removed functions, but only updated the minor version
    of the ABI. Update the passdb version to 0.28.0
    to reflect this change.
    file.
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Thu Mar  7 01:30:49 UTC 2019 on sn-devel-144

commit 4d2260d86d48f4569b29d3b6e1917ba33c019377
Author: Garming Sam <garming at catalyst.net.nz>
Date:   Wed Mar 6 13:21:55 2019 +1300

    web_server: Remove the web port smb.conf parameter
    
    With the removal of the web server, there are not any users of this
    parameter and so should just be removed.
    
    Signed-off-by: Garming Sam <garming at catalyst.net.nz>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 72c79e30f07bcc98610cca878f5de50e7db239a0
Author: Garming Sam <garming at catalyst.net.nz>
Date:   Wed Mar 6 13:06:50 2019 +1300

    web_server: Remove the unused Python WSGI web server
    
    SWAT was removed in Samba 4.1 and there isn't any reason to keep a web
    server in our codebase. The web server was not turned on by default.
    
    The web server plainly does not hold up to modern web server standards
    and allows for resource exhaustion (and probably generally has bugs).
    Credit goes to Michael Hanselmann for prompting us to remove this
    service entirely.
    
    Signed-off-by: Garming Sam <garming at catalyst.net.nz>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/smbdotconf/protocol/webport.xml           |  11 -
 lib/param/loadparm.c                               |   1 -
 python/samba/web_server/__init__.py                |  81 ---
 source3/param/loadparm.c                           |   2 -
 ...passdb-0.27.2.sigs => samba-passdb-0.28.0.sigs} |   0
 source3/wscript_build                              |   2 +-
 source4/web_server/web_server.c                    | 397 ---------------
 source4/web_server/web_server.h                    |  73 ---
 source4/web_server/wscript_build                   |  21 -
 source4/web_server/wsgi.c                          | 541 ---------------------
 wscript_build                                      |   1 -
 11 files changed, 1 insertion(+), 1129 deletions(-)
 delete mode 100644 docs-xml/smbdotconf/protocol/webport.xml
 delete mode 100644 python/samba/web_server/__init__.py
 copy source3/passdb/ABI/{samba-passdb-0.27.2.sigs => samba-passdb-0.28.0.sigs} (100%)
 delete mode 100644 source4/web_server/web_server.c
 delete mode 100644 source4/web_server/web_server.h
 delete mode 100644 source4/web_server/wscript_build
 delete mode 100644 source4/web_server/wsgi.c


Changeset truncated at 500 lines:

diff --git a/docs-xml/smbdotconf/protocol/webport.xml b/docs-xml/smbdotconf/protocol/webport.xml
deleted file mode 100644
index b9f49ef021a..00000000000
--- a/docs-xml/smbdotconf/protocol/webport.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<samba:parameter name="web port"
-                 context="G"
-                 type="integer"
-                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<description>
-	<para>Specifies which port the Samba web server should listen on.</para>
-</description>
-
-<value type="default">901</value>
-<value type="example">80</value>
-</samba:parameter>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 9c7bf892835..7ef2cc7d3f6 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2777,7 +2777,6 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 	lpcfg_do_global_parameter(lp_ctx, "cldap port", "389");
 	lpcfg_do_global_parameter(lp_ctx, "krb5 port", "88");
 	lpcfg_do_global_parameter(lp_ctx, "kpasswd port", "464");
-	lpcfg_do_global_parameter(lp_ctx, "web port", "901");
 
 	lpcfg_do_global_parameter(lp_ctx, "nt status support", "True");
 
