[SCM] Samba Shared Repository - branch v4-12-test updated
Karolin Seeger
kseeger at samba.org
Thu Aug 6 14:57:02 UTC 2020
The branch, v4-12-test has been updated
via 09298e198bd srvsvc: Move brl_get_locks() out of enum_file_fn()
via 492dbc45c2f test: Show that netfileenum is broken
via 92a0c1174bd rpcclient: Make netfileenum cmd print the path names
via b2b72b3e795 rpcclient: Use struct initializers in cmd_srvsvc_net_file_enum()
via 94328842997 srvsvc: Collect file ids in enum_file_fn()
via 961d3e8baa5 srvsvc: Use a struct initializer in net_enum_files()
via 05e0dfbb804 srvsvc: Directly use "ctr3->count" instead of "i"
via 247d43c93cc srvsvc: Use a struct assignment in enum_file_fn()
via f60ada1c9af srvsvc: Introduce ctx3 helper var in enum_file_fn()
via 8c5d057d2d7 dbcheck: Allow a dangling forward link outside our known NCs
via 25afe3463d9 ctdb-tests: Stop cat command failure from causing test failure
via ecaa24765cd ctdb-scripts: Use nfsconf as a last resort get nfsd thread count
via 6dcbb00fdfa ctdb-scripts: Use nfsconf as a last resort to set NFS_HOSTNAME
via 8a3dcc8834a s3:smbd: check for stale pid in delay_for_oplock_fn() when leases_db_get() fails
via 87bec8a4707 s3:leases: log errors with level 0 in leases_db_do_locked_fn()
via 227d4784db2 smbd: check for stale pid in get_lease_type()
via 423f8d7006f smbd: let get_lease_type() take a non-const share_mode_entry
via 52bd010ac2d smbd: inverse if/else logic in get_lease_type()
via b5a613b32be s3/leases: log NDR decoding failure with level 0 in leases_db_get_fn()
via f27bc9aa6dd smbd: increase loglevel when leases_db_del() with anything then NT_STATUS_NOT_FOUND
via 625769555ca docs: Fix documentation for require_membership_of of pam_winbind.conf
via 81c240e8198 docs: Fix documentation for require_membership_of of pam_winbind
from 4f6356a5bf8 kdc:db-glue: ignore KRB5_PROG_ETYPE_NOSUPP also for Primary:Kerberos
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test
- Log -----------------------------------------------------------------
commit 09298e198bd77f474f1845f2a4fdb32885de87af
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 21 14:54:25 2020 +0200
srvsvc: Move brl_get_locks() out of enum_file_fn()
With share_infos.tdb this is a locking order violation:
share_infos.tdb is level 4, brlock.tdb is level 2. Avoid this by first
walking the share_infos.tdb and then fetching all the brlock entries.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu May 14 22:06:32 UTC 2020 on sn-devel-184
(cherry picked from commit 01db877c7766387984ef32914eca0b2e817c4c6a)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-12-test): Thu Aug 6 14:56:35 UTC 2020 on sn-devel-184
commit 492dbc45c2f2a4deb859612ba751dc2585d3687e
Author: Volker Lendecke <vl at samba.org>
Date: Mon May 11 11:08:54 2020 +0200
test: Show that netfileenum is broken
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 8e4583f730abd1a210ec52d5a060dddc4ad850bb)
commit 92a0c1174bddbff188cb1ae5842efd26a92e8238
Author: Volker Lendecke <vl at samba.org>
Date: Mon May 11 11:09:02 2020 +0200
rpcclient: Make netfileenum cmd print the path names
Needed for the next commit testing netfileenum
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 1d40cc01c2d7f14704c1d9b4b7c42c4cf3450da9)
commit b2b72b3e7954e120df35caa4e9866c5e2e520969
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 22 13:21:40 2020 +0200
rpcclient: Use struct initializers in cmd_srvsvc_net_file_enum()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 8c080f28c37a4ada4f3605123a357666881fa3a0)
commit 94328842997e4a7e59cb2b9e85165df58301d7dd
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 21 14:32:16 2020 +0200
srvsvc: Collect file ids in enum_file_fn()
Will be used a few patches down
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 46ab1d478d8c27bb4837bf277f8eae5d59613dd2)
commit 961d3e8baa5e0be86ffa94c4d6e9bb7ef9d88e2f
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 21 14:42:50 2020 +0200
