Re: s3: Avoid a winbind 100% cpu loop
Hi Volker, > - Log - > commit fbf17489844a5cfc6d1da8c431ce0194ed4c3f72 > Author: Volker Lendecke > Date: Tue Oct 18 21:36:44 2011 +0200 > > s3: Avoid a winbind 100% cpu loop > > When a DC goes down hard, winbind can end up in a 100% CPU loop. The next > (small) RPC request to the DC ends up as a trans2 request. If the > connection > goes down, we end up trying to discard the request via the loop in > cli_state_notify_pending(). Because this is a trans2 request, > cli_smb_req_unset_pending will not kick in. Thus the pending array will > always > remain at length 1. > > Autobuild-User: Volker Lendecke > Autobuild-Date: Wed Oct 19 01:39:35 CEST 2011 on sn-devel-104 > > --- > > Summary of changes: > source3/libsmb/async_smb.c |8 > 1 files changed, 8 insertions(+), 0 deletions(-) > > > Changeset truncated at 500 lines: > > diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c > index efeb328..dce1b74 100644 > --- a/source3/libsmb/async_smb.c > +++ b/source3/libsmb/async_smb.c > @@ -287,6 +287,14 @@ static void cli_state_notify_pending(struct cli_state > *cli, NTSTATUS status) > req = cli->conn.pending[0]; > state = tevent_req_data(req, struct cli_smb_state); > > + if (NT_STATUS_EQUAL(status, NT_STATUS_PIPE_BROKEN)) { > + /* > + * We're dead. No point waiting for trans2 > + * replies. > + */ > + state->mid = 0; > + } > + > cli_smb_req_unset_pending(req); Good catch, thanks! Is there a reason why you only use state->mid = 0; on PIPE_BROKEN? As cli_state_notify_pending() calls cli_state_disconnect(), I think we should always use state->mid = 0; without looking at the status. metze signature.asc Description: OpenPGP digital signature
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 416bf1c samba.getopt: Add some basic tests. via aa7240e samba.getopt: Keep exception message when setting a lp option fails. via eb388cd samba-tool: Improve getopt.py error handling via 20f2034 samba-tool: Improve getopt.py error handling via 8dbf799 samba-tool: Improve getopt.py error handling via 0c342f8 samba-tool: Improve getopt.py error handling from e1d2b47 s3-docs: Add a clarification note for nss_info primary group membership calculation. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 416bf1c677e52b52c1447bb0901f9a12930abdf4 Author: Jelmer Vernooij Date: Wed Oct 19 03:35:22 2011 +0200 samba.getopt: Add some basic tests. Autobuild-User: Jelmer Vernooij Autobuild-Date: Wed Oct 19 05:04:33 CEST 2011 on sn-devel-104 commit aa7240e6cf9d2fcec660116f891fc9c7d6ce39bc Author: Jelmer Vernooij Date: Wed Oct 19 01:30:40 2011 +0200 samba.getopt: Keep exception message when setting a lp option fails. commit eb388cddacb42ae30f4ebb2fc846982132d3ad06 Author: Giampaolo Lauria Date: Mon Oct 17 15:34:47 2011 -0400 samba-tool: Improve getopt.py error handling Modified code to handle -k and --kerberos options to: 1. Throw the correct exception 2. On error, display the correct user's specified option commit 20f2034f380cf13b41ad5054a50edef72e18a6c2 Author: Giampaolo Lauria Date: Mon Oct 17 15:31:30 2011 -0400 samba-tool: Improve getopt.py error handling Throw an exception when the --option value is invalid commit 8dbf79941f029e7ddcb347c7436038c47eb8115e Author: Giampaolo Lauria Date: Mon Oct 17 15:28:52 2011 -0400 samba-tool: Improve getopt.py error handling Throw an exception when --option value is not in the form "a=b" commit 0c342f89860a4f64faf62340741b740603907c0e Author: Giampaolo Lauria Date: Mon Oct 17 15:22:01 2011 -0400 samba-tool: Improve getopt.py error handling Raise exception when -d or --debuglevel value is <0 --- Summary of changes: source4/scripting/python/samba/getopt.py | 22 ++--- source4/scripting/python/samba/tests/getopt.py | 57 source4/selftest/tests.py |1 + 3 files changed, 73 insertions(+), 7 deletions(-) create mode 100644 source4/scripting/python/samba/tests/getopt.py Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/getopt.py b/source4/scripting/python/samba/getopt.py index f939180..8a9d4e5 100644 --- a/source4/scripting/python/samba/getopt.py +++ b/source4/scripting/python/samba/getopt.py @@ -64,6 +64,9 @@ class SambaOptions(optparse.OptionGroup): self._configfile = arg def _set_debuglevel(self, option, opt_str, arg, parser): +if arg < 0: +raise optparse.OptionValueError("invalid %s option value: %s" % +(opt_str, arg)) self._lp.set('debug level', str(arg)) def _set_realm(self, option, opt_str, arg, parser): @@ -72,10 +75,14 @@ class SambaOptions(optparse.OptionGroup): def _set_option(self, option, opt_str, arg, parser): if arg.find('=') == -1: -print("--option takes a 'a=b' argument") -sys.exit(1) +raise optparse.OptionValueError( +"--option option takes a 'a=b' argument") a = arg.split('=') -self._lp.set(a[0], a[1]) +try: +self._lp.set(a[0], a[1]) +except Exception, e: +raise optparse.OptionValueError( +"invalid --option option value %r: %s" % (arg, e)) def get_loadparm(self): """Return loadparm object with data specified on the command line.""" @@ -105,7 +112,7 @@ class VersionOptions(optparse.OptionGroup): sys.exit(0) -def parse_kerberos_arg(arg): +def parse_kerberos_arg(arg, opt_str): if arg.lower() in ["yes", 'true', '1']: return MUST_USE_KERBEROS elif arg.lower() in ["no", 'false', '0']: @@ -113,7 +120,8 @@ def parse_kerberos_arg(arg): elif arg.lower() in ["auto"]: return AUTO_USE_KERBEROS else: -raise optparse.BadOptionError("invalid kerberos option: %s" % arg) +raise optparse.OptionValueError("invalid %s option value: %s" % +(opt_str, arg)) class CredentialsOptions(optparse.OptionGroup): @@ -159,7 +167,7 @@ class CredentialsOptions(optparse.OptionGroup): self.ipaddress = arg def _set_kerberos(self, option, opt_str, arg, parser): -self.creds.set_kerberos_state(parse_kerberos_arg(arg)) +self.creds.set_kerberos_state(parse_kerberos_arg(arg, opt_str)) def _set_simple_bind_dn(self, option, opt_str, arg, parser): self.creds.s
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e1d2b47 s3-docs: Add a clarification note for nss_info primary group membership calculation. via 5543e6c s3-docs: Document Services for Unix 2.0 (sfu20) nss_info ldap schema support. from fbf1748 s3: Avoid a winbind 100% cpu loop http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e1d2b47693375760473829056650bfe44f277a18 Author: Günther Deschner Date: Wed Oct 19 00:31:07 2011 +0200 s3-docs: Add a clarification note for nss_info primary group membership calculation. Guenther Autobuild-User: Günther Deschner Autobuild-Date: Wed Oct 19 03:10:40 CEST 2011 on sn-devel-104 commit 5543e6c8e5e642b97339ab03a39431c63c949502 Author: Günther Deschner Date: Wed Oct 19 00:19:58 2011 +0200 s3-docs: Document Services for Unix 2.0 (sfu20) nss_info ldap schema support. Guenther --- Summary of changes: docs-xml/manpages-3/idmap_ad.8.xml |7 ++- docs-xml/smbdotconf/winbind/winbindnssinfo.xml |8 +--- 2 files changed, 11 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/idmap_ad.8.xml b/docs-xml/manpages-3/idmap_ad.8.xml index fbadaf2..96a093d 100644 --- a/docs-xml/manpages-3/idmap_ad.8.xml +++ b/docs-xml/manpages-3/idmap_ad.8.xml @@ -60,12 +60,17 @@ - schema_mode =+ schema_mode = Defines the schema that idmap_ad should use when querying Active Directory regarding user and group information. This can be either the RFC2307 schema support included in Windows 2003 R2 or the Service for Unix (SFU) schema. + For SFU 3.0 or 3.5 please choose "sfu", for SFU 2.0 + please choose "sfu20". + + Please note that primary group membership is currently always calculated + via the "primaryGroupID" LDAP attribute. diff --git a/docs-xml/smbdotconf/winbind/winbindnssinfo.xml b/docs-xml/smbdotconf/winbind/winbindnssinfo.xml index 318727c..ceff0f6 100644 --- a/docs-xml/smbdotconf/winbind/winbindnssinfo.xml +++ b/docs-xml/smbdotconf/winbind/winbindnssinfo.xml @@ -18,14 +18,16 @@ - + - When Samba is running in security = ads and your Active Directory Domain Controller does support the Microsoft "Services for Unix" (SFU) LDAP schema, winbind can retrieve the login shell and the home - directory attributes directly from your Directory Server. Note that + directory attributes directly from your Directory Server. For SFU 3.0 or 3.5 simply choose + "sfu", if you use SFU 2.0 please choose "sfu20". Note that retrieving UID and GID from your ADS-Server requires to use idmap config DOMAIN:backend = ad - as well. + as well. The primary group membership is currently + always calculated via the "primaryGroupID" LDAP attribute. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fbf1748 s3: Avoid a winbind 100% cpu loop from 8d54bdb vfs_netatalk should be using strstr_m, not strstr to find .AppleDouble paths. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fbf17489844a5cfc6d1da8c431ce0194ed4c3f72 Author: Volker Lendecke Date: Tue Oct 18 21:36:44 2011 +0200 s3: Avoid a winbind 100% cpu loop When a DC goes down hard, winbind can end up in a 100% CPU loop. The next (small) RPC request to the DC ends up as a trans2 request. If the connection goes down, we end up trying to discard the request via the loop in cli_state_notify_pending(). Because this is a trans2 request, cli_smb_req_unset_pending will not kick in. Thus the pending array will always remain at length 1. Autobuild-User: Volker Lendecke Autobuild-Date: Wed Oct 19 01:39:35 CEST 2011 on sn-devel-104 --- Summary of changes: source3/libsmb/async_smb.c |8 1 files changed, 8 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c index efeb328..dce1b74 100644 --- a/source3/libsmb/async_smb.c +++ b/source3/libsmb/async_smb.c @@ -287,6 +287,14 @@ static void cli_state_notify_pending(struct cli_state *cli, NTSTATUS status) req = cli->conn.pending[0]; state = tevent_req_data(req, struct cli_smb_state); + if (NT_STATUS_EQUAL(status, NT_STATUS_PIPE_BROKEN)) { + /* +* We're