The branch, v4-4-test has been updated via 87a42e6 ctdb-daemon: Don't steal control structure before synchronous reply via f91cc13 ctdb-daemon: Handle failure immediately, do housekeeping later via ed7a8f4 ctdb-daemon: Schedule running of callback if there are no event scripts via 438a79e s3-util: Fix asking for username and password in smbget. via 88c1b5c ctdb-daemon: When releasing an IP, update PNN in callback via d17bc0c ctdb-daemon: Rename takeover_callback_state -> release_ip_callback_state via 80fce45 ctdb-daemon: Use release_ip_post() when releasing all IP addresses via f981ea8 ctdb-daemon: Factor out new function release_ip_post() via 471eeec ctdb-daemon: Do not copy address for RELEASE_IP message via c215783 ctdb-daemon: Do not update the VNN state on RELEASE_IP failure via 6d24dd8 ctdb-daemon: Try to release IP address even if interface is unknown via 5bbb0c6 ctdb-takeover: Inform clients when dropping all IP addresses via 11055aa ctdb-takeover: Do not kill smbd processes on releasing IP via e0deedd idmap: centrally check that unix IDs returned by the idmap backends are in range via 9a320f6 idmap: don't generally forbid id==0 from idmap_unix_id_is_in_range() via c6ac876 smbd: allow reading files based on FILE_EXECUTE access right via 59eb36d smbd: look only at handle readability for COPYCHUNK dest via fda7740 s4-smbtorture: pin copychunk exec right behavior via 5ba3f0c seltest: allow opening files with arbitrary rights in smb2.ioctl tests via 577b459 seltest: implicit FILE_READ_DATA non-reporting via 5580e5f s4-selftest: add test for read access check via f2f8df9 s4-selftest: add functions which create with desired access via c0154e8 s4-smbtorture: use standard macros in smb2.read test via c3169bc selftest: add tests for dfree with inherit owner enabled via 3d0a4f3 selftest: add definition of smbcacls to selftesthelpers.py via adb3987 selftest: refactor test_dfree_quota.sh - add share parameter via 475131c smbd: use owner uid for free disk calculation if owner is inherited via f776b51 smbd: get a valid file stat to disk_quotas via 1a07eec quotas: small cleanup via a8accc7 s3: oplock: Fix race condition when closing an oplocked file. via fc5f102 smbd: oplock: Factor out internals of remove_oplock() into new remove_oplock_under_lock(). via 13c24a8 smbd: oplock: Fixup debug messages inside remove_oplock(). via 52efd0c gensec/spnego: work around missing server mechListMIC in SMB servers via 7aaf3f58 dbcheck: Abandon dbcheck if we get an error during a transaction via 3f19982 dsdb: Allow missing a mandatory attribute from a dbcheck fix from 28d8230 script/release.sh: use 8 byte gpg key ids
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-4-test - Log ----------------------------------------------------------------- commit 87a42e6c10ab4e31ecbf16d16cadd32e252f305c Author: Martin Schwenke <mar...@meltin.net> Date: Wed Aug 31 08:29:13 2016 +1000 ctdb-daemon: Don't steal control structure before synchronous reply If *async_reply isn't set then the calling code will reply to the control and free the control structure. In some places the control structure pointer is stolen onto state before a synchronous exit due to an error condition. The error handling then frees state and returns an error. The calling code will access-after-free when trying to reply to the control. To make this easier to understand, the convention is that any (immediate) error results in a synchronous reply to the control via an error return code AND *async_reply not being set. In this case the control structure pointer should never be stolen onto state. State is never used for a synchronous reply, it is only ever used by a callback. Also initialise state->c to NULL so that any premature call to a callback (e.g. in an immediate error path) is more obvious. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12180 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> (cherry picked from commit 9d975b860d52030a702723c70791c6a2829107c0) Autobuild-User(v4-4-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-4-test): Tue Sep 13 16:04:10 CEST 2016 on sn-devel-144 commit f91cc13ab7a9a4115604260167c404ea262f685f Author: Martin Schwenke <mar...@meltin.net> Date: Fri Aug 26 16:38:56 2016 +1000 ctdb-daemon: Handle failure immediately, do housekeeping later The callback should never be called before an immediate return. The callback might reply to a control and the caller of ctdb_event_script_callback_v() may not have assigned/stolen the pointer to control structure into the private data. Therefore, calling the callback can dereference an uninitialised pointer to the control structure when attempting to reply. An event script isn't being run until the child has been forked. So update relevant state and set the destructor after this. If the child can't be forked then free the state and return with an error. The callback will not be called and the caller will process the error correctly. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12180 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> (cherry picked from commit 582518c7e89b279e34147bdb0b04b73056fac048) commit ed7a8f45039d2998b0e18522f3ec34e160c2a65b Author: Martin Schwenke <mar...@meltin.net> Date: Fri Aug 26 16:29:47 2016 +1000 ctdb-daemon: Schedule running of callback if there are no event scripts The callback should never be called before an immediate return. The callback might reply to a control and the caller of ctdb_event_script_callback_v() may not have assigned/stolen the pointer to control structure into the private data. Therefore, calling the callback can dereference an uninitialised pointer to the control structure when attempting to reply. ctdb_event_script_callback_v() must succeed when there are no event scripts. On success the caller will mark the call as asynchronous and expect the callback to be called. Given that it can't be called before return then it needs to be scheduled. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12180 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> (cherry picked from commit 9076c44f35bf309b9e183bae98829f7154b93f33) commit 438a79ede0f658313a51bee5df507d996c079636 Author: Andreas Schneider <a...@samba.org> Date: Thu Aug 25 14:24:08 2016 +0200 s3-util: Fix asking for username and password in smbget. If the user specified the username in the URI with with: smb://DOMAIN;user:secret@server/share the tool should not prompt for the username nor the password. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12175 Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit f5401ff3146aabc5fb2dac25e4856c6c3756c8f7) commit 88c1b5caeb547a1a3ebe94614fa827dc473cb64c Author: Martin Schwenke <mar...@meltin.net> Date: Fri Aug 19 16:38:50 2016 +1000 ctdb-daemon: When releasing an IP, update PNN in callback When an error occurs so an IP address is not released then the PNN in the VNN is currently incorrectly updated. Instead, update the PNN in the callback when the release is successful. Also, explicitly update the PNN on redundant releases. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> Autobuild-User(master): Amitay Isaacs <ami...@samba.org> Autobuild-Date(master): Sun Aug 21 22:45:33 CEST 2016 on sn-devel-144 (cherry picked from commit 6dc75c7d24325d2070eb7feab5399dbfda50da96) commit d17bc0c596c2ef772f9eefbfc181556aa4e0c542 Author: Martin Schwenke <mar...@meltin.net> Date: Fri Aug 19 16:30:46 2016 +1000 ctdb-daemon: Rename takeover_callback_state -> release_ip_callback_state Many years ago takeover_callback_state was used for both IP takeover and release. Now it is only used when releasing an IP so rename it to improve clarity. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> (cherry picked from commit 976a50af6f045765c7bf1961e26efc3cba17f3ba) commit 80fce45f3f95f7648dadf5f7954a387ae5c79a94 Author: Martin Schwenke <mar...@meltin.net> Date: Thu Aug 11 14:07:44 2016 +1000 ctdb-daemon: Use release_ip_post() when releasing all IP addresses This has the advantage of using common code. Also, if there was previously a failed attempt to release the IP address as part of a delete, then this will finish processing the delete. Extra care needs to be taken when a VNN is actually deleted. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> (cherry picked from commit d2a91394f55a2e0152bf470dac2608618db13b1f) commit f981ea8f677d0f48402c9af2014f833876196081 Author: Martin Schwenke <mar...@meltin.net> Date: Thu Aug 11 13:57:43 2016 +1000 ctdb-daemon: Factor out new function release_ip_post() This contains the cleanup that needs to be done after an IP address is released from an interface. state->vnn is set to the return value from release_ip_post(), which is either the original VNN, or NULL if it was deleted. This allows correct handling of the in-flight flag in the destructor for state. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> (cherry picked from commit 46c5136e4e4bd291cbb96395374c9b133f5d8ad8) commit 471eeecd5afc6b3d0b8ae75c25b16e127478bb0c Author: Martin Schwenke <mar...@meltin.net> Date: Thu Aug 11 13:41:12 2016 +1000 ctdb-daemon: Do not copy address for RELEASE_IP message If there's an allocation failure then the implicit early return in CTDB_NO_MEMORY_VOID() means that no reply is sent to the control. ctdb_daemon_send_message() makes a copy of the data, so don't copy it here and remove an unnecessary chance of failure. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> (cherry picked from commit e653c8bb4a7bd712351a4ead3997c61b22c46f8d) commit c21578317eaa8e64c0ce2303bcca9e7516608c80 Author: Martin Schwenke <mar...