srvsvc: Use a struct initializer in net_enum_files()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit bda0b3875d965c5cccd09dc09f593229e268ee9b)
commit 05e0dfbb8042ffa00cd71a666794c053d976d7b2
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 21 14:24:48 2020 +0200
srvsvc: Directly use "ctr3->count" instead of "i"
To me this was not very transparent, and now that we have "ctr3" a
single indirect looks okay
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 96d68bb9f26a0c99d00e92130a2f2c91c7b985e2)
commit 247d43c93cc2fd769573e92defde2c904a10abea
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 21 14:21:49 2020 +0200
srvsvc: Use a struct assignment in enum_file_fn()
Looks nicer than 5 complex array references...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit ff80f68c3020be0a92eb41115a64518ece097ee7)
commit f60ada1c9afd56ef5fd19108513dfcaad99a6088
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 21 14:16:41 2020 +0200
srvsvc: Introduce ctx3 helper var in enum_file_fn()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a9397f87881b9a67407b557e09478cdd40f75b75)
commit 8c5d057d2d767bc83a78598bc0bf11e478b4423e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Jul 27 11:37:29 2020 +1200
dbcheck: Allow a dangling forward link outside our known NCs
If we do not have the NC of the target object we can not be really sure
that the object is redundent and so we want to keep it for now
and not (as happened until now) break the dbcheck run made during the
replication stage of a "samba-tool domain backup rename".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14450
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 05228c4e07013c0e6f78f1330b3b787271282ca8)
commit 25afe3463d9de4faabe8568918684efccebf9beb
Author: Martin Schwenke <martin at meltin.net>
Date: Mon Jul 6 14:02:49 2020 +1000
ctdb-tests: Stop cat command failure from causing test failure
In certain circumstance, which aren't obvious, cat(1) can fail when
attempting to write a lot of data. This is due to something (probably
write(2)) returning EAGAIN.
Given that the -v option should only really be used for test
debugging, ignore the failure instead of spending time debugging it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14446
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 3ff8765d04c0fb950b7be4f9a049999aeb08223b)
commit ecaa24765cd6fdffc2d3bc46224f5b2a18afb2fc
Author: Martin Schwenke <martin at meltin.net>
Date: Mon Jul 20 12:02:45 2020 +1000
ctdb-scripts: Use nfsconf as a last resort get nfsd thread count
If nfsconf exists then use it as last resort to attempt to extract
[nfsd]:threads from /etc/nfs.conf.
Invocation of nfsconf requires "|| true" because this script uses "set
-e". Add a stub that always fails to at least test this much.
RN: Use nfsconf utility for variable values in CTDB NFS scripts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14444
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Jul 27 07:06:58 UTC 2020 on sn-devel-184
(cherry picked from commit 642dc6ded6426ba2fbf3ac1e5cd71aae11ca245b)
commit 6dcbb00fdfac4850f61169d334e63aebadb8f509
Author: Martin Schwenke <martin at meltin.net>
Date: Mon Jul 13 10:16:33 2020 +1000
ctdb-scripts: Use nfsconf as a last resort to set NFS_HOSTNAME
If nfsconf exists then use it as last resort to attempt to extract
[statd]:name from /etc/nfs.conf.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14444
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 334dd8cedda6a341e3b89c9adc8102ea5480e452)
commit 8a3dcc8834afd009e32c6933dd61a54b9b7cabb4
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jul 6 08:58:22 2020 +0200
s3:smbd: check for stale pid in delay_for_oplock_fn() when leases_db_get() fails
If leases_db_get() failed the leases_db record might have been cleaned up for
stale processes. Check if the share-mode-entry owner is stale in this case and
return ignore the entry. In any other case, log a debug messages and panic.
