[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6206e15b4de winbind: Fix "wbinfo -u" on a Samba AD DC with >1000 users via f633389f36e winbind: Test wbinfo -u with more than 1000 users via 5ac65fdf9ac build:wafsamba: Fix TypeError in read_submodule_status() via 1dbdeaa8d7f gp: get_gpo() should re-raise the Exception, not return via 9755206f6dd s4:ntvfs:posix: avoid parsing empty blob in posix_eadb_add_list() via 46ae5568fa7 lib:ldb: do not offset against NULL pointer in ldb_ldif_read() from 5fcb675a8b0 s4/scripting: fix % len(res) was in the wrong place https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6206e15b4de0ba67d713124c2be353dabf3878c8 Author: Volker Lendecke Date: Wed Apr 26 17:19:29 2023 +0200 winbind: Fix "wbinfo -u" on a Samba AD DC with >1000 users BUG: https://bugzilla.samba.org/show_bug.cgi?id=15366 Signed-off-by: Volker Lendecke Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue May 9 02:58:45 UTC 2023 on atb-devel-224 commit f633389f36e79d3e772777ad7ca13012e3616273 Author: Volker Lendecke Date: Thu Apr 27 12:25:24 2023 +0200 winbind: Test wbinfo -u with more than 1000 users winbind asks dcerpc_samr_LookupRids in one batch, where samr.idl has NTSTATUS samr_LookupRids( [in,ref] policy_handle *domain_handle, [in,range(0,1000)] uint32 num_rids, [in,size_is(1000),length_is(num_rids)] uint32 rids[], [out,ref] lsa_Strings *names, [out,ref] samr_Ids *types ); limiting num_rids to 1000 entries. Test this. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15366 Signed-off-by: Volker Lendecke Reviewed-by: Andrew Bartlett commit 5ac65fdf9acb286a152032cc8913b5ce28fe30fc Author: Joseph Sutton Date: Thu May 4 15:25:31 2023 +1200 build:wafsamba: Fix TypeError in read_submodule_status() parts = l.split(" ") TypeError: a bytes-like object is required, not 'str' Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 1dbdeaa8d7fcfa4b620bbd24e457ee7f2e6c132d Author: David Mulder Date: Fri Apr 28 07:37:31 2023 -0600 gp: get_gpo() should re-raise the Exception, not return If we return from this failure, then `new_gpo` is set to `None` and we will fail in some obscure way within a CSE later (since we append `None` to the GPO list). Instead, re-raise the Exception so we see that an error happened when fetching the GPO. Signed-off-by: David Mulder Reviewed-by: Andrew Bartlett commit 9755206f6dde7ee4f9852bbd81cb79f4457faf86 Author: Dmitry Antipov Date: Tue May 2 13:45:01 2023 +0300 s4:ntvfs:posix: avoid parsing empty blob in posix_eadb_add_list() Strictly speaking, this is not a bug because parsing loop will just skip an empty ({NULL}, 0) blob. But it's better to avoid this case because UBSan (as of clang-17 at least) may complain on such a parsing attempt: source4/ntvfs/posix/posix_eadb.c:56:62: runtime error: applying zero offset to null pointer #0 0x7f9d71ce7b2a in posix_eadb_add_list source4/ntvfs/posix/posix_eadb.c:56 #1 0x7f9d71ce7b2a in push_xattr_blob_tdb_raw source4/ntvfs/posix/posix_eadb.c:178 #2 0x7f9d71cec1f5 in py_wrap_setxattr source4/ntvfs/posix/python/pyposix_eadb.c:64 #3 0x7f9d88bd4507 in cfunction_call (/lib64/libpython3.11.so.1.0+0x1d4507) [... a lot of Python calls skipped...] Signed-off-by: Dmitry Antipov Reviewed-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 46ae5568fa7b9a96018d0eedadee6400632112ba Author: Dmitry Antipov Date: Tue May 2 13:43:54 2023 +0300 lib:ldb: do not offset against NULL pointer in ldb_ldif_read() Fix the following error observed running samba.test.registry compiled with clang-17 and UBsan: lib/ldb/common/ldb_ldif.c:881:9: runtime error: applying non-zero offset 137438953440 to null pointer #0 0x7faa0eb3932f in ldb_ldif_read lib/ldb/common/ldb_ldif.c:881 #1 0x7faa0eb3aec6 in ldb_ldif_read_string lib/ldb/common/ldb_ldif.c:1004 #2 0x7faa077ed759 in dsdb_set_schema_from_ldif source4/dsdb/schema/schema_set.c:1113 #3 0x7faa068fcbbf in py_dsdb_set_schema_from_ldif source4/dsdb/pydsdb.c:929 #4 0x7faa1d1d4507 in cfunction_call (/lib64/libpython3.11.so.1.0+0x1d4507) [... a lot of Python calls skipped...] I.e. number of elements should be checked against zero before making an attempt to access an element by index. Signed-off-by: Dmitry Antipov Reviewed-by: Joseph Sutton Reviewed-by: Andrew Bartlett