@meltin.net> Date: Sat Jul 30 11:12:19 2016 +1000 ctdb-daemon: Do not update the VNN state on RELEASE_IP failure If RELEASE_IP fails then updating the VNN makes it inconsistent with reality. Instead, log the failure and move on to the next IP address. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> (cherry picked from commit ca22373231918dab4e94cf1bab03253aadd61993) commit 6d24dd8f23f75ef46167a49250bcc06b62741b9a Author: Martin Schwenke <mar...@meltin.net> Date: Mon Aug 8 07:09:38 2016 +1000 ctdb-daemon: Try to release IP address even if interface is unknown The "releaseip" event in 10.interface will determine the interface and do the right thing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> (cherry picked from commit 509491a868ed01bfc5a970bd36eea4b01130853a) commit 5bbb0c64cd786d0ebebef7e6c0ca153cdc34f46e Author: Amitay Isaacs <ami...@gmail.com> Date: Sat Mar 5 14:05:21 2016 +1100 ctdb-takeover: Inform clients when dropping all IP addresses CTDB releases all IPs in following cases: starting up, shutting down, node gets banned, node does not come out of recovery for a long time. Always inform samba when CTDB releases IP addresses. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158 Signed-off-by: Amitay Isaacs <ami...@gmail.com> Reviewed-by: Martin Schwenke <mar...@meltin.net> (cherry picked from commit 00b9e76904bb1108e0f06d0dba4df89394d58252) commit 11055aacc820640f80ec876d32da3c7d0f0440ae Author: Amitay Isaacs <ami...@gmail.com> Date: Fri Mar 4 15:04:13 2016 +1100 ctdb-takeover: Do not kill smbd processes on releasing IP CTDB already notifies Samba with RELEASE_IP message. Samba can take appropriate action based on that. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158 Signed-off-by: Amitay Isaacs <ami...@gmail.com> Reviewed-by: Martin Schwenke <mar...@meltin.net> (cherry picked from commit b8272d835d6e5186568237cd8b7a2105884c0515) commit e0deeddc948cbf2a32ac5ca99962827001102025 Author: Michael Adam <ob...@samba.org> Date: Tue Aug 9 18:25:12 2016 +0200 idmap: centrally check that unix IDs returned by the idmap backends are in range Note: in the long run, it might be good to move this kind of exit check (before handing the result back to the client) to the parent winbindd code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12155 Signed-off-by: Michael Adam <ob...@samba.org> (Backported from master commit b2bf61307cffd8ff7b6fb9852c107ab763653119.) commit 9a320f60cf52bc5266b221874a805ed3dfdd6c62 Author: Michael Adam <ob...@samba.org> Date: Mon Aug 15 23:07:33 2016 +0200 idmap: don't generally forbid id==0 from idmap_unix_id_is_in_range() If the range allows it, then id==0 should not be forbidden. This seems to have been taken in from idmap_ldap when the function was originally created. See 634cd2e0451d4388c3e3f78239495cf595368b15 . The other backends don't seem to have had that extra check for id == 0. The reasoning for this change is that the range check should apply to all cases. If the range includes the 0, then it should be possible to get it as result. In particular, this way, the function becomes applicable also to the passdb backend case, e.g. in a samba4-ad-dc setup where the Admin gets uid == 0. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12155 Signed-off-by: Michael Adam <ob...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> (cherry picked from commit c21976d4b1c604699299f2c0f768c1add93b349d) commit c6ac8764649fe47226f115d1ae18a0220400e932 Author: Uri Simchoni <u...@samba.org> Date: Thu Aug 4 14:59:23 2016 +0300 smbd: allow reading files based on FILE_EXECUTE access right BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: David Disseldorp <dd...@samba.org> Autobuild-User(master): David Disseldorp <dd...@samba.org> Autobuild-Date(master): Thu Aug 18 18:58:22 CEST 2016 on sn-devel-144 (backported from commit a6073e6130d39dac58f1e6ea9f41ec4ab34c3e29) commit 59eb36dedc8fe4e7069e13a2f3a1f57c64774da9 Author: Uri Simchoni <u...@samba.org> Date: Sat Aug 13 00:19:33 2016 +0300 smbd: look only at handle readability for COPYCHUNK dest This commits sets the stage for a change of behavior in a later commit. When checking FILE_READ_DATA on the COPYCHUNK dest handle, only check the handle readability and not the extra right that may have been added due to the FILE_EXECUTE right. The check for FILE_READ_DATA always seemed strange for the dest handle, which is not read. It turns out that in Windows, this check is not done at the SMB layer, but at a lower layer that processes the IOCTL request - the IOCTL code has bits that specify what type of access check needs to be done. Therefore, this lower layer is unaware of the SMB layer's practice of granting READ access based on the FILE_EXECUTE right, and it only checks the handle's readability. This subtle difference has observable behavior - the COPYCHUNK source handle can have FILE_EXECUTE right instead of FILE_READ_DATA, but the dest handle cannot. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: David Disseldorp <dd...@samba.org> Autobuild-User(master): David Disseldorp <dd...@samba.org> Autobuild-Date(master): Tue Aug 16 15:21:03 CEST 2016 on sn-devel-144 (cherry picked from commit 3e42b69d5e1216b6af570a09d58040d281bbbf17) commit fda774086caddb245b4abf0b082570dd0fa2a823 Author: Uri Simchoni <u...@samba.org> Date: Thu Aug 4 13:12:58 2016 +0300 s4-smbtorture: pin copychunk exec right behavior Add tests that show copychunk behavior when the source and dest handles have execute right instead of read-data right. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: David Disseldorp <dd...@samba.org> (cherry picked from commit 5bf11f6f5b4dab4cba4b00674bcb76138fb55974) commit 5ba3f0c48f98008406a996950c7cd4821faca33f Author: Uri Simchoni <u...@samba.org> Date: Mon Aug 15 23:39:50 2016 +0300 seltest: allow opening files with arbitrary rights in smb2.ioctl tests Separate file creation (which requires write access) from the opening of the file for the test (which might be without write access). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: David Disseldorp <dd...@samba.org> (cherry picked from commit 6ce0304eda4b464972defcecd591fab03428bd03) commit 577b459d29323b6fb2d005aab1ce125ac7dc1131 Author: Uri Simchoni <u...@samba.org> Date: Sat Aug 13 21:23:34 2016 +0300 seltest: implicit FILE_READ_DATA non-reporting This test (passes against Windows Server 2012R2) shows that the implicit FILE_READ_DATA that is added whenever FILE_EXECUTE is granted, is not reported back when querying the handle. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: David Disseldorp <dd...@samba.org> (cherry picked from commit 7dc9f582066d500bf57000891560610e8d2e208c) commit 5580e5f2e8ed6b024208173fda0ce927eb995144 Author: Uri Simchoni <u...@samba.org> Date: Sun Jul 31 14:29:37 2016 +0300 s4-selftest: add test for read access check BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: David Disseldorp <dd...@samba.org> (backported from commit 55a9d35cabaea6e98211fc058b788cedf9b7b22a) commit f2f8df9cc08e03c00457af4f73d082e6620891a9 Author: Uri Simchoni <u...@samba.org> Date: Sun Jul 31 14:26:24 2016 +0300 s4-selftest: add functions which create with desired access Add functions which create a file or a directory with specific desired access. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: David Disseldorp <dd...@samba.org> (cherry picked from commit 1b06acafa4e9ea91a50e5ed85da881187057da6e) commit c0154e8ebf3a569154439e11c33841d03c71484f Author: Uri Simchoni <u...@samba.org> Date: Thu Aug 4 12:59:38 2016 +0300 s4-smbtorture: use standard macros in smb2.read test BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: David Disseldorp <dd...@samba.org> (cherry picked from commit 20b9a5bd74fafbca4b7cc7952c27033edcf0eeb8) commit c3169bc37cb64f0d823dc69fd40c707690b80228 Author: Uri Simchoni <u...@samba.org> Date: Thu Aug 11 23:54:22 2016 +0300 selftest: add tests for dfree with inherit owner enabled BUG: https://bugzilla.samba.org/show_bug.cgi?id=12145 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit b6931d5edc381d64ba0fbcd85538cd65e90a2560) commit 3d0a4f34bd739a595ffef24033242ef4ff644dc5 Author: Uri Simchoni <u...@samba.org> Date: Sun Aug 14 14:54:11 2016 +0300 selftest: add definition of smbcacls to selftesthelpers.py This facilitates cherry-picking of the next patch. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12145 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> commit adb3987bd36fba61aaa8433ff97dadf353e8f683 Author: Uri Simchoni <u...@samba.org> Date: Wed Jan 20 21:54:24 2016 +0200 selftest: refactor test_dfree_quota.sh - add share parameter Add a share parameter to individual disk-free tests. This will allow running tests on shares other than dfq share. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12145 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (backported from commit f20d57eceacccb365892dec816cbe57e2ddda8b9) commit 475131c89819a2ad77c2e9c7896ea8dbd0f5fc70 Author: Uri Simchoni <u...@samba.org> Date: Thu Aug 11 23:37:42 2016 +0300 smbd: use owner uid for free disk calculation if owner is inherited If "inherit owner" is enabled, then new files created under a directory shall consume the quota of the directory's owner, so the free disk calculation should take that quota into account, not the quota of the user creating the file. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12145 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (backported from commit ea73bcd87b6113f77ccda683d15b5a39003b8eaa) commit f776b51dde0f4ab6ae7b7865fd1146aabfa17b95 Author: Uri Simchoni <u...