Commit 05d4466a6d1ad048fa86aea09ec0a56a7b961369
"smbd: check for stale pid in get_lease_type()" fixed only one half of
this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jul 7 02:47:46 UTC 2020 on sn-devel-184
(cherry picked from commit 58adf349edfd3001ad071cc7ed8cfc551f67f8a2)
commit 87bec8a4707df3c10a40e5bf5908f9b00b28d186
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Jul 6 14:03:39 2020 +0200
s3:leases: log errors with level 0 in leases_db_do_locked_fn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 217693682d5bbd0f2d6b5331f47b2a6348840898)
commit 227d4784db23cfea098c6fab2c34805909c4cdd6
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jul 2 14:47:12 2020 +0200
smbd: check for stale pid in get_lease_type()
If leases_db_get() failed the leases_db record might have been cleaned up for
stale processes. Check if the share-mode-entry owner is stale in this case and
return a 0 lease state. In any other case, log a debug messages and panic.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jul 2 16:45:42 UTC 2020 on sn-devel-184
(cherry picked from commit 05d4466a6d1ad048fa86aea09ec0a56a7b961369)
commit 423f8d7006f1ecb7eb5d579810520692c140fa1e
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jul 2 14:45:59 2020 +0200
smbd: let get_lease_type() take a non-const share_mode_entry
We're going to add a call to share_entry_stale_pid(share_mode_entry) which takes
a non-const pointer (in order to eventually set e->state = true).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 3f4a865821da27efbed4f7c38ad3efbcaae77a02)
commit 52bd010ac2ddbbde7b21066623c136c06f3a4894
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jul 2 14:08:44 2020 +0200
smbd: inverse if/else logic in get_lease_type()
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit e4328db1c94837a8ea5652971cea20055d3d24ff)
commit b5a613b32beb546621a754b2c85ea29cc0cd09f4
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jul 2 14:10:05 2020 +0200
s3/leases: log NDR decoding failure with level 0 in leases_db_get_fn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 383a2457bd6cbe0acd571a8d601f8bdc5365f0b4)
commit f27bc9aa6dd5f648f0d26228a45d87804e876cf2
Author: Ralph Boehme <slow at samba.org>
Date: Thu Jul 2 14:09:15 2020 +0200
smbd: increase loglevel when leases_db_del() with anything then NT_STATUS_NOT_FOUND
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit fbb8bbe1243eb2a0351dc2422929278f85a99e26)
commit 625769555cad6360977f26847bd33f9949ff5877
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jul 17 12:14:16 2020 +0200
docs: Fix documentation for require_membership_of of pam_winbind.conf
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
(cherry picked from commit 71b7140fd0a33e7e8c5bf37c2897cea8224b3f01)
commit 81c240e81984fec02e7fbf912b0b9fb2683ce05b
Author: Andreas Schneider <asn at samba.org>
Date: Thu Jul 9 11:48:26 2020 +0200
docs: Fix documentation for require_membership_of of pam_winbind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 4c74db6978c682f8ba4e74a6ee8157cfcbb54971)
-----------------------------------------------------------------------
Summary of changes:
ctdb/config/nfs-linux-kernel-callout | 3 ++
ctdb/config/statd-callout | 21 +++++++--
ctdb/tests/UNIT/eventscripts/stubs/nfsconf | 5 ++
ctdb/tests/scripts/integration.bash | 2 +-
docs-xml/manpages/pam_winbind.8.xml | 8 ++--
docs-xml/manpages/pam_winbind.conf.5.xml | 9 ++--
python/samba/dbchecker.py | 24 +++++++++-
selftest/target/Samba4.pm | 39 ++++++++++++++++
source3/locking/leases_db.c | 12 ++---
source3/locking/locking.c | 9 +++-
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 74 ++++++++++++++++++------------
source3/rpcclient/cmd_srvsvc.c | 29 +++++++-----
source3/script/tests/test_netfileenum.sh | 73 +++++++++++++++++++++++++++++
source3/selftest/tests.py | 9 ++++
source3/smbd/open.c | 37 ++++++++++++++-
source3/smbd/oplock.c | 48 ++++++++++++-------
source3/smbd/proto.h | 2 +-
17 files changed, 326 insertions(+), 78 deletions(-)
create mode 100755 ctdb/tests/UNIT/eventscripts/stubs/nfsconf
create mode 100755 source3/script/tests/test_netfileenum.sh
Changeset truncated at 500 lines:
diff --git a/ctdb/config/nfs-linux-kernel-callout b/ctdb/config/nfs-linux-kernel-callout
index 71d8ecf8074..6a372d4b4fd 100755
--- a/ctdb/config/nfs-linux-kernel-callout
+++ b/ctdb/config/nfs-linux-kernel-callout
@@ -299,6 +299,9 @@ nfs_check_thread_count ()