dead. No point waiting for trans2 +* replies. +*/ + state->mid = 0; + } + cli_smb_req_unset_pending(req); /* -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8d54bdb vfs_netatalk should be using strstr_m, not strstr to find .AppleDouble paths. via f5ae41d The last argument to atalk_build_paths() is always false, remove it. from 47aa9ed lib/util: skip single hex digit at the end of the input sting - fix potential segfault http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8d54bdb5e199b2198990ee8d572662a128506337 Author: Jeremy Allison Date: Tue Oct 18 11:54:53 2011 -0700 vfs_netatalk should be using strstr_m, not strstr to find .AppleDouble paths. Autobuild-User: Jeremy Allison Autobuild-Date: Wed Oct 19 00:05:45 CEST 2011 on sn-devel-104 commit f5ae41d8235fe54ca04542877059aaa2e287b0c2 Author: Jeremy Allison Date: Tue Oct 18 11:24:35 2011 -0700 The last argument to atalk_build_paths() is always false, remove it. --- Summary of changes: source3/modules/vfs_netatalk.c | 31 ++- 1 files changed, 14 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_netatalk.c b/source3/modules/vfs_netatalk.c index 8d2c9b7..3e5606b 100644 --- a/source3/modules/vfs_netatalk.c +++ b/source3/modules/vfs_netatalk.c @@ -34,8 +34,7 @@ static int atalk_build_paths(TALLOC_CTX *ctx, const char *path, const char *fname, char **adbl_path, char **orig_path, SMB_STRUCT_STAT *adbl_info, -SMB_STRUCT_STAT *orig_info, -bool fake_dir_create_times); +SMB_STRUCT_STAT *orig_info); static int atalk_unlink_file(const char *path); @@ -61,8 +60,7 @@ static int atalk_build_paths(TALLOC_CTX *ctx, const char *path, const char *fname, char **adbl_path, char **orig_path, SMB_STRUCT_STAT *adbl_info, -SMB_STRUCT_STAT *orig_info, -bool fake_dir_create_times) +SMB_STRUCT_STAT *orig_info) { int ptr0 = 0; int ptr1 = 0; @@ -75,7 +73,7 @@ static int atalk_build_paths(TALLOC_CTX *ctx, const char *path, #if 0 DEBUG(3, ("ATALK: PATH: %s[%s]\n", path, fname)); #endif - if (strstr(path, APPLEDOUBLE) || strstr(fname, APPLEDOUBLE)) { + if (strstr_m(path, APPLEDOUBLE) || strstr_m(fname, APPLEDOUBLE)) { DEBUG(3, ("ATALK: path %s[%s] already contains %s\n", path, fname, APPLEDOUBLE)); return -1; } @@ -88,7 +86,7 @@ static int atalk_build_paths(TALLOC_CTX *ctx, const char *path, /* get pointer to last '/' */ ptr1 = atalk_get_path_ptr(*orig_path); - sys_lstat(*orig_path, orig_info, fake_dir_create_times); + sys_lstat(*orig_path, orig_info, false); if (S_ISDIR(orig_info->st_ex_mode)) { *adbl_path = talloc_asprintf(ctx, "%s/%s/%s/", @@ -103,7 +101,7 @@ static int atalk_build_paths(TALLOC_CTX *ctx, const char *path, #if 0 DEBUG(3, ("ATALK: DEBUG:\n%s\n%s\n", *orig_path, *adbl_path)); #endif - sys_lstat(*adbl_path, adbl_info, fake_dir_create_times); + sys_lstat(*adbl_path, adbl_info, false); return 0; } @@ -128,7 +126,7 @@ static void atalk_add_to_list(name_compare_entry **list) if (cur_list) { for (i = 0, count = 0; cur_list[i].name; i ++, count ++) { - if (strstr(cur_list[i].name, APPLEDOUBLE)) + if (strstr_m(cur_list[i].name, APPLEDOUBLE)) return; } } @@ -237,7 +235,7 @@ static int atalk_rmdir(struct vfs_handle_struct *handle, const char *path) * from this module, gotta use talloc stuff.. */ - strstr(path, APPLEDOUBLE) ? (add = False) : (add = True); + strstr_m(path, APPLEDOUBLE) ? (add = False) : (add = True); if (!(ctx = talloc_init("remove_directory"))) goto exit_rmdir; @@ -276,7 +274,7 @@ static int atalk_rename(struct vfs_handle_struct *handle, if (atalk_build_paths(talloc_tos(), handle->conn->origpath, oldname, &adbl_path, &orig_path, &adbl_info, - &orig_info, false) != 0) + &orig_info) != 0) goto exit_rename; if (S_ISDIR(orig_info.st_ex_mode) || S_ISREG(orig_info.st_ex_mode)) { @@ -319,13 +317,13 @@ static int atalk_unlink(struct vfs_handle_struct *handle, if (!handle->conn->hide_list) return ret; for (i = 0; handle->conn->veto_list[i].name; i ++) { - if (strstr(handle->conn->veto_list[i].name, APPLEDOUBLE)) + if (strstr_m(handle->conn-
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 47aa9ed lib/util: skip single hex digit at the end of the input sting - fix potential segfault via cb47890 lib/util: fix function header comment to strhex_to_str() via 5d91a26 lib/util: untangle assignent from check in strhex_to_str() via 196fd14 s3-util: dbwrap_tool: add fetch fuctions for hex and string via 140b5d7 s3-util: dbwrap_tool: add store hex function via 4874e1f selftest:Samba3: fix signature for check_or_start() via dd6b413 selftest:Samba3: fix a message printed when starting winbindd from 605d7d9 pdb-interface: Do not use unid_t here http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 47aa9ed82f67758c3b4d9ab46dd8dd65508a10eb Author: Michael Adam Date: Tue Oct 18 18:10:00 2011 +0200 lib/util: skip single hex digit at the end of the input sting - fix potential segfault The second of two digits was read without