diff --git a/python/samba/web_server/__init__.py b/python/samba/web_server/__init__.py
deleted file mode 100644
index 96214f65d2d..00000000000
--- a/python/samba/web_server/__init__.py
+++ /dev/null
@@ -1,81 +0,0 @@
-# -*- coding: utf-8 -*-
-#
-# Unix SMB/CIFS implementation.
-# Copyright © Jelmer Vernooij <jelmer at samba.org> 2008
-#
-# Implementation of SWAT that uses WSGI
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-
-from __future__ import print_function
-
-def render_placeholder(environ, start_response):
-    """Send the user a simple placeholder about missing SWAT."""
-    status = '200 OK'
-    response_headers = [('Content-type', 'text/html')]
-    start_response(status, response_headers)
-
-    yield b"<!doctype html>\n"
-    yield b"<html>\n"
-    yield b"  <title>The Samba web service</title>\n"
-    yield b"</html>\n"
-
-    yield b"<body>\n"
-    yield b"<p>Welcome to this Samba web server.</p>\n"
-    yield b"<p>This page is a simple placeholder. You probably want to install "
-    yield b"SWAT. More information can be found "
-    yield b"<a href='http://wiki.samba.org/index.php/SWAT2'>on the wiki</a>.</p>"
-    yield b"</p>\n"
-    yield b"</body>\n"
-    yield b"</html>\n"
-
-
-def __call__(environ, start_response):
-    """Handle a HTTP request."""
-    from wsgiref.util import application_uri, shift_path_info
-    from samba.compat import urllib_join
-
-    try:
-        import swat
-    except ImportError as e:
-        print("NO SWAT: %r" % e)
-        have_swat = False
-    else:
-        have_swat = True
-
-    orig_path = environ['PATH_INFO']
-    name = shift_path_info(environ)
-
-    if name == "":
-        if have_swat:
-            start_response('301 Redirect',
-                           [('Location', urllib_join(application_uri(environ), 'swat')), ])
-            return []
-        else:
-            return render_placeholder(environ, start_response)
-    elif have_swat and name == "swat":
-        return swat.__call__(environ, start_response)
-    else:
-        status = '404 Not found'
-        response_headers = [('Content-type', 'text/html')]
-        start_response(status, response_headers)
-        return [("The path %s (%s) was not found" % (orig_path, name)).encode('iso-8859-1')]
-
-
-if __name__ == '__main__':
-    from wsgiref import simple_server
-    httpd = simple_server.make_server('localhost', 8090, __call__)
-    print("Serving HTTP on port 8090...")
-    httpd.serve_forever()
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 29d9d59390b..6aa84018111 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -946,8 +946,6 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 
 	Globals.kpasswd_port = 464;
 
-	Globals.web_port = 901;
-
 	Globals.aio_max_threads = 100;
 
 	lpcfg_string_set(Globals.ctx,
diff --git a/source3/passdb/ABI/samba-passdb-0.27.2.sigs b/source3/passdb/ABI/samba-passdb-0.28.0.sigs
similarity index 100%
copy from source3/passdb/ABI/samba-passdb-0.27.2.sigs
copy to source3/passdb/ABI/samba-passdb-0.28.0.sigs
diff --git a/source3/wscript_build b/source3/wscript_build
index 41f01e392e2..ed4de978fdc 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -149,7 +149,7 @@ bld.SAMBA3_LIBRARY('samba-passdb',
                                   ''',
                    abi_match=private_pdb_match,
                    abi_directory='passdb/ABI',
-                   vnum='0.27.2')
+                   vnum='0.28.0')
 