# assume that those using the default don't care about the number
# of threads and that they have switched on this feature in error.
_configured_threads="${RPCNFSDCOUNT:-${USE_KERNEL_NFSD_NUMBER}}"
+ if [ -z "$_configured_threads" ] && type nfsconf >/dev/null 2>&1 ; then
+ _configured_threads=$(nfsconf --get nfsd threads) || true
+ fi
[ -n "$_configured_threads" ] || return 0
_threads_file="${PROCFS_PATH}/fs/nfsd/threads"
diff --git a/ctdb/config/statd-callout b/ctdb/config/statd-callout
index b75135bbde5..67ed2a5bc62 100755
--- a/ctdb/config/statd-callout
+++ b/ctdb/config/statd-callout
@@ -3,10 +3,18 @@
# This must run as root as CTDB tool commands need to access CTDB socket
[ "$(id -u)" -eq 0 ] || exec sudo "$0" "$@"
-# this script needs to be installed so that statd points to it with the -H
-# command line argument. The easiest way to do that is to put something like this in
-# /etc/sysconfig/nfs:
-# STATD_HOSTNAME="myhostname -H /etc/ctdb/statd-callout"
+# statd must be configured to use this script as its high availability call-out.
+#
+# In most Linux versions this can be done using something like the following...
+#
+# /etc/sysconfig/nfs (Red Hat) or /etc/default/nfs-common (Debian):
+# NFS_HOSTNAME=myhostname
+# STATD_HOSTNAME="${NFS_HOSTNAME} -H /etc/ctdb/statd-callout"
+#
+# Newer Red Hat Linux variants instead use /etc/nfs.conf:
+# [statd]
+# name = myhostname
+# ha-callout = /etc/ctdb/statd-callout
[ -n "$CTDB_BASE" ] || \
CTDB_BASE=$(d=$(dirname "$0") ; cd -P "$d" ; echo "$PWD")
@@ -23,6 +31,11 @@ die ()
# Try different variables to find config file for NFS_HOSTNAME
load_system_config "nfs" "nfs-common"
+# If NFS_HOSTNAME not set then try to pull it out of /etc/nfs.conf
+if [ -z "$NFS_HOSTNAME" ] && type nfsconf >/dev/null 2>&1 ; then
+ NFS_HOSTNAME=$(nfsconf --get statd name)
+fi
+
[ -n "$NFS_HOSTNAME" ] || \
die "NFS_HOSTNAME is not configured. statd-callout failed"
diff --git a/ctdb/tests/UNIT/eventscripts/stubs/nfsconf b/ctdb/tests/UNIT/eventscripts/stubs/nfsconf
new file mode 100755
index 00000000000..84dd9ea5f60
--- /dev/null
+++ b/ctdb/tests/UNIT/eventscripts/stubs/nfsconf
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+# This always fails for now, since there are no tests that expect to
+# use it.
+exit 1
diff --git a/ctdb/tests/scripts/integration.bash b/ctdb/tests/scripts/integration.bash
index 51e9c7cb822..495e271d53b 100644
--- a/ctdb/tests/scripts/integration.bash
+++ b/ctdb/tests/scripts/integration.bash
@@ -157,7 +157,7 @@ try_command_on_node ()
if $verbose ; then
echo "Output of \"$cmd\":"
- cat "$outfile"
+ cat "$outfile" || true
fi
}
diff --git a/docs-xml/manpages/pam_winbind.8.xml b/docs-xml/manpages/pam_winbind.8.xml
index 622e9e188d9..32030ef0ecc 100644
--- a/docs-xml/manpages/pam_winbind.8.xml
+++ b/docs-xml/manpages/pam_winbind.8.xml
@@ -84,9 +84,11 @@
If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID
can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the
SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or
- <parameter>MYDOMAIN\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that
- NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a
- user is a member of with <command>wbinfo --user-sids=SID</command>.