@samba.org> Date: Thu Jan 14 00:09:36 2016 +0200 smbd: get a valid file stat to disk_quotas Most calls to disk_quotas originate at a state with an open file descriptor. Pass the file's stat info down to disk_quota, so that we can avoid extra stat's and the related error handling. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12145 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit bd2ec88dca692c239397891bd35c9fa6b8e7b51a) commit 1a07eec97bd546310773a0d32e7125aa9aa45626 Author: Uri Simchoni <u...@samba.org> Date: Wed Jan 27 08:12:20 2016 +0200 quotas: small cleanup Remove an internal function from proto.h BUG: https://bugzilla.samba.org/show_bug.cgi?id=12145 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: Jeremy Allison <j...@samba.org> (cherry picked from commit 3e6ea02d4258a782482eee9f9124c6a39b74a965) commit a8accc77ede273f3e9427612c18450d3c1f33666 Author: Jeremy Allison <j...@samba.org> Date: Wed Aug 10 14:42:07 2016 -0700 s3: oplock: Fix race condition when closing an oplocked file. We must send the 'oplock released' message whilst the lock is held in the close path. Otherwise the messaged smbd can race with the share mode delete. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12139 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit df83b17c60a08a27a7ddd1d88dc125e15b3ee06d) commit fc5f1029ac2f6dc1060d8bd6fab4bb160df7898d Author: Jeremy Allison <j...@samba.org> Date: Wed Aug 10 14:39:52 2016 -0700 smbd: oplock: Factor out internals of remove_oplock() into new remove_oplock_under_lock(). Allows this to be called elsewhere. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12139 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit cb394abe5206dd8ad8a68f157427991b259129a7) commit 13c24a8d13efab4cab2bdce10897c2bc4eb6cef1 Author: Jeremy Allison <j...@samba.org> Date: Wed Aug 10 14:35:42 2016 -0700 smbd: oplock: Fixup debug messages inside remove_oplock(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12139 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit de7180151fc99893c4763882fecd9d2a623cd061) commit 52efd0c4aa30fbd9f480ded6fda33a90ae7073fb Author: Stefan Metzmacher <me...@samba.org> Date: Thu Sep 1 08:08:23 2016 +0200 gensec/spnego: work around missing server mechListMIC in SMB servers BUG: https://bugzilla.samba.org/show_bug.cgi?id=11994 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Christian Ambach <a...@samba.org> Autobuild-User(master): Christian Ambach <a...@samba.org> Autobuild-Date(master): Fri Sep 2 18:10:44 CEST 2016 on sn-devel-144 (cherry picked from commit 9b45ba5cd53bd513eb777590815a0b8408af64e2) commit 7aaf3f5868e859e2a42222b29a06ab1deae52b70 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Aug 26 15:53:19 2016 +1200 dbcheck: Abandon dbcheck if we get an error during a transaction Otherwise, anything that the transaction has already done to the DB will be left in the DB even despite the failure. For example, if a fix wrote to the DB, but then failed a post-write check, then the fix will not be unrolled. This is because we do not have nested transactions in TDB. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12178 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Mon Aug 29 12:46:21 CEST 2016 on sn-devel-144 (cherry picked from commit db32a0e5ea8f652857e45480cc31ecb1ef884c1a) commit 3f199828e132a852f27a90a4bbcb50a4d6f61d9f Author: Andrew Bartlett <abart...@samba.org> Date: Fri Aug 26 15:54:35 2016 +1200 dsdb: Allow missing a mandatory attribute from a dbcheck fix dbcheck of the rid pool (CN=RID Set) for another server will otherwise fail because rIDNextRid is not replicated, and so it not present BUG: https://bugzilla.samba.org/show_bug.cgi?id=12178 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 9d0c869e36ba2f43fd2ed4cd090b48102d499bc8) ----------------------------------------------------------------------- Summary of changes: auth/gensec/spnego.c | 69 +++++++- ctdb/server/ctdb_takeover.c | 177 ++++++++++----------- ctdb/server/eventscript.c | 87 ++++++++-- python/samba/dbchecker.py | 7 + selftest/knownfail | 4 + selftest/selftesthelpers.py | 1 + selftest/target/Samba3.pm | 21 ++- source3/include/smb_macros.h | 8 + source3/modules/vfs_ceph.c | 5 +- source3/modules/vfs_default.c | 5 +- source3/script/tests/test_dfree_quota.sh | 84 +++++++--- source3/selftest/tests.py | 2 +- source3/smbd/close.c | 10 +- source3/smbd/dfree.c | 16 +- source3/smbd/oplock.c | 54 ++++--- source3/smbd/proto.h | 17 +- source3/smbd/quotas.c | 55 ++++--- source3/smbd/reply.c | 13 +- source3/smbd/smb2_glue.c | 16 ++ source3/smbd/smb2_ioctl_network_fs.c | 4 +- source3/smbd/trans2.c | 12 +- source3/smbd/vfs.c | 4 +- source3/utils/smbget.c | 26 ++- source3/winbindd/idmap_util.c | 5 - source3/winbindd/winbindd_dual_srv.c | 4 + source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 9 +- source4/torture/smb2/getinfo.c | 45 ++++++ source4/torture/smb2/ioctl.c | 116 ++++++++++---- source4/torture/smb2/read.c | 96 +++++++++-- source4/torture/smb2/util.c | 63 +++++++- testprogs/blackbox/dbcheck-oldrelease.sh | 10 ++ 31 files changed, 761 insertions(+), 284 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c index 3962d72..9e5e758 100644 --- a/auth/gensec/spnego.c +++ b/auth/gensec/spnego.c @@ -54,9 +54,11 @@ struct spnego_state { DATA_BLOB mech_types; size_t num_targs; + bool downgraded; bool mic_requested; bool needs_mic_sign; bool needs_mic_check; + bool may_skip_mic_check; bool done_mic_check; bool simulate_w2k; @@ -433,6 +435,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_ * Indicate the downgrade and request a * mic. */ + spnego_state->downgraded = true; spnego_state->mic_requested = true; break; } @@ -1077,7 +1080,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA DEBUG(3,("GENSEC SPNEGO: client preferred mech (%s) not accepted, server wants: %s\n", gensec_get_name_by_oid(gensec_security, spnego_state->neg_oid), gensec_get_name_by_oid(gensec_security, spnego.negTokenTarg.supportedMech))); - + spnego_state->downgraded = true; spnego_state->no_response_expected = false; talloc_free(spnego_state->sub_sec_security); nt_status = gensec_subcontext_start(spnego_state, @@ -1134,6 +1137,23 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA return NT_STATUS_INVALID_PARAMETER; } + if (spnego.negTokenTarg.mechListMIC.length == 0 + && spnego_state->may_skip_mic_check) { + /* + * In this case we don't require + * a mechListMIC from the server. + * + * This works around bugs in the Azure + * and Apple spnego implementations. + * + * See + * https://bugzilla.samba.org/show_bug.cgi?id=11994 + */ + spnego_state->needs_mic_check = false; + nt_status = NT_STATUS_OK; + goto client_response; + } + nt_status = gensec_check_packet(spnego_state->sub_sec_security, spnego_state->mech_types.data, spnego_state->mech_types.length, @@ -1189,9 +1209,56 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA */ new_spnego = false; } + break; case SPNEGO_ACCEPT_INCOMPLETE: + if (spnego.negTokenTarg.mechListMIC.length > 0) { + new_spnego = true; + break; + } + + if (spnego_state->downgraded) { + /* + * A downgrade should be protected if + * supported + */ + break; + } + + /* + * The caller may just asked for + * GENSEC_FEATURE_SESSION_KEY, this + * is only reflected in the want_features. + * + * As it will imply + * gensec_have_features(GENSEC_FEATURE_SIGN) + * to return true. + */ + if (gensec_security->want_features & GENSEC_FEATURE_SIGN) { + break; + } + if (gensec_security->want_features & GENSEC_FEATURE_SEAL) { + break; + } + /* + * Here we're sure our preferred mech was + * selected by the server and our caller doesn't + * need GENSEC_FEATURE_SIGN nor + * GENSEC_FEATURE_SEAL support. + * + * In this case we don't require + * a mechListMIC from the server. + * + * This works around bugs in the Azure + * and Apple spnego implementations. + * + * See + * https://bugzilla.samba.org/show_bug.cgi?id=11994 + */ + spnego_state->may_skip_mic_check = true; + break; + case SPNEGO_REQUEST_MIC: if (spnego.negTokenTarg.mechListMIC.length > 0) { new_spnego = true; diff --git a/ctdb/server/ctdb_takeover.c b/ctdb/server/ctdb_takeover.c index a613aa0..6fadbfb 100644 --- a/ctdb/server/ctdb_takeover.c +++ b/ctdb/server/ctdb_takeover.c @@ -403,12 +403,6 @@ static int32_t ctdb_announce_vnn_iface(struct ctdb_context *ctdb, return 0; } -struct takeover_callback_state { - struct ctdb_req_control_old *c; - ctdb_sock_addr *addr; - struct ctdb_vnn *vnn; -}; - struct ctdb_do_takeip_state { struct ctdb_req_control_old *c; struct ctdb_vnn *vnn; @@ -501,7 +495,7 @@ static int32_t ctdb_do_takeip(struct ctdb_context *ctdb, state = talloc(vnn, struct ctdb_do_takeip_state); CTDB_NO_MEMORY(ctdb, state); - state->c = talloc_steal(ctdb, c); + state->c = NULL; state->vnn = vnn; vnn->update_in_flight = true; @@ -530,6 +524,7 @@ static int32_t ctdb_do_takeip(struct ctdb_context *ctdb, return -1; } + state->c = talloc_steal(ctdb, c); return 0; } @@ -638,7 +633,7 @@ static int32_t ctdb_do_updateip(struct ctdb_context *ctdb, state = talloc(vnn, struct ctdb_do_updateip_state); CTDB_NO_MEMORY(ctdb, state); - state->c = talloc_steal(ctdb, c); + state->c = NULL; state->old = old; state->vnn = vnn; @@ -670,6 +665,7 @@ static int32_t ctdb_do_updateip(struct ctdb_context *ctdb, return -1; } + state->c = talloc_steal(ctdb, c); return 0; } @@ -815,44 +811,6 @@ int32_t ctdb_control_takeover_ip(struct ctdb_context *ctdb, return 0; } -/* - kill any clients that are registered with a IP that is being released - */ -static void release_kill_clients(struct ctdb_context *ctdb, ctdb_sock_addr *addr) -{ - struct ctdb_client_ip *ip; - - DEBUG(DEBUG_INFO,("release_kill_clients for ip %s\n", - ctdb_addr_to_str(addr))); - - for (ip=ctdb->client_ip_list; ip; ip=ip->next) { - ctdb_sock_addr tmp_addr; - - tmp_addr = ip->addr; - DEBUG(DEBUG_INFO,("checking for client %u with IP %s\n", - ip->client_id, - ctdb_addr_to_str(&ip->addr))); - - if (ctdb_same_ip(&tmp_addr, addr)) { - struct ctdb_client *client = reqid_find(ctdb->idr, - ip->client_id, - struct ctdb_client); - DEBUG(DEBUG_INFO,("matched client %u with IP %s and pid %u\n", - ip->client_id, - ctdb_addr_to_str(&ip->addr), - client->pid)); - - if (client->pid != 0) { - DEBUG(DEBUG_INFO,(__location__ " Killing client pid %u for IP %s on client_id %u\n", - (unsigned)client->pid, - ctdb_addr_to_str(addr), - ip->client_id)); - kill(client->pid, SIGKILL); - } - } - } -} - static void do_delete_ip(struct ctdb_context *ctdb, struct ctdb_vnn *vnn) { DLIST_REMOVE(ctdb->vnn, vnn); @@ -861,15 +819,47 @@ static void do_delete_ip(struct ctdb_context *ctdb, struct ctdb_vnn *vnn) talloc_free(vnn); } +static struct ctdb_vnn *release_ip_post(struct ctdb_context *ctdb, + struct ctdb_vnn *vnn, + ctdb_sock_addr *addr) +{ + TDB_DATA data; + + /* Send a message to all clients of this node telling them + * that the cluster has been reconfigured and they should + * close any connections on this IP address + */ + data.dptr = (uint8_t *)ctdb_addr_to_str(addr); + data.dsize = strlen((char *)data.dptr)+1; + DEBUG(DEBUG_INFO, ("Sending RELEASE_IP message for %s\n", data.dptr)); + ctdb_daemon_send_message(ctdb, ctdb->pnn, CTDB_SRVID_RELEASE_IP, data); + + ctdb_vnn_unassign_iface(ctdb, vnn); + + /* Process the IP if it has been marked for deletion */ + if (vnn->delete_pending) { + do_delete_ip(ctdb, vnn); + return NULL; + } + + return vnn; +} + +struct release_ip_callback_state { + struct ctdb_req_control_old *c; + ctdb_sock_addr *addr; + struct ctdb_vnn *vnn; + uint32_t target_pnn; +}; + /* called when releaseip event finishes */ -static void release_ip_callback(struct ctdb_context *ctdb, int status, +static void release_ip_callback(struct ctdb_context *ctdb, int status, void *private_data) { - struct takeover_callback_state *state = - talloc_get_type(private_data, struct takeover_callback_state); - TDB_DATA data; + struct release_ip_callback_state *state = + talloc_get_type(private_data, struct release_ip_callback_state); if (status == -ETIME) { ctdb_ban_self(ctdb); @@ -887,34 +877,15 @@ static void release_ip_callback(struct ctdb_context *ctdb, int status, } } - /* send a message to all clients of this node telling them - that the cluster has been reconfigured and they should - release any sockets on this IP */ - data.dptr = (uint8_t *)talloc_strdup(state, ctdb_addr_to_str(state->addr)); - CTDB_NO_MEMORY_VOID(ctdb, data.dptr); - data.dsize = strlen((char *)data.dptr)+1; - - DEBUG(DEBUG_INFO,(__location__ " sending RELEASE_IP for '%s'\n", data.dptr)); - - ctdb_daemon_send_message(ctdb, ctdb->pnn, CTDB_SRVID_RELEASE_IP, data); - - /* kill clients that have registered with this IP */ - release_kill_clients(ctdb, state->addr); - - ctdb_vnn_unassign_iface(ctdb, state->vnn); - - /* Process the IP if it has been marked for deletion */ - if (state->vnn->delete_pending) { - do_delete_ip(ctdb, state->vnn); - state->vnn = NULL; - } + state->vnn->pnn = state->target_pnn; + state->vnn = release_ip_post(ctdb, state->vnn, state->addr); /* the control succeeded */ ctdb_request_control_reply(ctdb, state->c, NULL, 0, NULL); talloc_free(state); } -static int ctdb_releaseip_destructor(struct takeover_callback_state *state) +static int ctdb_releaseip_destructor(struct release_ip_callback_state *state) { if (state->vnn != NULL) { state->vnn->update_in_flight = false; @@ -931,7 +902,7 @@ int32_t ctdb_control_release_ip(struct ctdb_context *ctdb, bool *async_reply) { int ret; - struct takeover_callback_state *state; + struct release_ip_callback_state *state; struct ctdb_public_ip *pip = (struct ctdb_public_ip *)indata.dptr; struct ctdb_vnn *vnn; char *iface; @@ -943,16 +914,20 @@ int32_t ctdb_control_release_ip(struct ctdb_context *ctdb, ctdb_addr_to_str(&pip->addr))); return 0; } - vnn->pnn = pip->pnn; /* stop any previous arps */ talloc_free(vnn->takeover_ctx); vnn->takeover_ctx = NULL; - /* Some ctdb tool commands (e.g. moveip, rebalanceip) send - * lazy multicast to drop an IP from any node that isn't the - * intended new node. The following causes makes ctdbd ignore - * a release for any address it doesn't host. + /* RELEASE_IP controls are sent to all nodes that should not + * be hosting a particular IP. This serves 2 purposes. The + * first is to help resolve any inconsistencies. If a node + * does unexpectly host an IP then it will be released. The + * 2nd is to use a "redundant release" to tell non-takeover + * nodes where an IP is moving to. This is how "ctdb ip" can + * report the (likely) location of an