[SCM] Socket Wrapper Repository - branch master updated
The branch, master has been updated via cb5d579 gitlab-ci: Add a 32bit build via df91870 Add fix for incorrect mapping of fcntl64() -> fcntl(), causing locking failures via ceb139d Add test for F_SETLK as this is needs to be 64-bit aware on 32-bit userspace from b15c02f tests: New test with poll https://git.samba.org/?p=socket_wrapper.git;a=shortlog;h=master - Log - commit cb5d5790fff30e3be5a9465a85b1ac0aaaebfed2 Author: Andreas Schneider Date: Fri May 5 07:14:26 2023 +0200 gitlab-ci: Add a 32bit build BUG: https://bugzilla.samba.org/show_bug.cgi?id=15367 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett commit df918708717c084ec9048be2864edcde81816108 Author: Andrew Bartlett Date: Fri May 5 13:34:00 2023 +1200 Add fix for incorrect mapping of fcntl64() -> fcntl(), causing locking failures We need to call fcntl64() if possible for 32-bit hosts This is a strange case of socket_wrapper breaking normal file operation. Newer glibc has introduced fcntl64 and symbol renaming but the end function call was not caught by the automatic rename. This means socket_wrapper would call fcntl(), not fcntl64 in libc and this would do a "struct flock" -> "struct flock64" translation on the supplied argument, despite this being already a flock64 from the caller. This in turn changed the lock offset values (eg to 0, 0). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15367 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider commit ceb139dc42c50275a11ca974ef8800032cf24b6f Author: Andrew Bartlett Date: Fri May 5 13:15:51 2023 +1200 Add test for F_SETLK as this is needs to be 64-bit aware on 32-bit userspace If this is not correctly routed to fcntl64 (where that exists) then an incorrect thunking could be applied breaking the functionality. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15367 Signed-off-by: Andrew Bartlett Reviewed-by: Andreas Schneider --- Summary of changes: .gitlab-ci.yml | 20 ++ ConfigureChecks.cmake | 1 + cmake/Toolchain-cross-m32.cmake | 23 +++ src/socket_wrapper.c| 25 tests/CMakeLists.txt| 1 + tests/test_fcntl_lock.c | 86 + 6 files changed, 156 insertions(+) create mode 100644 cmake/Toolchain-cross-m32.cmake create mode 100644 tests/test_fcntl_lock.c Changeset truncated at 500 lines: diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d5dc461..ef98aeb 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -224,6 +224,26 @@ tumbleweed/x86_64/clang: paths: - obj/ +tumbleweed/x86/gcc: + stage: test + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD + script: +- mkdir -p obj && cd obj && cmake + -DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-cross-m32.cmake + -DCMAKE_BUILD_TYPE=RelWithDebInfo + -DPICKY_DEVELOPER=ON + -DUNIT_TESTING=ON .. && + make -j$(nproc) && ctest --output-on-failure + tags: +- shared + except: +- tags + artifacts: +expire_in: 1 week +when: on_failure +paths: + - obj/ + tumbleweed/static-analysis: stage: analysis image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake index b820a65..c99e2ae 100644 --- a/ConfigureChecks.cmake +++ b/ConfigureChecks.cmake @@ -80,6 +80,7 @@ check_function_exists(__close_nocancel HAVE___CLOSE_NOCANCEL) check_function_exists(recvmmsg HAVE_RECVMMSG) check_function_exists(sendmmsg HAVE_SENDMMSG) check_function_exists(syscall HAVE_SYSCALL) +check_function_exists(fcntl64 HAVE_FCNTL64) if (UNIX) find_library(DLFCN_LIBRARY dl) diff --git a/cmake/Toolchain-cross-m32.cmake b/cmake/Toolchain-cross-m32.cmake new file mode 100644 index 000..7918c60 --- /dev/null +++ b/cmake/Toolchain-cross-m32.cmake @@ -0,0 +1,23 @@ +set(CMAKE_C_FLAGS "-m32" CACHE STRING "C compiler flags" FORCE) +set(CMAKE_CXX_FLAGS "-m32" CACHE STRING "C++ compiler flags" FORCE) + +set(LIB32 /usr/lib) # Fedora + +if(EXISTS /usr/lib32) +set(LIB32 /usr/lib32) # Arch, Solus +endif() + +set(CMAKE_SYSTEM_LIBRARY_PATH ${LIB32} CACHE STRING "system library search path" FORCE) +set(CMAKE_LIBRARY_PATH${LIB32} CACHE STRING "library search path" FORCE) + +# this is probably unlikely to be needed, but just in case +set(CMAKE_EXE_LINKER_FLAGS"-m32 -L${LIB32}" CACHE STRING "executable linker flags" FORCE) +set(CMAKE_SHARED_LINKER_FLAGS "-m32 -L${LIB32}" CACHE STRING "shared library linker flags" FORCE) +set(CMAKE_MODULE_LINKER_FLAGS "-m32 -L${LIB32}" CACHE STRING "module linker flags" FORCE) + +# on Fedora and Arch and