+ <parameter>MYDOMAIN\myuser</parameter> (where '\' character corresponds to the value of
+ <parameter>winbind separator</parameter> parameter). It is also possible to use a UPN in the form
+ <parameter>user at REALM</parameter> or <parameter>group at REALM</parameter>. pam_winbind will, in that case, lookup
+ the SID internally. Note that NAME may not contain any spaces. It is thus recommended to only use SIDs. You can
+ verify the list of SIDs a user is a member of with <command>wbinfo --user-sids=SID</command>.
</para>
<para>
diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml
index c4a7771fb31..0bc288f91a1 100644
--- a/docs-xml/manpages/pam_winbind.conf.5.xml
+++ b/docs-xml/manpages/pam_winbind.conf.5.xml
@@ -69,9 +69,12 @@
If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID
can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the
SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or
- <parameter>MYDOMAIN\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that
- NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a
- user is a member of with <command>wbinfo --user-sids=SID</command>. This setting is empty by default.
+ <parameter>MYDOMAIN\myuser</parameter> (where '\' character corresponds to the value of
+ <parameter>winbind separator</parameter> parameter). It is also possible to use a UPN in the form
+ <parameter>user at REALM</parameter> or <parameter>group at REALM</parameter>. pam_winbind will, in that case, lookup
+ the SID internally. Note that NAME may not contain any spaces. It is thus recommended to only use SIDs. You can
+ verify the list of SIDs a user is a member of with <command>wbinfo --user-sids=SID</command>.
+ This setting is empty by default.
</para>
<para>This option only operates during password authentication, and will not restrict access if a password is not required for any reason (such as SSH key-based login).</para>
</listitem>
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 7496a463930..593aa8cf6d2 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -621,7 +621,29 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
return 0
nc_root = self.samdb.get_nc_root(dn)
- target_nc_root = self.samdb.get_nc_root(dsdb_dn.dn)
+ try:
+ target_nc_root = self.samdb.get_nc_root(dsdb_dn.dn)
+ except ldb.LdbError as e:
+ (enum, estr) = e.args
+ if enum != ldb.ERR_NO_SUCH_OBJECT:
+ raise
+ target_nc_root = None
+
+ if target_nc_root is None:
+ # We don't bump the error count as Samba produces
+ # these in normal operation creating a lab domain (due
+ # to the way the rename is handled, links to
+ # now-expunged objects will never be fixed to stay
+ # inside the NC
+ self.report("WARNING: no target object found for GUID "
+ "component for link "
+ "%s in object to %s outside our NCs"
+ "%s - %s" % (attrname, dsdb_dn.dn, dn, val))
+ self.report("Not removing dangling one-way "
+ "left-over link outside our NCs "
+ "(we might be building a renamed/lab domain)")
+ return 0
+
if nc_root != target_nc_root:
# We don't bump the error count as Samba produces these
# in normal operation
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 3e6692ce529..6cf6901a3e4 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -2696,6 +2696,45 @@ sub setup_backupfromdc
$self->setup_namespaces($env, $upn_array, $spn_array);
+ # Set up a dangling forward link to an expunged object
+ #
+ # We need this to ensure that the "samba-tool domain backup rename"
+ # that is part of the creation of the labdc environment can
+ # cope with this situation on the source DC.