checking for the length of the input string. For a non-zero-terminated input string, this might have caused a segfault. Autobuild-User: Michael Adam Autobuild-Date: Tue Oct 18 22:32:59 CEST 2011 on sn-devel-104 commit cb47890cf2734afff502cf8b95635ebc75bc5974 Author: Michael Adam Date: Tue Oct 18 18:07:54 2011 +0200 lib/util: fix function header comment to strhex_to_str() The description did not match the function's behaviour. commit 5d91a2680e594d47ed137b45f79738bddb641cea Author: Michael Adam Date: Tue Oct 18 18:03:10 2011 +0200 lib/util: untangle assignent from check in strhex_to_str() commit 196fd147888efec3e1f79efd1e54f5a99e3dd544 Author: Björn Baumbach Date: Mon Oct 17 16:08:38 2011 +0200 s3-util: dbwrap_tool: add fetch fuctions for hex and string Signed-off-by: Michael Adam commit 140b5d790a8d87eb59e117ad25c7c441f887d6fc Author: Björn Baumbach Date: Mon Oct 17 16:05:52 2011 +0200 s3-util: dbwrap_tool: add store hex function Allows the user to store hex blobs in a tdb. Signed-off-by: Michael Adam commit 4874e1f5b3a4b959050012d5135be7c1df38552b Author: Michael Adam Date: Tue Oct 18 11:37:25 2011 +0200 selftest:Samba3: fix signature for check_or_start() commit dd6b413a57f76abb92110fcce67c957084db80b3 Author: Michael Adam Date: Tue Oct 18 11:34:22 2011 +0200 selftest:Samba3: fix a message printed when starting winbindd --- Summary of changes: lib/util/util.c | 28 ++- selftest/target/Samba3.pm |4 +- source3/utils/dbwrap_tool.c | 107 +- 3 files changed, 122 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/util.c b/lib/util/util.c index b700f37..133bd0d 100644 --- a/lib/util/util.c +++ b/lib/util/util.c @@ -689,15 +689,15 @@ _PUBLIC_ _PURE_ size_t count_chars(const char *s, char c) } /** - Routine to get hex characters and turn them into a 16 byte array. - the array can be variable length, and any non-hex-numeric - characters are skipped. "0xnn" or "0Xnn" is specially catered - for. - - valid examples: "0A5D15"; "0x15, 0x49, 0xa2"; "59\ta9\te3\n" - - -**/ + * Routine to get hex characters and turn them into a byte array. + * the array can be variable length. + * - "0xnn" or "0Xnn" is specially catered for. + * - The first non-hex-digit character (apart from possibly leading "0x" + * finishes the conversion and skips the rest of the input. + * - A single hex-digit character at the end of the string is skipped. + * + * valid examples: "0A5D15"; "0x123456" + */ _PUBLIC_ size_t strhex_to_str(char *p, size_t p_len, const char *strhex, size_t strhex_len) { size_t i = 0; @@ -711,14 +711,18 @@ _PUBLIC_ size_t strhex_to_str(char *p, size_t p_len, const char *strhex, size_t i += 2; /* skip two chars */ } - for (; i < strhex_len && strhex[i] != 0; i++) { - if (!(p1 = strchr(hexchars, toupper((unsigned char)strhex[i] + for (; i+1 < strhex_len && strhex[i] != 0 && strhex[i+1] != 0; i++) { + p1 = strchr(hexchars, toupper((unsigned char)strhex[i])); + if (p1 == NULL) { break; + } i++; /* next hex digit */ - if (!(p2 = strchr(hexchars, toupper((unsigned char)strhex[i] + p2 = strchr(hexchars, toupper((unsigned char)strhex[i])); + if (p2 == NULL) { break; + } /* get the two nybbles */ hinybble = PTR_DIFF(p1, hexchars); diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index c17455d..2f23ae3 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -556,7 +556,7 @@ sub read_pid($$) return $pid;
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 605d7d9 pdb-interface: Do not use unid_t here from 94799db s3-auth move the s3 auth context onto gensec_ntlmssp once we start http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 605d7d965a33d6a4be632dde9b15abb42801fdaf Author: Simo Sorce Date: Tue Oct 18 10:44:52 2011 -0400 pdb-interface: Do not use unid_t here This interface needs to be publicly available, unid_t here is not really useful and makes it harder to use it as unid_t is not a public union. Autobuild-User: Simo Sorce Autobuild-Date: Tue Oct 18 20:57:16 CEST 2011 on sn-devel-104 --- Summary of changes: source3/include/passdb.h|4 ++-- source3/passdb/lookup_sid.c | 14 -- source3/passdb/pdb_ads.c| 13 ++--- source3/passdb/pdb_interface.c | 36 source3/passdb/pdb_ldap.c | 15 --- source3/passdb/pdb_samba4.c | 13 ++--- source3/passdb/py_passdb.c |7 --- source3/winbindd/idmap_passdb.c |9 + 8 files changed, 59 insertions(+), 52 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/passdb.h b/source3/include/passdb.h index cd3880c..70b21c9 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -563,7 +563,7 @@ struct pdb_methods bool (*gid_to_sid)(struct pdb_methods *methods, gid_t gid, struct dom_sid *sid); bool (*sid_to_id)(struct pdb_methods *methods, const struct dom_sid *sid, - union unid_t *id, enum lsa_SidType *type); + uid_t *uid, gid_t *gid, enum lsa_SidType *type); uint32_t (*capabilities)(struct pdb_methods *methods); bool (*new_rid)(struct pdb_methods *methods, uint32_t *rid); @@ -868,7 +868,7 @@ bool pdb_set_account_policy(enum pdb_policy_type type, uint32_t value); bool pdb_get_seq_num(time_t *seq_num); bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid); bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid); -bool pdb_sid_to_id(const struct dom_sid *sid, union unid_t *id, +bool pdb_sid_to_id(const struct dom_sid *sid, uid_t *uid, gid_t *gid, enum lsa_SidType *type); uint32_t pdb_capabilities(void); bool pdb_new_rid(uint32_t *rid); diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index a02c941..cfc78ad 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1193,11 +1193,12 @@ static bool legacy_sid_to_uid(const struct dom_sid *psid, uid_t *puid) enum lsa_SidType type; if (sid_check_is_in_our_domain(psid)) { - union unid_t id; + uid_t uid; + gid_t gid; bool ret; become_root(); - ret = pdb_sid_to_id(psid, &id, &type); + ret = pdb_sid_to_id(psid, &uid, &gid, &type); unbecome_root(); if (ret) { @@ -1207,7 +1208,7 @@ static bool legacy_sid_to_uid(const struct dom_sid *psid, uid_t *puid) sid_type_lookup(type))); return false; } - *puid = id.uid; + *puid = uid; goto done; } @@ -1234,7 +1235,6 @@ done: static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid) { GROUP_MAP *map; - union unid_t id; enum lsa_SidType type; map = talloc_zero(NULL, GROUP_MAP); @@ -1260,10 +1260,12 @@ static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid) } if (sid_check_is_in_our_domain(psid)) { + uid_t uid; + gid_t gid; bool ret; become_root(); - ret = pdb_sid_to_id(psid, &id, &type); + ret = pdb_sid_to_id(psid, &uid, &gid, &type); unbecome_root(); if (ret) { @@ -1274,7 +1276,7 @@ static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid) sid_type_lookup(type))); return false; } - *pgid = id.gid; + *pgid = gid; goto done; } diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c index 5742534..8dc9585 100644 --- a/source3/passdb/pdb_ads.c +++ b/source3/passdb/pdb_ads.c @@ -2204,7 +2204,7 @@ static bool pdb_ads_gid_to_sid(struct pdb_methods *m, gid_t gid, } static bool pdb_ads_sid_to_id(struct pdb_methods *m, const struct dom_sid *sid, - union unid_t *id, enum lsa_SidType *type) +
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 06e007d WHATSNEW: Update changes since 3.6.0. from 51f87fc s3/doc: add man page for aio_fork vfs module http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 06e007da09f5162dc2fea60e2c799b516ce475e2 Author: Karolin Seeger Date: Tue Oct 18 20:45:34 2011 +0200 WHATSNEW: Update changes since 3.6.0. Karolin --- Summary of changes: WHATSNEW.txt |5 + 1 files changed, 5 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2474e04..53c1cc4 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -80,7 +80,12 @@ o David Disseldorp * BUG 8520: Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements. +o Wilco Baan Hofman +* BUG 8455: Fix uninitialized memory problem in group_sids_to_info3. + + o Björn Jacke +* BUG 8256: Add man vfs_aio_fork. * BUG 8363: Fix build of vfs_prealloc on SLES8. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via e07423a s3-docs: Adapt version... from c48f8ae s3/doc: add man page for aio_fork vfs module http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit e07423a0d55437fcc85d205214315a21d452cee7 Author: Karolin Seeger Date: Tue Oct 18 20:39:49 2011 +0200 s3-docs: Adapt version... in man vfs_aio_fork. Karolin --- Summary of changes: docs-xml/manpages-3/vfs_aio_fork.8.xml |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/vfs_aio_fork.8.xml b/docs-xml/manpages-3/vfs_aio_fork.8.xml index af69d9a..6eeebef 100644 --- a/docs-xml/manpages-3/vfs_aio_fork.8.xml +++ b/docs-xml/manpages-3/vfs_aio_fork.8.xml @@ -7,7 +7,7 @@ 8 Samba System Administration tools - 3.6 + 3.5 @@ -69,7 +69,7 @@ VERSION - This man page is correct for version 3.6.0 of the Samba suite. + This man page is correct for version 3.5.0 of the Samba suite. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-5-test updated
The branch, v3-5-test has been updated via c48f8ae s3/doc: add man page for aio_fork vfs module from c6e2256 Fix bug #8515 - Empty CIFS share can be blocked for other clients by deleting it via empty path (DELETE_PENDING until the last client) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log - commit c48f8ae21b8279b9b62aca5e04eb1547c6dbd9c6 Author: Björn Jacke Date: Tue Oct 18 10:54:56 2011 +0200 s3/doc: add man page for aio_fork vfs module thanks to Volker for the content Autobuild-User: Björn Jacke Autobuild-Date: Tue Oct 18 12:24:35 CEST 2011 on sn-devel-104 (cherry picked from commit 56328a4d61c8d0a52f6841097bf8fc4ffd46bfb6) (cherry picked from commit 51f87fce55d160abed6b04ea27f53f254d2db474) Fix bug #8256 (vfs_aio_fork is undocumented). --- Summary of changes: docs-xml/manpages-3/vfs_aio_fork.8.xml | 86 1 files changed, 86 insertions(+), 0 deletions(-) create mode 100644 