IP by only asking the + * local node. Redundant releases need to update the PNN but + * are otherwise ignored. */ if (ctdb->tunable.disable_ip_failover == 0 && ctdb->do_checkpublicip) { if (!ctdb_sys_have_ip(&pip->addr)) { @@ -960,6 +935,7 @@ int32_t ctdb_control_release_ip(struct ctdb_context *ctdb, ctdb_addr_to_str(&pip->addr), vnn->public_netmask_bits, ctdb_vnn_iface_string(vnn))); + vnn->pnn = pip->pnn; ctdb_vnn_unassign_iface(ctdb, vnn); return 0; } @@ -968,6 +944,7 @@ int32_t ctdb_control_release_ip(struct ctdb_context *ctdb, DEBUG(DEBUG_DEBUG,("Redundant release of IP %s/%u (ip not held)\n", ctdb_addr_to_str(&pip->addr), vnn->public_netmask_bits)); + vnn->pnn = pip->pnn; return 0; } } @@ -993,7 +970,7 @@ int32_t ctdb_control_release_ip(struct ctdb_context *ctdb, iface, pip->pnn)); - state = talloc(ctdb, struct takeover_callback_state); + state = talloc(ctdb, struct release_ip_callback_state); if (state == NULL) { ctdb_set_error(ctdb, "Out of memory at %s:%d", __FILE__, __LINE__); @@ -1001,8 +978,8 @@ int32_t ctdb_control_release_ip(struct ctdb_context *ctdb, return -1; } - state->c = talloc_steal(state, c); - state->addr = talloc(state, ctdb_sock_addr); + state->c = NULL; + state->addr = talloc(state, ctdb_sock_addr); if (state->addr == NULL) { ctdb_set_error(ctdb, "Out of memory at %s:%d", __FILE__, __LINE__); @@ -1011,6 +988,7 @@ int32_t ctdb_control_release_ip(struct ctdb_context *ctdb, return -1; } *state->addr = pip->addr; + state->target_pnn = pip->pnn; state->vnn = vnn; vnn->update_in_flight = true; @@ -1034,6 +1012,7 @@ int32_t ctdb_control_release_ip(struct ctdb_context *ctdb, /* tell the control that we will be reply asynchronously */ *async_reply = true; + state->c = talloc_steal(state, c); return 0; } @@ -2376,21 +2355,21 @@ void ctdb_takeover_client_destructor_hook(struct ctdb_client *client) void ctdb_release_all_ips(struct ctdb_context *ctdb) { - struct ctdb_vnn *vnn; + struct ctdb_vnn *vnn, *next; int count = 0; if (ctdb->tunable.disable_ip_failover == 1) { return; } - for (vnn=ctdb->vnn;vnn;vnn=vnn->next) { + for (vnn = ctdb->vnn; vnn != NULL; vnn = next) { + /* vnn can be freed below in release_ip_post() */ + next = vnn->next; + if (!ctdb_sys_have_ip(&vnn->public_address)) { ctdb_vnn_unassign_iface(ctdb, vnn); continue; } - if (!vnn->iface) { - continue; - } /* Don't allow multiple releases at once. Some code, * particularly ctdb_tickle_sentenced_connections() is @@ -2412,12 +2391,26 @@ void ctdb_release_all_ips(struct ctdb_context *ctdb) ctdb_vnn_iface_string(vnn))); ctdb_event_script_args(ctdb, CTDB_EVENT_RELEASE_IP, "%s %s %u", - ctdb_vnn_iface_string(vnn), - ctdb_addr_to_str(&vnn->public_address), - vnn->public_netmask_bits); - release_kill_clients(ctdb, &vnn->public_address); - ctdb_vnn_unassign_iface(ctdb, vnn); - vnn->update_in_flight = false; + ctdb_vnn_iface_string(vnn), + ctdb_addr_to_str(&vnn->public_address), + vnn->public_netmask_bits); + /* releaseip timeouts are converted to success, so to + * detect failures just check if the IP address is + * still there... + */ + if (ctdb_sys_have_ip(&vnn->public_address)) { + DEBUG(DEBUG_ERR, + (__location__ + " IP address %s not released\n", + ctdb_addr_to_str(&vnn->public_address))); + vnn->update_in_flight = false; + continue; + } + + vnn = release_ip_post(ctdb, vnn, &vnn->public_address); + if (vnn != NULL) { + vnn->update_in_flight = false; + } count++; } diff --git a/ctdb/server/eventscript.c b/ctdb/server/eventscript.c index 5bc2ee8..2293eee 100644 --- a/ctdb/server/eventscript.c +++ b/ctdb/server/eventscript.c @@ -699,6 +699,62 @@ static int remove_callback(struct event_script_callback *callback) return 0; } +struct schedule_callback_state { + struct ctdb_context *ctdb; + void (*callback)(struct ctdb_context *, int, void *); + void *private_data; + int status; + struct tevent_immediate *im; +}; + +static void schedule_callback_handler(struct tevent_context *ctx, + struct tevent_immediate *im, + void *private_data) +{ + struct schedule_callback_state *state = + talloc_get_type_abort(private_data, + struct schedule_callback_state); + + if (state->callback != NULL) { + state->callback(state->ctdb, state->status, + state->private_data); + } + talloc_free(state); +} + +static int +schedule_callback_immediate(struct ctdb_context *ctdb, + void (*callback)(struct ctdb_context *, + int, void *), + void *private_data, + int status) +{ + struct schedule_callback_state *state; + struct tevent_immediate *im; + + state = talloc_zero(ctdb, struct schedule_callback_state); + if (state == NULL) { + DEBUG(DEBUG_ERR, (__location__ " out of memory\n")); + return -1; + } + im = tevent_create_immediate(state); + if (im == NULL) { + DEBUG(DEBUG_ERR, (__location__ " out of memory\n")); + talloc_free(state); + return -1; + } + -- Samba Shared Repository