The branch, v4-19-test has been updated via 3bab56a7db6 VERSION: Bump version up to Samba 4.19.0rc2... via 4f12024cafa VERSION: Disable GIT_SNAPSHOT for the Samba 4.19.0rc1 release. via 6943c1e3cde WHATSNEW: Up to Samba 4.19.0rc1. via 94f11c3c21b ldb: release 2.8.0 for use in Samba 4.19.x via 7920d2ff627 ctdb-tools: Improve printing of multi-line event script output via e3c0b72c340 ctdb-tools: Always print script output in event status via e36a4149d80 librpc/idl: Remove DCOM and WMI IDL via abc3d58e1cc dcom: Remove remainder of DCOM test client code via 959dc9068d1 librpc:crypto: SAFE_FREE() -> krb5_free_enctypes() via 05056775eae librpc:crypto: SAFE_FREE() -> krb5_free_string() via ec121eb831d auth:credentials: SAFE_FREE() -> krb5_free_string() via cd60e3fdef4 auth:credentials: SAFE_FREE() -> krb5_free_enctypes() via c5778a0fbdd krb5_wrap: add krb5_free_string() via 75139445c20 krb5_wrap: add krb5_free_enctypes() via 9338d1b17c4 smbd: move tevent_req_post() out of smbd_smb2_create_after_exec() via 20df26b9081 s3: smbd: Sanitize any "server" and "share" components of SMB1 DFS paths to remove UNIX separators. via 2aa9ffa2f0f s3: torture: Add test to show an SMB1 DFS path of "\x//\/" crashes smbd. via c2e83ebe726 mdssvc: fix returning file modification date for older Mac releases via 620ca1e68d0 mdssvc: fix date marshalling via 9dc66fecf7c mdssvc: prepare for returning timestamps with sub-seconds granularity via 724a0518c90 mdssvc: reduce pagesize to 50 via 7f5e4edf64f tests/mdssvc: match hits:total:value to be the actual amount of entries in hits via d8fa5c8e2a1 mdssvc: fix enforcement of "elasticsearch:max results" via 086c2602d07 mdssvc: add and use SL_PAGESIZE via 925fefae20e mdssvc: fix long running backend queries via 4149ef97e59 mdssvc: set query state for continued queries to SLQ_STATE_RUNNING via e86e0da9de6 WHATSNEW: Add TLS cert reload feature via a1b1f8ffd20 doc-xml: Add entry for reload-certs for new LDAP certificate reload function via 9facc2e1d85 docs-xml: Fix invalid XML in smbcontrol manpage via 4516fee9b52 testprogs/blackbox: add test_ldap_tls_reload.sh via 0c7cfb7a115 s4:ldap_server: reload tls certificates on smbcontrol reload-certs via 321162c9bfc s4:ldap_server: remember dns_host_name in ldap_service via cc4995d932d s4:ldap_server: don't store task_server in ldapsrv_service via 7804bf55ad0 s4:tls_tstream: create tstream_tls_params_internal via bed915d098e s3:smbcontrol: improve destination resolution using names db via 1472e4c9dbf s4:process_prefork: create new messaging context for the master process via 3af6ad6eea7 s4:process: add method called before entering the tevent_loop_wait via c8ee3d45252 s4:process_prefork: avoid memory leaks caused by messaging_post_self via dd998cc1633 s3:winbindd: Fix double close(fd) via 61c951e063e mdscli: correct handling of in-progress searches via 424af98c894 mdscli: increase MAX_SLQ_COUNT via b8e0f02f081 mdscli: increase MAX_SLQ_TOCIDX via 1149d497b35 mdssvc: increase MAX_SLQ_TOC via 68bb582bc51 mdssvc: introduce MAX_MDSCMD_SIZE via c2b4fe3fb7c mdscli: add fragmentation support via 27980c87c9b mdssvc: remove duplicate define of MAX_SL_FRAGMENT_SIZE via 566427c4f0e librpc/idl: mdssvc: unkn4 field is a fragment indicator via 5442c47dad2 libsmb: increase a debug level when site-aware DC lookup failed via 9bab902fc50 CVE-2023-3347: smbd: fix "server signing = mandatory" via 5a222ac3718 CVE-2023-3347: smbd: remove comment in smbd_smb2_request_process_negprot() via 59131d6c345 CVE-2023-3347: smbd: inline smb2_srv_init_signing() code in srv_init_signing() via 1662eeeb7a6 CVE-2023-3347: smbd: pass lp_ctx to smb[1|2]_srv_init_signing() via a9a2b182df7 CVE-2023-3347: CI: add a test for server-side mandatory signing via 578e434a941 CVE-2023-34968: mdssvc: return a fake share path via 94fcbec8af5 CVE-2023-34968: mdscli: return share relative paths via d402c0cc6ad CVE-2023-34968: mdssvc: introduce an allocating wrapper to sl_pack() via ac9008a20c8 CVE-2023-34968: mdssvc: switch to doing an early return via 33b82c6185b CVE-2023-34968: mdssvc: remove response blob allocation via 5c9efa9604d CVE-2023-34968: rpcclient: remove response blob allocation via 6d77daa3af0 CVE-2023-34968: smbtorture: remove response blob allocation in mdssvc.c via e85e09eee93 CVE-2023-34968: mdscli: remove response blob allocation via 617fe37cc2a CVE-2023-34968: mdscli: use correct TALLOC memory context when allocating spotlight_blob via 70184ef3b40 CVE-2023-34968: mdssvc: add missing "kMDSStoreMetaScopes" dict key in slrpc_fetch_properties() via 02552493e37 CVE-2023-34968: mdssvc: cache and reuse stat info in struct sl_inode_path_map via 4c60e35add4 CVE-2023-34967: mdssvc: add type checking to dalloc_value_for_key() via 3b3c30e2acf CVE-2023-34967: CI: add a test for type checking of dalloc_value_for_key() via 38664163fca CVE-2023-34966: mdssvc: harden sl_unpack_loop() via 10b6890d26b CVE-2023-34966: CI: test for sl_unpack_loop() via e067c523b17 CVE-2022-2127: ntlm_auth: cap lanman response length value via b2de71734f0 CVE-2022-2127: winbindd: Fix WINBINDD_PAM_AUTH_CRAP length checks via 76ad44f446c lib/cmdline: Also redact --newpassword in samba_cmdline_burn() via 414b3803bb6 lib/cmdline: Also burn the --password2 parameter if given via a53ebc288f4 samba-tool: Use samba.glue.get_burnt_cmdline rather than regex via 3f9e4558985 python: Add glue.burn_commandline() method via 5afd206d1d8 python: Remove const from PyList_AsStringList() via fd81759e2ed python: Move PyList_AsStringList to common code so we can reuse via 848fea1a01a lib/cmdline: Return if the