docs-xml/manpages-3/vfs_aio_fork.8.xml Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/vfs_aio_fork.8.xml b/docs-xml/manpages-3/vfs_aio_fork.8.xml new file mode 100644 index 000..af69d9a --- /dev/null +++ b/docs-xml/manpages-3/vfs_aio_fork.8.xml @@ -0,0 +1,86 @@ + +http://www.samba.org/samba/DTD/samba-doc";> + + + + vfs_aio_fork + 8 + Samba + System Administration tools + 3.6 + + + + + vfs_aio_fork + implement async I/O in Samba vfs + + + + + vfs objects = aio_fork + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The aio_fork VFS module enables async + I/O for Samba on platforms where the system level Posix AIO + interface is insufficient. Posix AIO can suffer from severe + limitations. For example, on some Linux versions the + real-time signals that it uses are broken under heavy load. + Other systems only allow AIO when special kernel modules are + loaded or only allow a certain system-wide amount of async + requests being scheduled. Systems based on glibc (most Linux + systems) only allow a single outstanding request per file + descriptor. + + To work around all these limitations, the aio_fork module + was written. It uses forked helper processes instead of the + internal Posix AIO interface to create asynchronousity for + read and write calls. It has no parameters, it will create + helper processes when async requests come in as needed. Idle + helper processes will be removed every 30 seconds. + + + This module is stackable. + + + + + + EXAMPLES + + Straight forward use: + + + + /data/ice + aio_fork + + + + + + VERSION + + This man page is correct for version 3.6.0 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 51f87fc s3/doc: add man page for aio_fork vfs module from 31c00e9 Fix uninitialized memory problem in group_sids_to_info3 (fixes bug #8455). http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 51f87fce55d160abed6b04ea27f53f254d2db474 Author: Björn Jacke Date: Tue Oct 18 10:54:56 2011 +0200 s3/doc: add man page for aio_fork vfs module thanks to Volker for the content Autobuild-User: Björn Jacke Autobuild-Date: Tue Oct 18 12:24:35 CEST 2011 on sn-devel-104 (cherry picked from commit 56328a4d61c8d0a52f6841097bf8fc4ffd46bfb6) --- Summary of changes: docs-xml/manpages-3/vfs_aio_fork.8.xml | 86 1 files changed, 86 insertions(+), 0 deletions(-) create mode 100644 docs-xml/manpages-3/vfs_aio_fork.8.xml Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/vfs_aio_fork.8.xml b/docs-xml/manpages-3/vfs_aio_fork.8.xml new file mode 100644 index 000..af69d9a --- /dev/null +++ b/docs-xml/manpages-3/vfs_aio_fork.8.xml @@ -0,0 +1,86 @@ + +http://www.samba.org/samba/DTD/samba-doc";> + + + + vfs_aio_fork + 8 + Samba + System Administration tools + 3.6 + + + + + vfs_aio_fork + implement async I/O in Samba vfs + + + + + vfs objects = aio_fork + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The aio_fork VFS module enables async + I/O for Samba on platforms where the system level Posix AIO + interface is insufficient. Posix AIO can suffer from severe + limitations. For example, on some Linux versions the + real-time signals that it uses are broken under heavy load. + Other systems only allow AIO when special kernel modules are + loaded or only allow a certain system-wide amount of async + requests being scheduled. Systems based on glibc (most Linux + systems) only allow a single outstanding request per file + descriptor. + + To work around all these limitations, the aio_fork module + was written. It uses forked helper processes instead of the + internal Posix AIO interface to create asynchronousity for + read and write calls. It has no parameters, it will create + helper processes when async requests come in as needed. Idle + helper processes will be removed every 30 seconds. + + + This module is stackable. + + + + + + EXAMPLES + + Straight forward use: + + + + /data/ice + aio_fork + + + + + + VERSION + + This man page is correct for version 3.6.0 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-6-test updated
The branch, v3-6-test has been updated via 31c00e9 Fix uninitialized memory problem in group_sids_to_info3 (fixes bug #8455). from 47f1e50 WHATSNEW: Update changes since 3.6.0. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log - commit 31c00e9314e735505590f98565dcb5aa58453d0e Author: Wilco Baan Hofman Date: Mon Oct 17 21:24:41 2011 +0200 Fix uninitialized memory problem in group_sids_to_info3 (fixes bug #8455). Autobuild-User: Jeremy Allison Autobuild-Date: Mon Oct 17 23:32:58 CEST 2011 on sn-devel-104 (cherry picked from commit c52b571506874987ba626c25e9692fbe2251b7e2) --- Summary of changes: source3/auth/server_info.