 bld.SAMBA3_SUBSYSTEM('pdb',
                    source='''
diff --git a/source4/web_server/web_server.c b/source4/web_server/web_server.c
deleted file mode 100644
index a1db34be21a..00000000000
--- a/source4/web_server/web_server.c
+++ /dev/null
@@ -1,397 +0,0 @@
-/* 
-   Unix SMB/CIFS implementation.
-
-   web server startup
-
-   Copyright (C) Andrew Tridgell 2005
-   Copyright (C) Jelmer Vernooij 2008
-   
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-   
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-   
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "web_server/web_server.h"
-#include "../lib/util/dlinklist.h"
-#include "lib/tls/tls.h"
-#include "lib/events/events.h"
-#include "lib/socket/netif.h"
-#include "param/param.h"
-
-NTSTATUS server_service_web_init(TALLOC_CTX *);
-
-/* don't allow connections to hang around forever */
-#define HTTP_TIMEOUT 120
-
-/*
-  destroy a web connection
-*/
-static int websrv_destructor(struct websrv_context *web)
-{
-	return 0;
-}
-
-/*
-  called when a connection times out. This prevents a stuck connection
-  from hanging around forever
-*/
-static void websrv_timeout(struct tevent_context *event_context, 
-			   struct tevent_timer *te, 
-			   struct timeval t, void *private_data)
-{
-	struct websrv_context *web = talloc_get_type_abort(private_data, struct websrv_context);
-	struct stream_connection *conn = web->conn;
-	web->conn = NULL;
-	/* TODO: send a message to any running esp context on this connection
-	   to stop running */
-	stream_terminate_connection(conn, "websrv_timeout: timed out");	
-}
-
-/*
-  setup for a raw http level error
-*/
-void http_error(struct websrv_context *web, const char *status, const char *info)
-{
-	char *s;
-	s = talloc_asprintf(web,"<HTML><HEAD><TITLE>Error %s</TITLE></HEAD><BODY><H1>Error %s</H1><pre>%s</pre><p></BODY></HTML>\r\n\r\n", 
-			    status, status, info);
-	if (s == NULL) {
-		stream_terminate_connection(web->conn, "http_error: out of memory");
-		return;
-	}
-	websrv_output_headers(web, status, NULL);
-	websrv_output(web, s, strlen(s));
-}
-
-void websrv_output_headers(struct websrv_context *web, const char *status, struct http_header *headers)
-{
-	char *s;
-	DATA_BLOB b;
-	struct http_header *hdr;
-
-	s = talloc_asprintf(web, "HTTP/1.0 %s\r\n", status);
-	if (s == NULL) return;
-	for (hdr = headers; hdr; hdr = hdr->next) {
-		s = talloc_asprintf_append_buffer(s, "%s: %s\r\n", hdr->name, hdr->value);
-	}
-
-	s = talloc_asprintf_append_buffer(s, "\r\n");
-
-	b = web->output.content;
-	web->output.content = data_blob_string_const(s);
-	websrv_output(web, b.data, b.length);
-	data_blob_free(&b);
-}
-
-void websrv_output(struct websrv_context *web, const void *data, size_t length)
-{
-	data_blob_append(web, &web->output.content, data, length);
-	TEVENT_FD_NOT_READABLE(web->conn->event.fde);
-	TEVENT_FD_WRITEABLE(web->conn->event.fde);
-	web->output.output_pending = true;
-}
-
-
-/*
-  parse one line of header input
-*/
-NTSTATUS http_parse_header(struct websrv_context *web, const char *line)
-{
-	int error = 0;
-
-	if (line[0] == 0) {
-		web->input.end_of_headers = true;
-	} else if (strncasecmp(line,"GET ", 4)==0) {
-		web->input.url = talloc_strndup(web, &line[4], strcspn(&line[4], " \t"));
-	} else if (strncasecmp(line,"POST ", 5)==0) {
-		web->input.post_request = true;
-		web->input.url = talloc_strndup(web, &line[5], strcspn(&line[5], " \t"));
-	} else if (strchr(line, ':') == NULL) {
-		http_error(web, "400 Bad request", "This server only accepts GET and POST requests");
-		return NT_STATUS_INVALID_PARAMETER;
-	} else if (strncasecmp(line, "Content-Length: ", 16)==0) {
-		web->input.content_length = strtoul_err(&line[16], NULL, 10, &error);
-		if (error != 0) {
-			return NT_STATUS_INVALID_PARAMETER;
-		}
-	} else {
-		struct http_header *hdr = talloc_zero(web, struct http_header);
-		char *colon = strchr(line, ':');
-		if (colon == NULL) {
-			http_error(web, "500 Internal Server Error", "invalidly formatted header");
-			return NT_STATUS_INVALID_PARAMETER;
-		}
-
-		hdr->name = talloc_strndup(hdr, line, colon-line);
-		hdr->value = talloc_strdup(hdr, colon+1);
-		DLIST_ADD(web->input.headers, hdr);
-	}
-
-	/* ignore all other headers for now */
-	return NT_STATUS_OK;
-}
-
-/*
-  called when a web connection becomes readable
-*/
-static void websrv_recv(struct stream_connection *conn, uint16_t flags)
-{
-	struct web_server_data *wdata;
-	struct websrv_context *web = talloc_get_type_abort(conn->private_data,
-							   struct websrv_context);
-	NTSTATUS status;
-	uint8_t buf[1024];
-	size_t nread;
-	uint8_t *p;
-	DATA_BLOB b;
-
-	/* not the most efficient http parser ever, but good enough for us */
-	status = socket_recv(conn->socket, buf, sizeof(buf), &nread);
-	if (NT_STATUS_IS_ERR(status)) goto failed;
-	if (!NT_STATUS_IS_OK(status)) return;
-
-	if (!data_blob_append(web, &web->input.partial, buf, nread))
-		goto failed;
-
-	/* parse any lines that are available */
-	b = web->input.partial;
-	while (!web->input.end_of_headers &&
-	       (p=(uint8_t *)memchr(b.data, '\n', b.length))) {
-		const char *line = (const char *)b.data;