commandline was redacted in samba_cmdline_burn() via 0da6cc71054 claims.idl: Fix AD claims encoding via 3109899299e lib/fault: During smb_panic() print process comment and setprocname() title via e401ae44b2f python/samba: Adjust tarfile extraction filter via 5e473cba0d3 WHATSNEW: Mention new unicodePwd only over encrypted LDAP restriction via 3f253002280 WHATSNEW: mention KDC auditing via b9667bc29a6 WHATSNEW: FAST support, Claims compression, SID compression via 6844def6675 WHATSNEW: Mention Heimdal updates via fbed6d80b1f WHATSNEW: Expand detail on what of 2012, 2012R2 and 2016 support is implemented via 29310f27d49 WHATSNEW: PKINIT testing via fb27e01b36f WHATSNEW: Include info on new samba-tool features via 0ee8c263f61 WHATSNEW: Add text on PKINIT Certificate Revocation via 980c1565ed1 s4:param: replace calls to deprecated Python methods via ca5cc05b22b s3:script: Replace --merge by --merge-by-timestamp in samba-log-parser via 16386bfd4cd docs-xml:manpages: Fix tabs in samba-log-parser.1.xml via 6539f1e4cd6 s3:winbindd: Change the TALLOC_CTX to fix the tevent call depth tracking via 801772012eb Revert "s3:winbindd: set TEVENT_DEPRECATED as tevent_thread_call_depth_*() api will change soon" via 40fb810de39 s4:dns_server: Add some more debugging in order to find problems with level 10 logs via 76b0530e673 s4:dns_server: defer calling werr_to_dns_err() in a central place via fb4bb188acf s3:waf: Fix code spelling via 83b58255ed5 s3:winbindd: Fix code spelling via 746ef717a74 s3:utils: Fix code spelling via 4cff81603ab s3:torture: Fix code spelling via 7077ae40423 s3:smbd: Fix code spelling via feee2018883 s3:smbd: Fix trailing white spaces in quotas.c via 26d9da1543f s3:smbd: Fix trailing white spaces in dmapi.c via 9fd809296ce s3:selftest: Fix code spelling via 18dd3f3dd31 s3:script: Fix code spelling via 9826fd4588f s3:rpc_server: Fix code spelling via 4a817b1655d s3:rpc_client: Fix code spelling via 6a359944f1f s3:registry: Fix code spelling via 1517fd17094 s3:printing: Rename variably to dummy to make codespell happy via 73abbd1465e s3:printing: Fix code spelling via d8dd743f0b2 s3:printing: Fix trailing white spaces in print_iprint.c via d41702abe09 s3:passdb: Fix code spelling via 57047ca56d6 s3:param: Fix code spelling via f8d5e70a913 s3:param: Rename bLoaded global variable via 6e4c7ae9a2e ctdb-tests: Log to stderr in statd-callout tests via ef15a34d5dd ctdb-scripts: Support script logging to stderr via 0ac9413735a ctdb-scripts: Avoid ShellCheck warning SC2162 via 59c5010b6ec ctdb-scripts: Reformat with "shfmt -w -p -i 0 -fn" via 2e2d81b92a9 ctdb-recoverd: CID 1509028 - Use of 32-bit time_t (Y2K38_SAFETY) via 862fc5770cb ctdb: Do not use egrep via 4deb178eb3e ctdb-doc: Correct bit-rotted documenation via dbbede407f7 ctdb-utils: Drop unused scsi_io.c source file via 7c0a1c1e13f s3:winbind: Set/unset the winbind_call_flow callback if log level changes via a1b2f17c6db s3:winbind: Update winbind to tevent 0.15.0 API via 5b130e620fa s3:winbind: Add callback winbind_call_flow() via 24120728bb2 ldb: call tevent_set_max_debug_level(TEVENT_DEBUG_TRACE) together with ldb_tevent_debug() via 0031a102c3d lib/util: call tevent_set_max_debug_level() in samba_tevent_set_debug() via 6a80d170bca tevent: version 0.15.0 via 0ddf8b5645e tevent: add tevent_common_fd_str() helper via 2645be60d7a tevent: avoid calling epoll_update_event() again if epoll_check_reopen() already did it via e9d98097346 tevent: let epoll_check_reopen() clear all events before reopening them via 3217d5dc1d6 tevent: avoid epoll_check_reopen() overhead unless required via d94b9c81242 tevent: make use of TEVENT_DEBUG() when using TEVENT_DEBUG_TRACE via 812313f1c82 tevent: add TEVENT_DEBUG() avoid argument overhead when log is not active... via 2c78a4f527e tevent: introduce tevent_set_max_debug_level() (default TEVENT_DEBUG_WARNING) via 86140d7c381 tevent: add fd_speed test via d7b29125c01 tevent: Flow: add tevent_thread_call_depth_set_callback() via 0c4d6e630f5 tevent: Flow: store cleanup function name in tevent_req via 85e43e70b20 tevent: Flow: store cancel function name in tevent_req via 5e83691d1ed tevent: Flow: store trigger function name in tevent_queue_entry via deec9994eb8 tevent: Flow: store callback function name in tevent_req via fb3a9cd7329 tevent: Flow: pass function name to tevent_req_create() via 1c9e9f46046 tevent: Deprecate some tevent_thread_call_depth_*() functions via e9f38f6e6d8 tevent: Move definition of _DEPRECATED_ to the top of tevent.h via 28ddcaf4d8e s3:winbindd: set TEVENT_DEPRECATED as tevent_thread_call_depth_*() api will change soon via c1124ec8e5d tevent: add tevent_dlinklist.h as copy from lib/util/dlinklist.h via e3c77030fee lib/util: dlinklist.h sync with LGPL copy from lib/ldb/include/dlinklist.h via 8edb16a3964 ldb: clarify LGPL scope of include/dlinklist.h via 18e18006ad0 ldb: remove trailing whitespaces from include/dlinklist.h via a665d44f22c tevent: rely on epoll_create1() for epoll interface via 0daa9ebc235 lib:replace: rely on epoll_create1() for epoll interface via b649c7d3c2b tdb: release 1.4.9 via 791e2817e13 talloc: release 2.4.1 via bb6fecd9ac5 netcmd: sites: add sites and subnet list and view commands to manpage via 7f7d68573c3 netcmd: sites: add missing subnet commands to samba-tool manpage via 5e4a6cd75a1 netcmd: sites: tests for list and view sites and subnet via 3cf81e98f36 netcmd: sites: make use of ldb_connect from base class via 752eae68c2a netcmd: add list and view commands for sites and subnets via b9d01c64207 netcmd: add Subnet and Site models via 5f69220f0af