+
+ if (not $self->write_ldb_file("$env->{PRIVATEDIR}/sam.ldb", "
+dn: ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com
+objectclass: organizationalUnit
+-
+
+dn: cn=linkto,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com
+objectclass: msExchConfigurationContainer
+-
+
+dn: cn=linkfrom,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com
+objectclass: msExchConfigurationContainer
+addressBookRoots: cn=linkto,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com
+-
+
+")) {
+ return undef;
+ }
+ my $ldbdel = Samba::bindir_path($self, "ldbdel");
+ my $cmd = "$ldbdel -H $env->{PRIVATEDIR}/sam.ldb cn=linkto,ou=linktest,dc=backupdom,dc=samba,dc=example,dc=com";
+
+ unless(system($cmd) == 0) {
+ warn("Failed to delete link target: \n$cmd");
+ return undef;
+ }
+
+ # Expunge will ensure that linkto is totally wiped from the DB
+ my $samba_tool = Samba::bindir_path($self, "samba-tool");
+ $cmd = "$samba_tool domain tombstones expunge --tombstone-lifetime=0 $env->{CONFIGURATION}";
+
+ unless(system($cmd) == 0) {
+ warn("Failed to expunge link target: \n$cmd");
+ return undef;
+ }
return $env;
}
diff --git a/source3/locking/leases_db.c b/source3/locking/leases_db.c
index a12b421d260..855d6143ad7 100644
--- a/source3/locking/leases_db.c
+++ b/source3/locking/leases_db.c
@@ -121,7 +121,7 @@ static void leases_db_do_locked_fn(
value,
(ndr_pull_flags_fn_t)ndr_pull_leases_db_value);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DBG_DEBUG("ndr_pull_struct_blob_failed: %s\n",
+ DBG_ERR("ndr_pull_struct_blob_failed: %s\n",
ndr_errstr(ndr_err));
state->status = ndr_map_error2ntstatus(ndr_err);
goto done;
@@ -137,7 +137,7 @@ static void leases_db_do_locked_fn(
if (value->num_files == 0) {
state->status = dbwrap_record_delete(rec);
if (!NT_STATUS_IS_OK(state->status)) {
- DBG_DEBUG("dbwrap_record_delete returned %s\n",
+ DBG_ERR("dbwrap_record_delete returned %s\n",
nt_errstr(state->status));
}
goto done;
@@ -149,7 +149,7 @@ static void leases_db_do_locked_fn(
value,
(ndr_push_flags_fn_t)ndr_push_leases_db_value);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DBG_DEBUG("ndr_push_struct_blob_failed: %s\n",
+ DBG_ERR("ndr_push_struct_blob_failed: %s\n",
ndr_errstr(ndr_err));
state->status = ndr_map_error2ntstatus(ndr_err);
goto done;
@@ -164,7 +164,7 @@ static void leases_db_do_locked_fn(
state->status = dbwrap_record_store(rec, db_value, 0);
if (!NT_STATUS_IS_OK(state->status)) {
- DBG_DEBUG("dbwrap_record_store returned %s\n",
+ DBG_ERR("dbwrap_record_store returned %s\n",
nt_errstr(state->status));
}
@@ -549,8 +549,8 @@ static void leases_db_get_fn(TDB_DATA key, TDB_DATA data, void *private_data)
&blob, value, value,
(ndr_pull_flags_fn_t)ndr_pull_leases_db_value);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- DBG_DEBUG("ndr_pull_struct_blob_failed: %s\n",
- ndr_errstr(ndr_err));
+ DBG_ERR("ndr_pull_struct_blob_failed: %s\n",
+ ndr_errstr(ndr_err));
TALLOC_FREE(value);
state->status = ndr_map_error2ntstatus(ndr_err);
return;