[SCM] Samba Shared Repository - branch v4-18-test updated
The branch, v4-18-test has been updated via 1ace31bc878 dsgetdcname: do not assume local system uses IPv4 from 49777b08ac2 s3:lib: Do not try to match '.' and '..' directories in is_in_path() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test - Log - commit 1ace31bc8787a72a923b1445192476cc8d71a0d8 Author: Nathaniel W. Turner Date: Fri Sep 23 16:37:46 2022 -0400 dsgetdcname: do not assume local system uses IPv4 Return the first IPv4 and the first IPv6 address found for each DC. This is slightly inelegant, but resolves an issue where IPv6-only systems were unable to run "net ads join" against domain controllers that have both A and records in DNS. While this impacts performance due to the additional LDAP ping attempts, in practice an attempt to connect to an IPv6 address on an IPv4-only system (or vice versa) will fail immediately with NT_STATUS_NETWORK_UNREACHABLE, and thus the performance impact should be negligible. The alternative approach, using an smb.conf setting to control whether the logic prefers a single address of one family or the other ends up being a bit awkward, as it pushes the problem onto admins and tools such as "realm join" that want to dynamically synthesize an smb.conf on the fly. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15325 Signed-off-by: Nathaniel W. Turner Reviewed-by: Jeremy Allison Reviewed-by: David Mulder Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Mar 9 19:12:15 UTC 2023 on atb-devel-224 (cherry picked from commit f55a357c6b9387883a7628a1b1083263a10121a6) Autobuild-User(v4-18-test): Jule Anger Autobuild-Date(v4-18-test): Mon May 8 10:17:16 UTC 2023 on atb-devel-224 --- Summary of changes: source3/libsmb/dsgetdcname.c | 49 +++- 1 file changed, 26 insertions(+), 23 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index 42714fcb2a1..e0462d5fb24 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -551,14 +551,20 @@ static NTSTATUS discover_dc_dns(TALLOC_CTX *mem_ctx, return NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; } + /* Check for integer wrap. */ + if (numdcs + numdcs < numdcs) { + TALLOC_FREE(dcs); + return NT_STATUS_INVALID_PARAMETER; + } + /* -* We're only returning one address per -* DC name, so just allocate size numdcs. +* We're only returning up to 2 addresses per +* DC name, so just allocate size numdcs x 2. */ dclist = talloc_zero_array(mem_ctx, struct ip_service_name, - numdcs); + numdcs * 2); if (!dclist) { TALLOC_FREE(dcs); return NT_STATUS_NO_MEMORY; @@ -571,17 +577,16 @@ static NTSTATUS discover_dc_dns(TALLOC_CTX *mem_ctx, ret_count = 0; for (i = 0; i < numdcs; i++) { size_t j; + bool have_v4_addr = false; + bool have_v6_addr = false; if (dcs[i].num_ips == 0) { continue; } - dclist[ret_count].hostname = - talloc_move(dclist, [i].hostname); - /* -* Pick the first IPv4 address, -* if none pick the first address. +* Pick up to 1 address from each address +* family (IPv4, IPv6). * * This is different from the previous * code which picked a 'next ip' address @@ -589,8 +594,11 @@ static NTSTATUS discover_dc_dns(TALLOC_CTX *mem_ctx, * Too complex to maintain :-(. */ for (j = 0; j < dcs[i].num_ips; j++) { - if (dcs[i].ss_s[j].ss_family == AF_INET) { + if ((dcs[i].ss_s[j].ss_family == AF_INET && !have_v4_addr) || + (dcs[i].ss_s[j].ss_family == AF_INET6 && !have_v6_addr)) { bool ok; + dclist[ret_count].hostname = + talloc_strdup(dclist, dcs[i].hostname); ok = sockaddr_storage_to_samba_sockaddr( [ret_count].sa, [i].ss_s[j]); @@ -599,22 +607,17 @@ static NTSTATUS discover_dc_dns(TALLOC_CTX *mem_ctx, TALLOC_FREE(dclist); return