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/server_info.c b/source3/auth/server_info.c index c6d68c2..dc5b15f 100644 --- a/source3/auth/server_info.c +++ b/source3/auth/server_info.c @@ -279,8 +279,8 @@ static NTSTATUS group_sids_to_info3(struct netr_SamInfo3 *info3, if (info3->base.primary_gid == rid) continue; /* store domain group rid */ - groups->rids[i].rid = rid; - groups->rids[i].attributes = attributes; + groups->rids[groups->count].rid = rid; + groups->rids[groups->count].attributes = attributes; groups->count++; continue; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 94799db s3-auth move the s3 auth context onto gensec_ntlmssp once we start via fa12756 s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.c via f9b0426 s3-ntlmssp split auth_ntlmssp_client_start() into two parts via fbd s3-rpc_client remove cli_auth_ntlmssp_data_destructor from 56328a4 s3/doc: add man page for aio_fork vfs module http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 94799db9b5d33ded34ad3e934da673a44d48094a Author: Andrew Bartlett Date: Tue Oct 18 16:34:27 2011 +1100 s3-auth move the s3 auth context onto gensec_ntlmssp once we start We do not need it on the auth_ntlmssp_state any longer. Andrew Bartlett Autobuild-User: Andrew Bartlett Autobuild-Date: Tue Oct 18 13:54:36 CEST 2011 on sn-devel-104 commit fa1275610b3c7cad75b5b86ae4b32d8781d1acc0 Author: Andrew Bartlett Date: Tue Oct 18 16:16:02 2011 +1100 s3-libsmb Use a gensec module to provide the ntlmssp client in ntlmssp_wrap.c This removes the need to have if (ans->gensec_security) everywhere. Andrew Bartlett commit f9b042641f9c6615f6a4b102f0182de545d6a19a Author: Andrew Bartlett Date: Mon Oct 17 20:19:11 2011 +1100 s3-ntlmssp split auth_ntlmssp_client_start() into two parts This will allow it to be a wrapper around a gensec module, which requires that they options be set on a context, but before the mechanism is started. This also simplfies the callers, by moving the lp_*() calls into one place. Andrew Bartlett commit fbdade7d54b19bfcdc2addc685abd165eddf Author: Andrew Bartlett Date: Mon Oct 17 20:00:02 2011 +1100 s3-rpc_client remove cli_auth_ntlmssp_data_destructor This can be an ordinary talloc child without causing any problem. This seems to have been inherited from a time when ntlmssp_client_start() returned malloc() based memory. Andrew Bartlett --- Summary of changes: source3/auth/auth_ntlmssp.c|4 +- source3/include/ntlmssp_wrap.h | 17 ++- source3/librpc/crypto/cli_spnego.c | 11 +- source3/libsmb/clifsinfo.c | 11 +- source3/libsmb/ntlmssp_wrap.c | 281 +--- source3/rpc_client/cli_pipe.c | 20 +-- 6 files changed, 229 insertions(+), 115 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 7509840..e22db82 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -406,7 +406,7 @@ NTSTATUS auth_generic_start(struct auth_ntlmssp_state *auth_ntlmssp_state, const talloc_get_type_abort(auth_ntlmssp_state->gensec_security->private_data, struct gensec_ntlmssp_context); - gensec_ntlmssp->auth_context = auth_ntlmssp_state->auth_context; + gensec_ntlmssp->auth_context = talloc_move(gensec_ntlmssp, &auth_ntlmssp_state->auth_context); return NT_STATUS_OK; } @@ -464,7 +464,7 @@ NTSTATUS auth_generic_authtype_start(struct auth_ntlmssp_state *auth_ntlmssp_sta talloc_get_type_abort(auth_ntlmssp_state->gensec_security->private_data, struct gensec_ntlmssp_context); - gensec_ntlmssp->auth_context = auth_ntlmssp_state->auth_context; + gensec_ntlmssp->auth_context = talloc_move(gensec_ntlmssp, &auth_ntlmssp_state->auth_context); return NT_STATUS_OK; } diff --git a/source3/include/ntlmssp_wrap.h b/source3/include/ntlmssp_wrap.h index 863c359..bfbfdeb 100644 --- a/source3/include/ntlmssp_wrap.h +++ b/source3/include/ntlmssp_wrap.h @@ -26,10 +26,12 @@ struct gensec_security; struct auth_ntlmssp_state { /* used only by server implementation */ struct auth_context *auth_context; - struct gensec_security *gensec_security; - + /* used only by the client implementation */ - struct ntlmssp_state *ntlmssp_state; + struct cli_credentials *credentials; + + /* used by both */ + struct gensec_security *gensec_security; }; NTSTATUS auth_ntlmssp_sign_packet(struct auth_ntlmssp_state *ans, @@ -74,9 +76,8 @@ NTSTATUS auth_ntlmssp_update(struct auth_ntlmssp_state *ans, TALLOC_CTX *mem_ctx, const DATA_BLOB request, DATA_BLOB *reply); -NTSTATUS auth_ntlmssp_client_start(TALLOC_CTX *mem_ctx, - const char *netbios_name, - const char *netbios_domain, - bool use_ntlmv2, - struct auth_ntlmssp_state **_ans); +NTSTATUS auth_ntlmssp_client_prepare(TALLOC_CTX *mem_ctx, +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 56328a4 s3/doc: add man page for aio_fork vfs module from 9b407ee s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 56328a4d61c8d0a52f6841097bf8fc4ffd46bfb6 Author: Björn Jacke Date: Tue Oct 18 10:54:56 2011 +0200 s3/doc: add man page for aio_fork vfs module thanks to Volker for the content Autobuild-User: Björn Jacke Autobuild-Date: Tue Oct 18 12:24:35 CEST 2011 on sn-devel-104 --- Summary of changes: docs-xml/manpages-3/vfs_aio_fork.8.xml | 86 1 files changed, 86 insertions(+), 0 deletions(-) create mode 100644 