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 1220cb3a2be..2d9569809e4 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -728,8 +728,13 @@ NTSTATUS remove_lease_if_stale(struct share_mode_lock *lck,
status = leases_db_del(client_guid, lease_key, &d->id);
if (!NT_STATUS_IS_OK(status)) {
- DBG_DEBUG("leases_db_del failed: %s\n",
- nt_errstr(status));
+ int level = DBGLVL_DEBUG;
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+ level = DBGLVL_ERR;
+ }
+ DBG_PREFIX(level, ("leases_db_del failed: %s\n",
+ nt_errstr(status)));
}
return status;
}
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 79744344537..0b68b60c29e 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -53,6 +53,7 @@ struct file_enum_count {
TALLOC_CTX *ctx;
const char *username;
struct srvsvc_NetFileCtr3 *ctr3;
+ struct file_id *fids;
};
struct sess_file_info {
@@ -87,12 +88,9 @@ static int enum_file_fn(struct file_id id,
{
struct file_enum_count *fenum =
(struct file_enum_count *)private_data;
-
+ struct srvsvc_NetFileCtr3 *ctr3 = fenum->ctr3;
struct srvsvc_NetFileInfo3 *f;
- int i = fenum->ctr3->count;
- files_struct fsp;
- struct byte_range_lock *brl;
- int num_locks = 0;
+ struct file_id *fids = NULL;
char *fullpath = NULL;
uint32_t permissions;
const char *username;
@@ -110,23 +108,25 @@ static int enum_file_fn(struct file_id id,
return 0;
}
- f = talloc_realloc(fenum->ctx, fenum->ctr3->array,
- struct srvsvc_NetFileInfo3, i+1);
+ f = talloc_realloc(
+ fenum->ctx,
+ ctr3->array,
+ struct srvsvc_NetFileInfo3,
+ ctr3->count+1);
if ( !f ) {
- DEBUG(0,("conn_enum_fn: realloc failed for %d items\n", i+1));
+ DBG_ERR("realloc failed for %"PRIu32" items\n", ctr3->count+1);
return 0;
}
- fenum->ctr3->array = f;
-
- /* need to count the number of locks on a file */
+ ctr3->array = f;
- ZERO_STRUCT( fsp );
- fsp.file_id = id;
-
- if ( (brl = brl_get_locks(talloc_tos(), &fsp)) != NULL ) {
- num_locks = brl_num_locks(brl);
- TALLOC_FREE(brl);
+ fids = talloc_realloc(
+ fenum->ctx, fenum->fids, struct file_id, ctr3->count+1);
+ if (fids == NULL) {
+ DBG_ERR("realloc failed for %"PRIu32" items\n", ctr3->count+1);
+ return 0;
}
+ fids[ctr3->count] = id;
+ fenum->fids = fids;
if ( strcmp(d->base_name, "." ) == 0 ) {
fullpath = talloc_asprintf(
@@ -151,14 +151,15 @@ static int enum_file_fn(struct file_id id,
/* now fill in the srvsvc_NetFileInfo3 struct */
- fenum->ctr3->array[i].fid =
- (((uint32_t)(procid_to_pid(&e->pid))<<16) | e->share_file_id);
- fenum->ctr3->array[i].permissions = permissions;
- fenum->ctr3->array[i].num_locks = num_locks;
- fenum->ctr3->array[i].path = fullpath;
- fenum->ctr3->array[i].user = username;
+ ctr3->array[ctr3->count] = (struct srvsvc_NetFileInfo3) {
+ .fid = (((uint32_t)(procid_to_pid(&e->pid))<<16) |
+ e->share_file_id),
+ .permissions = permissions,
+ .path = fullpath,
+ .user = username,
+ };
- fenum->ctr3->count++;
+ ctr3->count++;
return 0;
}
@@ -171,16 +172,31 @@ static WERROR net_enum_files(TALLOC_CTX *ctx,
struct srvsvc_NetFileCtr3 **ctr3,
uint32_t resume)
{
- struct file_enum_count f_enum_cnt;
-
- f_enum_cnt.ctx = ctx;
- f_enum_cnt.username = username;
- f_enum_cnt.ctr3 = *ctr3;
