[SCM] Samba Shared Repository - branch master updated

Fri, 03 Jan 2020 14:20:58 -0800 

The branch, master has been updated
       via  03b42aeb811 python/loadparm: check for AD DC required VFS modules
       via  4d4443d1e53 loadparm: check for AD DC required VFS modules
      from  1d0ffcf30e6 smbd: Remove an unused parameter from defer_open()

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 03b42aeb811ae7260a9a9e197212767877484a78
Author: Björn Jacke <b...@sernet.de>
Date:   Fri Jan 3 15:29:34 2020 +0100

    python/loadparm: check for AD DC required VFS modules
    
    same as the previous commit, just for python's testparm code
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10560
    
    Signed-off-by: Bjoern Jacke <bja...@samba.org>
    Reviewed-by: David Disseldorp <dd...@samba.org>
    
    Autobuild-User(master): Björn Jacke <bja...@samba.org>
    Autobuild-Date(master): Fri Jan  3 22:19:47 UTC 2020 on sn-devel-184

commit 4d4443d1e539c1ce0f7245fbcffbf22df8355b2d
Author: David Disseldorp <dd...@samba.org>
Date:   Fri Jan 3 14:31:28 2020 +0100

    loadparm: check for AD DC required VFS modules
    
    When Samba is running as a domain controller and the "vfs objects"
    parameter is not set, then the dfs_samba4 and acl_xattr modules are
    automatically enabled.
    However, if the "vfs objects" is defined, then the setting is left
    as-is. This means that attempts to us other VFS modules have the side
    effect of disabling the dfs_samba4 and acl_xattr modules, causing
    unexpected behaviour, which is then blamed on the VFS modules that were
    explicitly defined.
    
    This change ensures that when running as a domain controller, Samba logs
    an error if the required VFS modules are not enabled by an explicit
    "vfs objects" definition.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=10560
    
    Signed-off-by: David Disseldorp <dd...@samba.org>
    Reviewed-by: Björn Jacke <bja...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 python/samba/netcmd/testparm.py | 18 +++++++++++++-----
 source3/param/loadparm.c        | 37 ++++++++++++++++++++++++++++++++++++-
 2 files changed, 49 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/netcmd/testparm.py b/python/samba/netcmd/testparm.py
index bf566f38d78..aef24bf5c8d 100644
--- a/python/samba/netcmd/testparm.py
+++ b/python/samba/netcmd/testparm.py
@@ -157,12 +157,20 @@ class cmd_testparm(Command):
             valid = False
 
         role = lp.get("server role")
-        charset = lp.get("unix charset").upper()
 
-        if role in ["active directory domain controller", "domain controller", 
"dc"] and charset not in ["UTF-8", "UTF8"]:
-            logger.warning(
-                "When acting as Active Directory domain controller, "
-                "unix charset is expected to be UTF-8.")
+        if role in ["active directory domain controller", "domain controller", 
"dc"]:
+            charset = lp.get("unix charset").upper()
+            if charset not in ["UTF-8", "UTF8"]:
+                logger.warning(
+                    "When acting as Active Directory domain controller, "
+                    "unix charset is expected to be UTF-8.")
+            vfsobjects = lp.get("vfs objects")
+            if vfsobjects:
+                for entry in ['dfs_samba4', 'acl_xattr']:
+                    if entry not in vfsobjects:
+                        logger.warning(
+                            "When acting as Active Directory domain 
controller, " +
+                            entry + " should be in vfs objects.")
 
         return valid
 
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index bef24b6821b..ce41477097a 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -2740,6 +2740,38 @@ static bool do_parameter(const char *pszParmName, const 
char *pszParmValue,
        }
 }
 
+
+static const char *ad_dc_req_vfs_mods[] = {"dfs_samba4", "acl_xattr", NULL};
+
+/*
+ * check that @vfs_objects includes all vfs modules required by an AD DC.
+ */
+static bool check_ad_dc_required_mods(const char **vfs_objects)
+{
+       int i;
+       int j;
+       int got_req;
+
+       for (i = 0; ad_dc_req_vfs_mods[i] != NULL; i++) {
+               got_req = false;
+               for (j = 0; vfs_objects[j] != NULL; j++) {
+                       if (!strwicmp(ad_dc_req_vfs_mods[i], vfs_objects[j])) {
+                               got_req = true;
+                               break;
+                       }
+               }
+               if (!got_req) {
+                       DEBUG(0, ("vfs objects specified without required AD "
+                                 "DC module: %s\n", ad_dc_req_vfs_mods[i]));
+                       return false;
+               }
+       }
+
+       DEBUG(6, ("vfs objects specified with all required AD DC modules\n"));
+       return true;
+}
+
+
 /***************************************************************************
  Initialize any local variables in the sDefault table, after parsing a
  [globals] section.
@@ -2759,7 +2791,10 @@ static void init_locals(void)
         */
        if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
                const char **vfs_objects = lp_vfs_objects(-1);
-               if (!vfs_objects || !vfs_objects[0]) {
+               if (vfs_objects != NULL) {
+                       /* ignore return, only warn if modules are missing */
+                       check_ad_dc_required_mods(vfs_objects);
+               } else {
                        if (lp_parm_const_string(-1, "xattr_tdb", "file", 
NULL)) {
                                lp_do_parameter(-1, "vfs objects", "dfs_samba4 
acl_xattr xattr_tdb");
                        } else if (lp_parm_const_string(-1, "posix", "eadb", 
NULL)) {


-- 
Samba Shared Repository

Reply via email to