WHATSNEW: Update minimum GnuTLS version via f050124a96c lib/fuzzing: patch for collecting fuzz_security_token_vs_descriptor seeds via 9ea606dad11 lib/fuzzing: adapt fuzz_sddl_access_check for AD variant via 89b02bad3e2 lib/fuzzing: adapt fuzz_security_token_vs_descriptor for AD variant via eb2bed3899b lib/fuzzing: add fuzzer for arbitrary token/sd access checks via 5ad28bd7605 lib/fuzzing: add fuzz_sddl_access_check via 3ed1ba6fedd s4:provision: use better values for operatingSystem[Version] via 9a79bed41e2 s4:pydsdb: add dc_operatingSystemVersion() helper via b058b39f38b s4:dsdb: let dsdb_check_and_update_fl() also operatingSystem[Version] via 16865d6d439 upgradeprovision: handle operatingSystem similar to operatingSystemVersion via 85080ba9ea0 ldapcmp: also ignore operatingSystem similar to operatingSystemVersion via 56ee153cae3 netlogon.idl: add some comments to netr_OsVersionInfoEx via 81058c60136 third_party/heimdal: Import lorikeet-heimdal-202307050413 (commit e0597fe1d01b109e64d9c2a5bcada664ac199498) via 90b240be086 tests/krb5: Add a test for PK-INIT with a revoked certificate via 2ab15cf1172 tests/krb5: Allow passing a pre-created certificate into _pkinit_req() via b73a01eefd2 tests/krb5: Have the caller of create_certificate() fetch the CA certificate and private key via 01196cc741d tests/krb5: Factor out a method to fetch the CA certificate and private key via ce9786748b7 tests/krb5: Factor out a method to create a certificate via db64b2762c4 s4:kdc: Add auth_data_reqd flag to SDBFlags via 7340351097a third_party/heimdal_build: Make Heimdal version strings const via a25f549e9a0 third_party/heimdal: Import lorikeet-heimdal-202307040259 (commit 33d117b8a9c11714ef709e63a005d87e34b9bfde) via 5bfccbb7643 tests/krb5: Test Windows 2000 variant of PK-INIT via af97579f161 tests/krb5: Add ASN.1 definitions for Windows 2000 PK-INIT via ecc62bc1207 tests/krb5: Add tests for PK-INIT Freshness Extension (RFC 8070) via f7393da2c07 tests/krb5: Remove unused methods via 97ead77767c tests/krb5: Check PAC_TYPE_CREDENTIAL_INFO PAC buffer via 3ea1c559213 tests/krb5: Add PK-INIT testing framework via 699d211084f tests/krb5: Allow KerberosCredentials to have associated RSA private key via 7584e7a3a13 tests/krb5: Add helper methods for PK-INIT testing via 7f9547fda79 tests/krb5: Refactor encryption type selection via ef9ffbacb9c tests/krb5: Add PK-INIT ASN1 definitions and include licence via 477fbd7bb4c tests/krb5: Add PKINIT pre-authentication types via 8a0bde46a25 tests/krb5: Add PKINIT typed data errors via d818ed644a5 tests/krb5: Add PKINIT error codes via 7d2c267ae1a s4:kdc: Fix wrong debug message via 97cde6f97b4 tests/krb5: Remove unused variables from 7d2c68f2e25 s3:nmbd: Fix code spelling
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log ----------------------------------------------------------------- commit 3bab56a7db63812cec617dad7063284e18e8381c Author: Jule Anger <jan...@samba.org> Date: Fri Jul 28 14:11:30 2023 +0200 VERSION: Bump version up to Samba 4.19.0rc2... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger <jan...@samba.org> Signed-off-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: VERSION | 4 +- WHATSNEW.txt | 133 +- auth/credentials/credentials_krb5.c | 3 +- auth/credentials/pycredentials.c | 2 +- ctdb/config/events/README | 2 +- ctdb/config/functions | 966 +++++----- ctdb/event/event_tool.c | 61 +- ctdb/server/ctdb_recoverd.c | 2 +- ctdb/tests/CLUSTER/complex/scripts/local.bash | 2 +- .../INTEGRATION/simple/cluster.090.unreachable.sh | 2 +- .../etc-ctdb/events/random/02.enabled.script | 29 + ctdb/tests/UNIT/eventd/eventd_008.sh | 54 + ctdb/tests/UNIT/eventscripts/etc-ctdb/rc.local | 5 - ctdb/tests/UNIT/eventscripts/scripts/local.sh | 4 +- ctdb/tools/ctdb_diagnostics | 2 +- ctdb/utils/scsi_io/scsi_io.c | 1152 ------------ docs-xml/manpages/samba-log-parser.1.xml | 43 +- docs-xml/manpages/samba-tool.8.xml | 51 + docs-xml/manpages/smbcontrol.1.xml | 11 +- lib/cmdline/cmdline.c | 19 +- lib/cmdline/cmdline.h | 4 +- lib/fuzzing/fuzz_sddl_access_check.c | 144 ++ lib/fuzzing/fuzz_security_token_vs_descriptor.c | 78 + lib/fuzzing/patches/collect-access-check-seeds.txt | 253 +++ lib/fuzzing/wscript_build | 52 +- lib/krb5_wrap/krb5_samba.c | 14 +- lib/krb5_wrap/krb5_samba.h | 8 + lib/ldb/common/ldb.c | 2 + lib/ldb/include/dlinklist.h | 9 +- lib/ldb/wscript | 2 +- lib/replace/wscript | 4 +- ...oc-util-2.3.0.sigs => pytalloc-util-2.4.1.sigs} | 0 .../ABI/{talloc-2.3.5.sigs => talloc-2.4.1.sigs} | 0 lib/talloc/wscript | 2 +- lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.9.sigs} | 0 lib/tdb/wscript | 2 +- .../ABI/{tevent-0.14.0.sigs => tevent-0.15.0.sigs} | 10 + lib/tevent/testsuite.c | 114 ++ lib/tevent/tevent.c | 5 +- lib/tevent/tevent.h | 177 +- lib/tevent/tevent_debug.c | 73 +- .../dlinklist.h => tevent/tevent_dlinklist.h} | 9 +- lib/tevent/tevent_epoll.c | 96 +- lib/tevent/tevent_fd.c | 16 + lib/tevent/tevent_immediate.c | 6 +- lib/tevent/tevent_internal.h | 42 +- lib/tevent/tevent_queue.c | 68 +- lib/tevent/tevent_req.c | 86 +- lib/tevent/tevent_threads.c | 2 +- lib/tevent/tevent_timed.c | 8 +- lib/tevent/tevent_util.h | 185 +- lib/tevent/tevent_wrapper.c | 2 +- lib/tevent/wscript | 6 +- lib/util/dlinklist.h | 29 +- lib/util/fault.c | 13 +- lib/util/tevent_debug.c | 11 + lib/util/util_process.c | 38 +- lib/util/util_process.h | 34 + lib/util/wscript_build | 2 +- librpc/idl/claims.idl | 2 +- librpc/idl/mdssvc.idl | 2 +- librpc/idl/messaging.idl | 1 + librpc/idl/netlogon.idl | 68 + librpc/idl/security.idl | 6 + librpc/idl/wmi.idl | 715 -------- librpc/idl/wscript_build | 18 - librpc/ndr/ndr_wmi.c | 60 - librpc/wscript_build | 32 +- python/modules.c | 35 + python/modules.h | 7 + python/pyglue.c | 60 + python/samba/getopt.py | 69 +- python/samba/netcmd/domain/models/__init__.py | 2 + .../netcmd/domain/models/{user.py => site.py} | 31 +- .../netcmd/domain/models/{user.py => subnet.py} | 31 +- python/samba/netcmd/ldapcmp.py | 3 +- python/samba/netcmd/sites.py | 193 +- python/samba/provision/__init__.py | 11 +- python/samba/safe_tarfile.py | 2 +- python/samba/tests/blackbox/mdsearch.py | 10 +- python/samba/tests/blackbox/ndrdump.py | 59 - python/samba/tests/cred_opt.py | 14 +- python/samba/tests/dcerpc/mdssvc.py | 32 +- python/samba/tests/krb5/kdc_tgs_tests.py | 13 - python/samba/tests/krb5/pkinit_tests.py | 1233 +++++++++++++ python/samba/tests/krb5/raw_testcase.py | 1069 ++++++++++- python/samba/tests/krb5/rfc4120.asn1 | 1067 ++++++++++- python/samba/tests/krb5/rfc4120_constants.py | 29 + python/samba/tests/krb5/rfc4120_pyasn1.py | 1927 ++++++++++++++++++-- python/samba/tests/samba_tool/sites.py | 71 +- python/wscript | 1 + selftest/knownfail_heimdal_kdc | 12 + selftest/knownfail_mit_kdc_1_20 | 53 + selftest/skip | 2 - selftest/target/Samba.pm | 3 + selftest/target/Samba3.pm | 1 + selftest/target/Samba4.pm | 1 + source3/librpc/crypto/gse.c | 2 +- source3/librpc/crypto/gse_krb5.c | 2 +- source3/libsmb/namequery.c | 8 +- source3/param/loadparm.c | 16 +- source3/passdb/machine_account_secrets.c | 2 +- source3/passdb/passdb.c | 8 +- source3/passdb/pdb_get_set.c | 2 +- source3/passdb/pdb_interface.c | 2 +- source3/passdb/pdb_ldap.c | 4 +- source3/passdb/pdb_ldap.h | 2 +- source3/passdb/pdb_smbpasswd.c | 6 +- source3/passdb/pdb_tdb.c | 2 +- source3/passdb/py_passdb.c | 2 +- source3/printing/lpq_parse.c | 4 +- source3/printing/nt_printing.c | 10 +- source3/printing/nt_printing_ads.c | 2 +- source3/printing/print_iprint.c | 34 +- source3/printing/printing.c | 16 +- source3/registry/reg_backend_db.c | 4 +- source3/registry/reg_format.c | 2 +- source3/registry/reg_format.h | 24 +- source3/registry/reg_import.h | 2 +- source3/registry/reg_parse.h | 2 +- source3/registry/reg_parse_dox.cfg | 4 +- source3/registry/reg_parse_internal.h | 2 +- source3/registry/reg_perfcount.c | 2 +- source3/registry/regfio.c | 6 +- source3/registry/regfio.h | 2 +- source3/rpc_client/cli_lsarpc.h | 8 +- source3/rpc_client/cli_mdssvc.c | 267 ++- source3/rpc_client/cli_mdssvc_private.h | 4 + source3/rpc_client/cli_mdssvc_util.c | 148 +- source3/rpc_client/cli_mdssvc_util.h | 4 + source3/rpc_client/cli_pipe.c | 10 +- source3/rpc_client/cli_samr.c | 2 +- source3/rpc_client/cli_samr.h | 22 +- source3/rpc_client/cli_winreg.h | 8 +- source3/rpc_client/cli_winreg_int.h | 4 +- source3/rpc_client/cli_winreg_spoolss.h | 6 +- source3/rpc_client/py_mdscli.c | 7 +- source3/rpc_server/epmapper/srv_epmapper.c | 2 +- source3/rpc_server/eventlog/srv_eventlog_nt.c | 2 +- source3/rpc_server/mdssvc/dalloc.c | 16 +- source3/rpc_server/mdssvc/marshalling.c | 88 +- source3/rpc_server/mdssvc/marshalling.h | 10 +- source3/rpc_server/mdssvc/mdssvc.c | 165 +- source3/rpc_server/mdssvc/mdssvc.h | 13 +- source3/rpc_server/mdssvc/mdssvc_es.c | 8 +- source3/rpc_server/mdssvc/sparql_mapping.h | 2 +- source3/rpc_server/mdssvc/sparql_parser.y | 2 +- source3/rpc_server/mdssvc/srv_mdssvc_nt.c | 32 +- source3/rpc_server/netlogon/srv_netlog_nt.c | 2 +- source3/rpc_server/samr/srv_samr_chgpasswd.c | 4 +- source3/rpc_server/samr/srv_samr_nt.c | 2 +- source3/rpc_server/spoolss/srv_spoolss_nt.c | 10 +- source3/rpc_server/srv_access_check.c | 4 +- source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 2 +- source3/rpcclient/cmd_spotlight.c | 48 +- source3/script/format_indent.sh | 2 +- source3/script/samba-log-parser | 103 +- source3/script/tests/smbspool_argv_wrapper.c | 2 +- source3/script/tests/test_net_misc.sh | 2 +- source3/script/tests/test_net_registry.sh | 4 +- source3/script/tests/test_sacl_set_get.sh | 2 +- source3/script/tests/test_smb1_system_security.sh | 2 +- source3/script/tests/test_smbclient_s3.sh | 4 +- source3/script/tests/test_smbclient_tarmode.pl | 6 +- source3/script/tests/test_smbclient_tarmode.sh | 2 +- source3/script/tests/test_smbcquota.py | 2 +- source3/script/tests/test_smbd_no_krb5.sh | 2 +- source3/script/tests/test_smbspool.sh | 4 +- source3/script/tests/vfstest-catia/run.sh | 2 +- source3/selftest/tests.py | 18 +- source3/smbd/blocking.c | 6 +- source3/smbd/close.c | 2 +- source3/smbd/conn.c | 2 +- source3/smbd/dfree.c | 2 +- source3/smbd/dmapi.c | 36 +- source3/smbd/dosmode.c | 2 +- source3/smbd/fake_file.c | 2 +- source3/smbd/fd_handle.c | 2 +- source3/smbd/filename.c | 2 +- source3/smbd/globals.h | 2 +- source3/smbd/mangle_hash.c | 2 +- source3/smbd/mangle_hash2.c | 2 +- source3/smbd/notify.c | 4 +- source3/smbd/notifyd/notifyd.c | 2 +- source3/smbd/ntquotas.c | 2 +- source3/smbd/open.c | 8 +- source3/smbd/posix_acls.c | 6 +- source3/smbd/proto.h | 1 - source3/smbd/quotas.c | 16 +- source3/smbd/server.c | 2 +- source3/smbd/smb1_ipc.c | 2 +- source3/smbd/smb1_lanman.c | 44 +- source3/smbd/smb1_process.c | 4 +- source3/smbd/smb1_reply.c | 12 +- source3/smbd/smb1_service.c | 2 +- source3/smbd/smb1_signing.c | 10 +- source3/smbd/smb1_signing.h | 3 +- source3/smbd/smb2_create.c | 9 +- source3/smbd/smb2_lock.c | 4 +- source3/smbd/smb2_negprot.c | 8 +- source3/smbd/smb2_nttrans.c | 4 +- source3/smbd/smb2_reply.c | 39 +- source3/smbd/smb2_server.c | 6 +- source3/smbd/smb2_service.c | 4 +- source3/smbd/smb2_sesssetup.c | 2 +- source3/smbd/smb2_signing.c | 23 +- source3/smbd/smb2_trans2.c | 4 +- source3/smbd/smbXsrv_session.c | 6 +- source3/smbd/smbd_cleanupd.c | 10 +- source3/torture/cmd_vfs.c | 2 +- source3/torture/denytest.c | 4 +- source3/torture/pdbtest.c | 8 +- source3/torture/proto.h | 1 + source3/torture/test_messaging_fd_passing.c | 2 +- source3/torture/test_posix.c | 4 +- source3/torture/test_smb1_dfs.c | 66 +- source3/torture/test_smb2.c | 2 +- source3/torture/torture.c | 12 +- source3/utils/mdsearch.c | 10 +- source3/utils/net_ads.c | 4 +- source3/utils/net_ads_gpo.c | 2 +- source3/utils/net_cache.c | 2 +- source3/utils/net_registry_check.c | 2 +- source3/utils/net_rpc.c | 6 +- source3/utils/net_rpc_conf.c | 4 +- source3/utils/net_rpc_printer.c | 36 +- source3/utils/net_rpc_rights.c | 2 +- source3/utils/ntlm_auth.c | 8 +- source3/utils/smbcacls.c | 6 +- source3/utils/smbcontrol.c | 34 +- source3/winbindd/idmap_ldap.c | 4 +- source3/winbindd/idmap_nss.c | 4 +- source3/winbindd/idmap_rid.c | 4 +- source3/winbindd/idmap_tdb2.c | 2 +- source3/winbindd/wb_lookupsids.c | 2 +- source3/winbindd/wb_seqnums.c | 12 +- source3/winbindd/winbindd.c | 8 +- source3/winbindd/winbindd.h | 2 +- source3/winbindd/winbindd_ads.c | 4 +- source3/winbindd/winbindd_cache.c | 2 +- source3/winbindd/winbindd_ccache_access.c | 2 +- source3/winbindd/winbindd_cm.c | 14 +- source3/winbindd/winbindd_cred_cache.c | 2 +- source3/winbindd/winbindd_creds.c | 2 +- source3/winbindd/winbindd_dual.c | 11 +- source3/winbindd/winbindd_getgrnam.c | 2 +- source3/winbindd/winbindd_gpupdate.c | 2 +- source3/winbindd/winbindd_group.c | 2 +- source3/winbindd/winbindd_irpc.c | 2 +- source3/winbindd/winbindd_list_users.c | 12 +- source3/winbindd/winbindd_misc.c | 36 + source3/winbindd/winbindd_pam.c | 14 +- source3/winbindd/winbindd_pam_auth_crap.c | 31 +- source3/winbindd/winbindd_proto.h | 8 +- source3/winbindd/winbindd_samr.c | 2 +- source3/winbindd/winbindd_show_sequence.c | 8 +- source3/winbindd/winbindd_util.c | 2 +- source3/wscript | 8 +- source4/auth/pyauth.c | 38 +- source4/auth/wscript_build | 4 +- source4/dns_server/dns_crypto.c | 14 + source4/dns_server/dns_server.c | 62 +- source4/dns_server/dns_update.c | 18 + source4/dsdb/common/util.c | 105 +- source4/dsdb/pydsdb.c | 24 + source4/dsdb/wscript_build | 2 +- source4/kdc/pac-glue.c | 2 +- source4/kdc/sdb.h | 2 +- source4/kdc/sdb_to_hdb.c | 2 +- source4/ldap_server/ldap_server.c | 176 +- source4/ldap_server/ldap_server.h | 6 +- source4/lib/tls/tls_tstream.c | 143 +- source4/librpc/wscript_build | 4 - source4/param/provision.c | 18 +- source4/samba/process_prefork.c | 64 + source4/samba/process_single.c | 3 + source4/samba/process_standard.c | 3 + source4/samba/service.h | 29 + source4/scripting/bin/samba_upgradeprovision | 3 +- source4/selftest/tests.py | 28 + source4/setup/provision_self_join.ldif | 4 +- source4/torture/rpc/mdssvc.c | 250 ++- source4/torture/rpc/oxidresolve.c | 263 --- source4/torture/rpc/remact.c | 104 -- source4/torture/rpc/rpc.c | 2 - source4/torture/smb2/session.c | 64 + source4/torture/smb2/smb2.c | 1 + source4/torture/wscript_build | 5 - testprogs/blackbox/test_ldap_tls_reload.sh | 64 + third_party/heimdal/appl/gssmask/gssmask.c | 12 +- third_party/heimdal/cf/make-proto.pl | 4 +- third_party/heimdal/configure.ac | 9 +- third_party/heimdal/include/NTMakefile | 4 +- third_party/heimdal/kadmin/check.c | 19 +- third_party/heimdal/kadmin/kadmin.1 | 62 +- third_party/heimdal/kadmin/util.c | 1 + third_party/heimdal/kcm/config.c | 15 +- third_party/heimdal/kdc/config.c | 18 +- third_party/heimdal/kdc/default_config.c | 17 + third_party/heimdal/kdc/httpkadmind.c | 1 + third_party/heimdal/kdc/kdc_locl.h | 2 + third_party/heimdal/kdc/kerberos5.c | 197 +- third_party/heimdal/kdc/misc.c | 4 + third_party/heimdal/kdc/pkinit.c | 180 ++ third_party/heimdal/kuser/kinit.c | 80 +- third_party/heimdal/lib/asn1/Makefile.am | 2 +- third_party/heimdal/lib/asn1/check-gen.c | 18 +- third_party/heimdal/lib/asn1/krb5.asn1 | 1 + third_party/heimdal/lib/asn1/pkinit.asn1 | 1 + third_party/heimdal/lib/base/common_plugin.h | 1 + third_party/heimdal/lib/base/dict.c | 4 +- third_party/heimdal/lib/base/heimbase.c | 16 +- third_party/heimdal/lib/base/heimbase.h | 2 +- third_party/heimdal/lib/base/heimbasepriv.h | 5 +- third_party/heimdal/lib/base/plugin.c | 16 +- third_party/heimdal/lib/com_err/Makefile.am | 4 +- third_party/heimdal/lib/com_err/com_err.c | 2 +- third_party/heimdal/lib/com_err/com_err.h | 2 +- third_party/heimdal/lib/com_err/com_right.h | 2 +- third_party/heimdal/lib/com_err/compile_et.c | 2 +- third_party/heimdal/lib/com_err/error.c | 2 +- third_party/heimdal/lib/hdb/hdb-mitdb.c | 4 +- third_party/heimdal/lib/hdb/hdb.asn1 | 1 + third_party/heimdal/lib/hx509/Makefile.am | 2 +- third_party/heimdal/lib/hx509/hxtool.c | 7 +- third_party/heimdal/lib/ipc/client.c | 4 +- third_party/heimdal/lib/kadm5/admin.h | 1 + third_party/heimdal/lib/kadm5/ent_setup.c | 4 + third_party/heimdal/lib/kadm5/get_s.c | 1 + third_party/heimdal/lib/krb5/addr_families.c | 34 +- third_party/heimdal/lib/krb5/aname_to_localname.c | 6 +- third_party/heimdal/lib/krb5/changepw.c | 10 +- third_party/heimdal/lib/krb5/constants.c | 18 +- third_party/heimdal/lib/krb5/context.c | 2 +- third_party/heimdal/lib/krb5/crypto.c | 4 +- third_party/heimdal/lib/krb5/db_plugin.c | 4 +- third_party/heimdal/lib/krb5/get_host_realm.c | 6 +- third_party/heimdal/lib/krb5/get_in_tkt.c | 4 +- third_party/heimdal/lib/krb5/init_creds_pw.c | 14 +- third_party/heimdal/lib/krb5/krb5.conf.5 | 15 +- third_party/heimdal/lib/krb5/krb5.h | 22 +- third_party/heimdal/lib/krb5/krb5_err.et | 3 + third_party/heimdal/lib/krb5/krbhst.c | 4 +- third_party/heimdal/lib/krb5/kuserok.c | 20 +- third_party/heimdal/lib/krb5/mk_error.c | 4 +- third_party/heimdal/lib/krb5/pac.c | 8 +- third_party/heimdal/lib/krb5/pcache.c | 4 +- third_party/heimdal/lib/krb5/pkinit.c | 1 + third_party/heimdal/lib/krb5/plugin.c | 4 +- third_party/heimdal/lib/krb5/salt-aes-sha1.c | 2 +- third_party/heimdal/lib/krb5/salt-aes-sha2.c | 2 +- third_party/heimdal/lib/krb5/send_to_kdc.c | 12 +- third_party/heimdal/lib/roken/parse_bytes-test.c | 6 +- third_party/heimdal/lib/roken/parse_bytes.c | 18 +- third_party/heimdal/lib/roken/parse_bytes.h | 6 +- third_party/heimdal/lib/sl/Makefile.am | 4 +- third_party/heimdal/lib/vers/make-print-version.c | 2 +- third_party/heimdal/tests/kdc/check-kdc.in | 38 +- third_party/heimdal_build/roken.h | 4 +- wscript_configure_system_mitkrb5 | 2 + 360 files changed, 10802 insertions(+), 4768 deletions(-) delete mode 100644 ctdb/utils/scsi_io/scsi_io.c create mode 100644 lib/fuzzing/fuzz_sddl_access_check.c create mode 100644 lib/fuzzing/fuzz_security_token_vs_descriptor.c create mode 100644 lib/fuzzing/patches/collect-access-check-seeds.txt copy lib/talloc/ABI/{pytalloc-util-2.3.0.sigs => pytalloc-util-2.4.1.sigs} (100%) copy lib/talloc/ABI/{talloc-2.3.5.sigs => talloc-2.4.1.sigs} (100%) copy lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.9.sigs} (100%) copy lib/tevent/ABI/{tevent-0.14.0.sigs => tevent-0.15.0.sigs} (91%) copy lib/{ldb/include/dlinklist.h => tevent/tevent_dlinklist.h} (96%) delete mode 100644 librpc/idl/wmi.idl delete mode 100644 librpc/ndr/ndr_wmi.c copy python/samba/netcmd/domain/models/{user.py => site.py} (59%) copy python/samba/netcmd/domain/models/{user.py => subnet.py} (59%) create mode 100755 python/samba/tests/krb5/pkinit_tests.py delete mode 100644 source4/torture/rpc/oxidresolve.c delete mode 100644 source4/torture/rpc/remact.c create mode 100755 testprogs/blackbox/test_ldap_tls_reload.sh Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 667a209b999..29157444b35 100644 --- a/VERSION +++ b/VERSION @@ -77,7 +77,7 @@ SAMBA_VERSION_BETA_RELEASE= # e.g. SAMBA_VERSION_PRE_RELEASE=1 # # -> "2.2.9pre1" # ######################################################## -SAMBA_VERSION_PRE_RELEASE=1 +SAMBA_VERSION_PRE_RELEASE= ######################################################## # For 'rc' releases the version will be # @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=1 # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # ######################################################## -SAMBA_VERSION_RC_RELEASE= +SAMBA_VERSION_RC_RELEASE=2 ######################################################## # To mark SVN snapshots this should be set to 'yes' # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b348217e995..44e7edc2263 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements ===================== -This is the first pre release of Samba 4.19. This is *not* +This is the first release candidate of Samba 4.19. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -64,6 +64,14 @@ Kerberos Claims, Authentication Silos and NTLM authentication policies An initial, partial implementation of Active Directory Functional Level 2012, 2012R2 and 2016 is available in this release. +In particular Samba will issue Active Directory "Claims" in the PAC, +for member servers that support these, and honour in-directory +configuration for Authentication Policies and Authentication Silos. + +The primary limitation is that while Samba can read and write claims +in the directory, and populate the PAC, Samba does not yet use them +for access control decisions. + While we continue to develop these features, existing domains can test the feature by selecting the functional level in provision or raising the DC functional level by setting @@ -90,7 +98,130 @@ samba-tool domain schemaupgrade --schema=2019 samba-tool domain functionalprep --function-level=2016 samba-tool domain level raise --domain-level=2016 --forest-level=2016 +Improved KDC Auditing +--------------------- + +As part of the auditing required to allow successful deployment of +Authentication Policies and Authentication Silos, our KDC now provides +Samba-style JSON audit logging of all issued Kerberos tickets, +including if they would fail a policy that is not yet enforced. +Additionally most failures are audited, (after the initial +pre-validation of the request). + +Kerberos Armoring (FAST) Support for Windows clients +---------------------------------------------------- + +In domains where the domain controller functional level is set, as +above, to 2012, 2012_R2 or 2016, Windows clients will, if configured +via GPO, use FAST to protect user passwords between (in particular) a +workstation and the KDC on the AD DC. This is a significant security +improvement, as weak passwords in an AS-REQ are no longer available +for offline attack. + +Claims compression in the AD PAC +-------------------------------- + +Samba as an AD DC will compress "AD claims" using the same compression +algorithm as Microsoft Windows. + +Resource SID compression in the AD PAC +-------------------------------------- + +Samba as an AD DC will now correctly populate the various PAC group +membership buffers, splitting global and local groups correctly. + +Additionally, Samba marshals Resource SIDs, being local groups in the +member server's own domain, to only consume a header and 4 bytes per +group in the PAC, not a full-length SID worth of space each. This is +known as "Resource SID compression". + +New samba-tool