docs-xml/manpages-3/vfs_aio_fork.8.xml Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/vfs_aio_fork.8.xml b/docs-xml/manpages-3/vfs_aio_fork.8.xml new file mode 100644 index 000..af69d9a --- /dev/null +++ b/docs-xml/manpages-3/vfs_aio_fork.8.xml @@ -0,0 +1,86 @@ + +http://www.samba.org/samba/DTD/samba-doc";> + + + + vfs_aio_fork + 8 + Samba + System Administration tools + 3.6 + + + + + vfs_aio_fork + implement async I/O in Samba vfs + + + + + vfs objects = aio_fork + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The aio_fork VFS module enables async + I/O for Samba on platforms where the system level Posix AIO + interface is insufficient. Posix AIO can suffer from severe + limitations. For example, on some Linux versions the + real-time signals that it uses are broken under heavy load. + Other systems only allow AIO when special kernel modules are + loaded or only allow a certain system-wide amount of async + requests being scheduled. Systems based on glibc (most Linux + systems) only allow a single outstanding request per file + descriptor. + + To work around all these limitations, the aio_fork module + was written. It uses forked helper processes instead of the + internal Posix AIO interface to create asynchronousity for + read and write calls. It has no parameters, it will create + helper processes when async requests come in as needed. Idle + helper processes will be removed every 30 seconds. + + + This module is stackable. + + + + + + EXAMPLES + + Straight forward use: + + + + /data/ice + aio_fork + + + + + + VERSION + + This man page is correct for version 3.6.0 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9b407ee s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array from 5954a37 lib/param: Remove parameters for wins and spoolss databases http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9b407ee6d54601aca8ee157c9afc2a1d3e9b07ed Author: Stefan Metzmacher Date: Mon Oct 17 14:20:45 2011 +0200 s4:auth/unix_token: match s3 behavior and add uid/gid to the groups array If mappings use ID_TYPE_BOTH. metze Autobuild-User: Stefan Metzmacher Autobuild-Date: Tue Oct 18 10:39:54 CEST 2011 on sn-devel-104 --- Summary of changes: source4/auth/unix_token.c | 48 +--- 1 files changed, 31 insertions(+), 17 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c index b7657aa..765bf06 100644 --- a/source4/auth/unix_token.c +++ b/source4/auth/unix_token.c @@ -33,28 +33,27 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx, struct security_token *token, struct security_unix_token **sec) { - int i; + uint32_t s, g; NTSTATUS status; struct id_map *ids; struct composite_context *ctx; - *sec = talloc(mem_ctx, struct security_unix_token); /* we can't do unix security without a user and group */ if (token->num_sids < 2) { return NT_STATUS_ACCESS_DENIED; } - ids = talloc_array(mem_ctx, struct id_map, token->num_sids); - NT_STATUS_HAVE_NO_MEMORY(ids); + *sec = talloc_zero(mem_ctx, struct security_unix_token); + if (*sec == NULL) { + return NT_STATUS_NO_MEMORY; + } - (*sec)->ngroups = token->num_sids - 2; - (*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups); - NT_STATUS_HAVE_NO_MEMORY((*sec)->groups); + ids = talloc_zero_array(mem_ctx, struct id_map, token->num_sids); + NT_STATUS_HAVE_NO_MEMORY(ids); - for (i=0;inum_sids;i++) { - ZERO_STRUCT(ids[i].xid); - ids[i].sid = &token->sids[i]; - ids[i].status = ID_UNKNOWN; + for (s=0; s < token->num_sids; s++) { + ids[s].sid = &token->sids[s]; + ids[s].status = ID_UNKNOWN; } ctx = wbc_sids_to_xids_send(wbc_ctx, ids, token->num_sids, ids); @@ -63,8 +62,20 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx, status = wbc_sids_to_xids_recv(ctx, &ids); NT_STATUS_NOT_OK_RETURN(status); - if (ids[0].xid.type == ID_TYPE_BOTH || - ids[0].xid.type == ID_TYPE_UID) { + g = token->num_sids; + if (ids[0].xid.type != ID_TYPE_BOTH) { + g--; + } + (*sec)->ngroups = g; + (*sec)->groups = talloc_array(*sec, gid_t, (*sec)->ngroups); + NT_STATUS_HAVE_NO_MEMORY((*sec)->groups); + + g=0; + if (ids[0].xid.type == ID_TYPE_BOTH) { + (*sec)->uid = ids[0].xid.id; + (*sec)->groups[g] = ids[0].xid.id; + g++; + } else if (ids[0].xid.type == ID_TYPE_UID) { (*sec)->uid = ids[0].xid.id; } else { return NT_STATUS_INVALID_SID; @@ -73,14 +84,17 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx, if (ids[1].xid.type == ID_TYPE_BOTH || ids[1].xid.type == ID_TYPE_GID) { (*sec)->gid = ids[1].xid.id; + (*sec)->groups[g] = ids[1].xid.id; + g++; } else { return NT_STATUS_INVALID_SID; } - for (i=0;i<(*sec)->ngroups;i++) { - if (ids[i+2].xid.type == ID_TYPE_BOTH || - ids[i+2].xid.type == ID_TYPE_GID) { - (*sec)->groups[i] = ids[i+2].xid.id; + for (s=2; s < token->num_sids; s++) { + if (ids[s].xid.type == ID_TYPE_BOTH || + ids[s].xid.type == ID_TYPE_GID) { + (*sec)->groups[g] = ids[s].xid.id; + g++; } else { return NT_STATUS_INVALID_SID; } -- Samba Shared Repository