+ struct file_enum_count f_enum_cnt = {
+ .ctx = ctx, .username = username, .ctr3 = *ctr3,
+ };
+ uint32_t i;
share_entry_forall(enum_file_fn, (void *)&f_enum_cnt );
*ctr3 = f_enum_cnt.ctr3;
+ /* need to count the number of locks on a file */
+
+ for (i=0; i<(*ctr3)->count; i++) {
+ struct files_struct fsp = { .file_id = f_enum_cnt.fids[i], };
+ struct byte_range_lock *brl = NULL;
+
+ brl = brl_get_locks(ctx, &fsp);
+ if (brl == NULL) {
+ continue;
+ }
+
+ (*ctr3)->array[i].num_locks = brl_num_locks(brl);
+
+ TALLOC_FREE(brl);
+ }
+
return WERR_OK;
}
diff --git a/source3/rpcclient/cmd_srvsvc.c b/source3/rpcclient/cmd_srvsvc.c
index 9c000608463..478afc68cd1 100644
--- a/source3/rpcclient/cmd_srvsvc.c
+++ b/source3/rpcclient/cmd_srvsvc.c
@@ -643,9 +643,13 @@ static WERROR cmd_srvsvc_net_file_enum(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
int argc, const char **argv)
{
- uint32_t info_level = 3;
- struct srvsvc_NetFileInfoCtr info_ctr;
- struct srvsvc_NetFileCtr3 ctr3;
+ struct srvsvc_NetFileCtr3 ctr3 = { 0 };
+ struct srvsvc_NetFileInfoCtr info_ctr = {
+ .level = 3,
+ .ctr = {
+ .ctr3 = &ctr3,
+ },
+ };
WERROR result;
NTSTATUS status;
uint32_t preferred_len = 0xffff;
@@ -658,14 +662,9 @@ static WERROR cmd_srvsvc_net_file_enum(struct rpc_pipe_client *cli,
return WERR_OK;
}
- if (argc == 2)
- info_level = atoi(argv[1]);
-
- ZERO_STRUCT(info_ctr);
- ZERO_STRUCT(ctr3);
-
- info_ctr.level = info_level;
- info_ctr.ctr.ctr3 = &ctr3;
+ if (argc == 2) {
+ info_ctr.level = atoi(argv[1]);
+ }
status = dcerpc_srvsvc_NetFileEnum(b, mem_ctx,
cli->desthost,
@@ -685,6 +684,14 @@ static WERROR cmd_srvsvc_net_file_enum(struct rpc_pipe_client *cli,
goto done;
}
+ if (info_ctr.level == 3) {
+ struct srvsvc_NetFileCtr3 *ret = info_ctr.ctr.ctr3;
+ uint32_t i;
+
+ for (i=0; i<ret->count; i++) {
+ printf("%s\n", ret->array[i].path);
+ }
+ }
done:
return result;
}
diff --git a/source3/script/tests/test_netfileenum.sh b/source3/script/tests/test_netfileenum.sh
new file mode 100755
index 00000000000..e917ad42862
--- /dev/null
+++ b/source3/script/tests/test_netfileenum.sh
@@ -0,0 +1,73 @@
+#!/bin/bash
+#
+# Test rpcclient netfileenum
+#
+# Copyright (C) 2020 Volker Lendecke
+
+if [ $# -lt 5 ]; then
+ echo Usage: $0 \
+ SMBCLIENT RPCCLIENT NET SERVER SHARE
+exit 1
+fi
+
+SMBCLIENT="$1"; shift 1
+RPCCLIENT="$1"; shift 1
+NET="$1"; shift 1
+SERVER="$1"; shift 1
+SHARE="$1"; shift 1
+
+incdir=$(dirname $0)/../../../testprogs/blackbox
+. $incdir/subunit.sh
+
+failed=0
+
+rm -f smbclient-stdin smbclient-stdout smbclient-stderr
+mkfifo smbclient-stdin smbclient-stdout smbclient-stderr
+
+CLI_FORCE_INTERACTIVE=1; export CLI_FORCE_INTERACTIVE
+
+${SMBCLIENT} //${SERVER}/${SHARE} ${CONF} -U${USER}%${PASSWORD} \
+ < smbclient-stdin > smbclient-stdout 2>smbclient-stderr &
+CLIENT_PID=$!
+
+sleep 1
+
+exec 100>smbclient-stdin 101<smbclient-stdout 102<smbclient-stderr
+
+# consume the smbclient startup messages
+head -n 1 <&101
+head -n 1 <&102
+
+FILE=x64
+
+printf "open %s\\n" "$FILE" >&100
--
Samba Shared Repository
More information about the samba-cvs
mailing list