support for silos, claims, sites and subnets. +------------------------------------------------------------ + +samba-tool can now list, show, add and manipulate Authentication Silos +(silos) and Active Directory Authentication Claims (claims). + +samba-tool can now list and show Active Directory sites and subnets. + +A new Object Relational Model (ORM) based architecture, similar to +that used with Django, has been built to make adding new samba-tool +subcommands simpler and more consistent, with JSON output available +standard on these new commands. + +Updated GnuTLS requirement / in-tree cryptography removal +---------------------------------------------------------- + +Samba requires GnuTLS 3.6.13 and prefers GnuTLS 3.6.14 or later. + +This has allowed Samba to remove all of our in-tree cryptography, +except that found in our Heimdal import. Samba's runtime cryptography +needs are now all provided by GnuTLS. + +(The GnuTLS vesion requirement is raised to 3.7.2 on systems without +the Linux getrandom()) + +We also use Python's cryptography module for our testing. +The use of well known cryptography libraries makes Samba easier for +end-users to validate and deploy, and for distributors to ship. This +is the end of a very long journey for Samba. + +Updated Heimdal import +---------------------- + +Samba's Heimdal branch (known as lorikeet-heimdal) has been updated to +the current pre-8.0 (master) tree from upstream Heimdal, ensuring that +this vendored copy, included in our release remains as close as +possible to the current upstream code. + +Revocation support in Heimdal KDC for PKINIT certificates +--------------------------------------------------------- + +Samba will now correctly honour the revocation of 'smart card' +certificates used for PKINIT Kerberos authentication. + +This list is reloaded each time the file changes, so no further action +other than replacing the file is required. The additional krb5.conf +option is: + + [kdc] + pkinit_revoke = FILE:/path/to/crl.pem + +Information on the "Smart Card login" feature as a whole is at: + https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login + +Protocol level testsuite for (Smart Card Logon) PKINIT +------------------------------------------------------ + +Previously Samba's PKINIT support in the KDC was tested by use of +shell scripts around the client tools of MIT or Heimdal Kerberos. +Samba's independently written python testsuite has been extended to +validate KDC behaviour for PKINIT. + +Require encrypted connection to modify unicodePwd on the AD DC +-------------------------------------------------------------- + +Setting the password on an AD account on should never be attempted +over a plaintext or signed-only LDAP connection. If the unicodePwd +(or userPassword) attribute is modified without encryption (as seen by +Samba), the request will be rejected. This is to encourage the +administrator to use an encrypted connection in the future. + +NOTE WELL: If Samba is accessed via a TLS frontend or load balancer, +the LDAP request will be regarded as plaintext. + +Samba AD TLS Certificates can be reloaded +----------------------------------------- + +The TLS certificates used for Samba's AD DC LDAP server were +previously only read on startup, and this meant that when then expired +it was required to restart Samba, disrupting service to other users. + + smbcontrol ldap_server reload-certs + +This will now allow these certificates to be reloaded 'on the fly' + +================ REMOVED FEATURES ================ diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c index c0631b43061..796b52ea905 100644 --- a/auth/credentials/credentials_krb5.c +++ b/auth/credentials/credentials_krb5.c @@ -945,7 +945,8 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, maj_stat = gss_krb5_set_allowable_enctypes(&min_stat, gcc->creds, num_ktypes, (int32_t *) etypes); - SAFE_FREE(etypes); + krb5_free_enctypes(ccache->smb_krb5_context->krb5_context, + etypes); if (maj_stat) { talloc_free(gcc); if (min_stat) { diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c index b87cdc06a93..bd877941a9a 100644 --- a/auth/credentials/pycredentials.c +++ b/auth/credentials/pycredentials.c @@ -1589,7 +1589,7 @@ static PyObject *py_ccache_name(PyObject *self, PyObject *unused) ccc->ccache, &name); if (ret == 0) { py_name = PyString_FromStringOrNULL(name); - SAFE_FREE(name); + krb5_free_string(ccc->smb_krb5_context->krb5_context, name); } else { PyErr_SetString(PyExc_RuntimeError, "Failed to get ccache name"); diff --git a/ctdb/config/events/README b/ctdb/config/events/README index 6ee6e6fae78..6553830326a 100644 --- a/ctdb/config/events/README +++ b/ctdb/config/events/README @@ -54,7 +54,7 @@ setup Failure of this event will cause CTDB to terminate. - Example: 00.ctdb processes tunables defined in ctdb.tunables. + Example: 11.natgw checks that it has valid configuration startup diff --git a/ctdb/config/functions b/ctdb/config/functions index 3e46fb496a3..56105aab165 100755 --- a/ctdb/config/functions +++ b/ctdb/config/functions @@ -2,9 +2,9 @@ # utility functions for ctdb event scripts -if [ -z "$CTDB_BASE" ] ; then - echo 'CTDB_BASE unset in CTDB functions file' - exit 1 +if [ -z "$CTDB_BASE" ]; then + echo 'CTDB_BASE unset in CTDB functions file' + exit 1 fi export CTDB_BASE @@ -16,24 +16,24 @@ CTDB="${CTDB:-/usr/local/bin/ctdb}" # Only (and always) override these variables in test code -if [ -z "$CTDB_SCRIPT_VARDIR" ] ; then - CTDB_SCRIPT_VARDIR="/usr/local/var/lib/ctdb/scripts" +if [ -z "$CTDB_SCRIPT_VARDIR" ]; then + CTDB_SCRIPT_VARDIR="/usr/local/var/lib/ctdb/scripts" fi -if [ -z "$CTDB_SYS_ETCDIR" ] ; then - CTDB_SYS_ETCDIR="/etc" +if [ -z "$CTDB_SYS_ETCDIR" ]; then + CTDB_SYS_ETCDIR="/etc" fi -if [ -z "$CTDB_HELPER_BINDIR" ] ; then - CTDB_HELPER_BINDIR="/usr/local/libexec/ctdb" +if [ -z "$CTDB_HELPER_BINDIR" ]; then + CTDB_HELPER_BINDIR="/usr/local/libexec/ctdb" fi ####################################### # pull in a system config file, if any -load_system_config () +load_system_config() { - for _i ; do + for _i; do if [ -f "${CTDB_SYS_ETCDIR}/sysconfig/${_i}" ]; then . "${CTDB_SYS_ETCDIR}/sysconfig/${_i}" @@ -48,11 +48,11 @@ load_system_config () # load_script_options [ component script ] # script is an event script name relative to a component # component is currently ignored -load_script_options () +load_script_options() { - if [ $# -eq 2 ] ; then + if [ $# -eq 2 ]; then _script="$2" - elif [ $# -eq 0 ] ; then + elif [ $# -eq 0 ]; then _script="" else die "usage: load_script_options [ component script ]" @@ -60,92 +60,100 @@ load_script_options () _options="${CTDB_BASE}/script.options" - if [ -r "$_options" ] ; then + if [ -r "$_options" ]; then . "$_options" fi - if [ -n "$_script" ] ; then + if [ -n "$_script" ]; then _s="${CTDB_BASE}/events/legacy/${_script}" else _s="${0%.script}" fi _options="${_s}.options" - if [ -r "$_options" ] ; then + if [ -r "$_options" ]; then . "$_options" fi } ############################################################## -die () +die() { - _msg="$1" - _rc="${2:-1}" + _msg="$1" + _rc="${2:-1}" - echo "$_msg" >&2 - exit "$_rc" + echo "$_msg" >&2 + exit "$_rc" } # Log given message or stdin to either syslog or a CTDB log file # $1 is the tag passed to logger if syslog is in use. -script_log () -{ - _tag="$1" ; shift - - case "$CTDB_LOGGING" in - file:*|"") - if [ -n "$CTDB_LOGGING" ] ; then - _file="${CTDB_LOGGING#file:}" - else - _file="/usr/local/var/log/log.ctdb" - fi - { +script_log() +{ + _tag="$1" + shift + + case "$CTDB_LOGGING" in + file:) if [ -n "$*" ] ; then - echo "$*" + echo "$*" + else + cat + fi >&2 + ;; + file:* | "") + if [ -n "$CTDB_LOGGING" ]; then + _file="${CTDB_LOGGING#file:}" else - cat + _file="/usr/local/var/log/log.ctdb" fi - } >>"$_file" - ;; + { + if [ -n "$*" ]; then + echo "$*" + else + cat + fi + } >>"$_file" + ;; *) - # Handle all syslog:* variants here too. There's no tool to do - # the lossy things, so just use logger. - logger -t "ctdbd: ${_tag}" "$@" - ;; - esac + # Handle all syslog:* variants here too. There's no tool to do + # the lossy things, so just use logger. + logger -t "ctdbd: ${_tag}" "$@" + ;; + esac } # When things are run in the background in an eventscript then logging # output might get lost. This is the "solution". :-) -background_with_logging () +background_with_logging() { - ( - "$@" 2>&1 </dev/null | - script_log "${script_name}&" - )& + ( + "$@" 2>&1 </dev/null | + script_log "${script_name}&" + ) & - return 0 + return 0 } ############################################################## # check number of args for different events -ctdb_check_args () +ctdb_check_args() { - case "$1" in - takeip|releaseip) - if [ $# != 4 ]; then - echo "ERROR: must supply interface, IP and maskbits" - exit 1 - fi - ;; + case "$1" in + takeip | releaseip) + if [ $# != 4 ]; then + echo "ERROR: must supply interface, IP and maskbits" + exit 1 + fi + ;; updateip) - if [ $# != 5 ]; then - echo "ERROR: must supply old interface, new interface, IP and maskbits" - exit 1 - fi - ;; - esac + if [ $# != 5 ]; then + echo "ERROR: must supply old interface, new interface, IP and maskbits" + exit 1 + fi + ;; + esac } ############################################################## @@ -153,7 +161,7 @@ ctdb_check_args () detect_init_style() { # only do detection if not already set: - if [ -n "$CTDB_INIT_STYLE" ] ; then + if [ -n "$CTDB_INIT_STYLE" ]; then return fi @@ -170,100 +178,100 @@ detect_init_style() # simulate /sbin/service on platforms that don't have it # _service() makes it easier to hook the service() function for # testing. -_service () +_service() { - _service_name="$1" - _op="$2" - - # do nothing, when no service was specified - [ -z "$_service_name" ] && return - - if [ -x /sbin/service ]; then - $_nice /sbin/service "$_service_name" "$_op" - elif [ -x /usr/sbin/service ]; then - $_nice /usr/sbin/service "$_service_name" "$_op" - elif [ -x /bin/systemctl ]; then - $_nice /bin/systemctl "$_op" "$_service_name" - elif [ -x "${CTDB_SYS_ETCDIR}/init.d/${_service_name}" ]; then - $_nice "${CTDB_SYS_ETCDIR}/init.d/${_service_name}" "$_op" - elif [ -x "${CTDB_SYS_ETCDIR}/rc.d/init.d/${_service_name}" ]; then - $_nice "${CTDB_SYS_ETCDIR}/rc.d/init.d/${_service_name}" "$_op" - fi + _service_name="$1" + _op="$2" + + # do nothing, when no service was specified + [ -z "$_service_name" ] && return + + if [ -x /sbin/service ]; then + $_nice /sbin/service "$_service_name" "$_op" + elif [ -x /usr/sbin/service ]; then + $_nice /usr/sbin/service "$_service_name" "$_op" + elif [ -x /bin/systemctl ]; then + $_nice /bin/systemctl "$_op" "$_service_name" + elif [ -x "${CTDB_SYS_ETCDIR}/init.d/${_service_name}" ]; then + $_nice "${CTDB_SYS_ETCDIR}/init.d/${_service_name}" "$_op" + elif [ -x "${CTDB_SYS_ETCDIR}/rc.d/init.d/${_service_name}" ]; then + $_nice "${CTDB_SYS_ETCDIR}/rc.d/init.d/${_service_name}" "$_op" + fi } service() { - _nice="" - _service "$@" + _nice="" + _service "$@" } ###################################################### # simulate /sbin/service (niced) on platforms that don't have it nice_service() { -- Samba Shared Repository