-		*p = 0;
-		if (p != b.data && p[-1] == '\r') {
-			p[-1] = 0;
-		}
-		status = http_parse_header(web, line);
-		if (!NT_STATUS_IS_OK(status)) return;
-		b.length -= (p - b.data) + 1;
-		b.data = p+1;
-	}
-
-	/* keep any remaining bytes in web->input.partial */
-	if (b.length == 0) {
-		b.data = NULL;
-	}
-	b = data_blob_talloc(web, b.data, b.length);
-	data_blob_free(&web->input.partial);
-	web->input.partial = b;
-
-	/* we finish when we have both the full headers (terminated by
-	   a blank line) and any post data, as indicated by the
-	   content_length */
-	if (web->input.end_of_headers &&
-	    web->input.partial.length >= web->input.content_length) {
-		if (web->input.partial.length > web->input.content_length) {
-			web->input.partial.data[web->input.content_length] = 0;
-		}
-		TEVENT_FD_NOT_READABLE(web->conn->event.fde);
-
-		/* the reference/unlink code here is quite subtle. It
-		 is needed because the rendering of the web-pages, and
-		 in particular the esp/ejs backend, is semi-async.  So
-		 we could well end up in the connection timeout code
-		 while inside http_process_input(), but we must not
-		 destroy the stack variables being used by that
-		 rendering process when we handle the timeout. */
-		if (!talloc_reference(web->task, web)) goto failed;
-		wdata = talloc_get_type_abort(web->task->private_data, struct web_server_data);
-		if (wdata == NULL) goto failed;
-		wdata->http_process_input(wdata, web);
-		talloc_unlink(web->task, web);
-	}
-	return;
-
-failed:
-	stream_terminate_connection(conn, "websrv_recv: failed");
-}
-
-
-
-/*
-  called when a web connection becomes writable
-*/
-static void websrv_send(struct stream_connection *conn, uint16_t flags)
-{
-	struct websrv_context *web = talloc_get_type_abort(conn->private_data,
-							   struct websrv_context);
-	NTSTATUS status;
-	size_t nsent;
-	DATA_BLOB b;
-
-	b = web->output.content;
-	b.data += web->output.nsent;
-	b.length -= web->output.nsent;
-
-	status = socket_send(conn->socket, &b, &nsent);
-	if (NT_STATUS_IS_ERR(status)) {
-		stream_terminate_connection(web->conn, "socket_send: failed");
-		return;
-	}
-	if (!NT_STATUS_IS_OK(status)) {
-		return;
-	}
-
-	web->output.nsent += nsent;
-
-	if (web->output.content.length == web->output.nsent) {
-		stream_terminate_connection(web->conn, "websrv_send: finished sending");
-	}
-}
-
-/*
-  establish a new connection to the web server
-*/
-static void websrv_accept(struct stream_connection *conn)
-{
-	struct web_server_data *wdata = talloc_get_type_abort(conn->private_data, struct web_server_data);
-	struct websrv_context *web;
-	struct socket_context *tls_socket;
-
-	web = talloc_zero(conn, struct websrv_context);
-	if (web == NULL) goto failed;
-
-	web->task = wdata->task;
-	web->conn = conn;
-	conn->private_data = web;
-	talloc_set_destructor(web, websrv_destructor);
-
-	tevent_add_timer(conn->event.ctx, web,
-			timeval_current_ofs(HTTP_TIMEOUT, 0),
-			websrv_timeout, web);
-
-	/* Overwrite the socket with a (possibly) TLS socket */
-	tls_socket = tls_init_server(wdata->tls_params, conn->socket, 
-				     conn->event.fde, "GPHO");
-	/* We might not have TLS, or it might not have initilised */
-	if (tls_socket) {
-		talloc_unlink(conn, conn->socket);
-		talloc_steal(conn, tls_socket);
-		conn->socket = tls_socket;
-	} else {
-		DEBUG(3, ("TLS not available for web_server connections\n"));
-	}
-
-	return;
-
-failed:
-	talloc_free(conn);
-}
-
-
-static const struct stream_server_ops web_stream_ops = {
-	.name			= "web",
-	.accept_connection	= websrv_accept,
-	.recv_handler		= websrv_recv,
-	.send_handler		= websrv_send,
-};
-
-/*
-  startup the web server task
-*/
-static NTSTATUS websrv_task_init(struct task_server *task)
-{
-	NTSTATUS status;
-	uint16_t port = lpcfg_web_port(task->lp_ctx);
-	struct web_server_data *wdata;
-
-	task_server_set_title(task, "task[websrv]");
-
-	/* startup the Python processor - unfortunately we can't do this
-	   per connection as that wouldn't allow for session variables */
-	wdata = talloc_zero(task, struct web_server_data);
-	if (wdata == NULL) {
-		status = NT_STATUS_NO_MEMORY;
-		goto failed;
-	}
-
-	wdata->task = task;
-	task->private_data = wdata;
-
-	if (lpcfg_interfaces(task->lp_ctx) && lpcfg_bind_interfaces_only(task->lp_ctx)) {
-		int num_interfaces;
-		int i;
-		struct interface *ifaces;
-
-		load_interface_list(NULL, task->lp_ctx, &ifaces);
-
-		num_interfaces = iface_list_count(ifaces);
-		for(i = 0; i < num_interfaces; i++) {
-			const char *address = iface_list_n_ip(ifaces, i);
-			status = stream_setup_socket(task,
-						     task->event_ctx,
-						     task->lp_ctx,
-						     task->model_ops,
-						     &web_stream_ops,
-						     "ip", address,
-						     &port,
-						     lpcfg_socket_options(task->lp_ctx),
-						     task,
-						     task->process_context);
-			if (!NT_STATUS_IS_OK(status)) goto failed;
-		}
-
-		talloc_free(ifaces);
-	} else {
-		char **wcard;
-		int i;
-		wcard = iface_list_wildcard(task);
-		if (wcard == NULL) {


-- 
Samba Shared Repository



More information about the samba-cvs mailing list