The branch, master has been updated via 2ef79a4c1d6 dbcheck: fallback to the default tombstoneLifetime of 180 days via 15032ec6df1 python/ntacls: we only need security.SEC_STD_READ_CONTROL in order to get the ACL via 706aba5bf62 dsdb:audit_log: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..." via 0da12ff93d2 lib/util: set current_msg_{level,class} also during a DEBUGADD[C]() call via d98a9712474 lib/util: remove unused prototypes in debug.h via bb0ffbf38cb lib/util: fix call to dbghdrclass() for DEBUGC() from e09053faf45 registry: add a missing include
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 2ef79a4c1d695a3e498b142810a1317d85b9b6da Author: Stefan Metzmacher <me...@samba.org> Date: Mon Apr 29 11:59:50 2019 +0200 dbcheck: fallback to the default tombstoneLifetime of 180 days If a domain was provisioned by Windows 2000 this value is missing in the database. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13967 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Tue May 28 08:32:10 UTC 2019 on sn-devel-184 commit 15032ec6df1abbb53f1b1d5377aab369f83ae707 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Apr 26 17:07:20 2019 +0200 python/ntacls: we only need security.SEC_STD_READ_CONTROL in order to get the ACL We should avoid security.SEC_FLAG_MAXIMUM_ALLOWED otherwise we may get NT_STATUS_SHARING_VIOLATION when we run 'samba-tool domain backup online' against a Windows DC. Windows DCs have hidden folders for the NtFrs or Dfsr services, which are locked by the running service. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13917 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 706aba5bf62e674ae12786f6ab275752b8714464 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Apr 26 14:31:46 2019 +0000 dsdb:audit_log: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..." We better print "... remote host [Unknown] SID [S-1-5-18] ..." in 'dsdb_audit' message, this matches what we print for 'dsdb_json_audit'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13916 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 0da12ff93d213ac742eeb865bfa5697ca8a2280a Author: Stefan Metzmacher <me...@samba.org> Date: Fri Apr 26 13:40:58 2019 +0200 lib/util: set current_msg_{level,class} also during a DEBUGADD[C]() call In some situations we use DEBUGADDC() in order to print out content without a related debug header line. This is important with the new per class logfile with: log level = 1 dsdb_json_audit:10@/var/log/samba/log.dsdb_json_audit BUG: https://bugzilla.samba.org/show_bug.cgi?id=13915 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit d98a971247450d494c581c5454e6c270ad1b6880 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Apr 26 13:32:43 2019 +0200 lib/util: remove unused prototypes in debug.h BUG: https://bugzilla.samba.org/show_bug.cgi?id=13915 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit bb0ffbf38cb1955c9e400003add680eabcf706a6 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Apr 26 13:21:15 2019 +0200 lib/util: fix call to dbghdrclass() for DEBUGC() dbghdrclass() sets the global 'current_msg_class' and for that DEBUGC() should pass the given dbgc_class instead of the per file DBGC_CLASS. This is important with the new per class logfile with: log level = 1 dsdb_audit:10@/var/log/samba/log.dsdb_audit BUG: https://bugzilla.samba.org/show_bug.cgi?id=13915 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/util/debug.c | 17 ++++++++++++----- lib/util/debug.h | 11 ++++++----- python/samba/dbchecker.py | 5 ++++- python/samba/ntacls.py | 2 +- source4/dsdb/samdb/ldb_modules/audit_log.c | 4 +++- 5 files changed, 26 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/debug.c b/lib/util/debug.c index 23c78ae19c9..d2fbab12414 100644 --- a/lib/util/debug.c +++ b/lib/util/debug.c @@ -1479,6 +1479,17 @@ void dbgflush( void ) bufr_print(); } +bool dbgsetclass(int level, int cls) +{ + /* Set current_msg_level. */ + current_msg_level = level; + + /* Set current message class */ + current_msg_class = cls; + + return true; +} + /*************************************************************************** Print a Debug Header. @@ -1523,11 +1534,7 @@ bool dbghdrclass(int level, int cls, const char *location, const char *func) return( true ); } - /* Set current_msg_level. */ - current_msg_level = level; - - /* Set current message class */ - current_msg_class = cls; + dbgsetclass(level, cls); /* Don't print a header if we're logging to stdout. */ if ( state.logtype != DEBUG_FILE ) { diff --git a/lib/util/debug.h b/lib/util/debug.h index e6f54a7657f..67dbf3357e3 100644 --- a/lib/util/debug.h +++ b/lib/util/debug.h @@ -45,7 +45,7 @@ bool dbgtext_va(const char *, va_list ap) PRINTF_ATTRIBUTE(1,0); bool dbgtext( const char *, ... ) PRINTF_ATTRIBUTE(1,2); bool dbghdrclass( int level, int cls, const char *location, const char *func); -bool dbghdr( int level, const char *location, const char *func); +bool dbgsetclass(int level, int cls); /* * Define all new debug classes here. A class is represented by an entry in @@ -201,17 +201,19 @@ void debuglevel_set_class(size_t idx, int level); #define DEBUGC( dbgc_class, level, body ) \ (void)( ((level) <= MAX_DEBUG_LEVEL) && \ unlikely(debuglevel_get_class(dbgc_class) >= (level)) \ - && (dbghdrclass( level, DBGC_CLASS, __location__, __FUNCTION__ )) \ + && (dbghdrclass( level, dbgc_class, __location__, __FUNCTION__ )) \ && (dbgtext body) ) #define DEBUGADD( level, body ) \ (void)( ((level) <= MAX_DEBUG_LEVEL) && \ - unlikely(debuglevel_get_class(DBGC_CLASS) >= (level)) \ + unlikely(debuglevel_get_class(DBGC_CLASS) >= (level)) \ + && (dbgsetclass(level, DBGC_CLASS)) \ && (dbgtext body) ) #define DEBUGADDC( dbgc_class, level, body ) \ (void)( ((level) <= MAX_DEBUG_LEVEL) && \ - unlikely((debuglevel_get_class(dbgc_class) >= (level))) \ + unlikely((debuglevel_get_class(dbgc_class) >= (level))) \ + && (dbgsetclass(level, dbgc_class)) \ && (dbgtext body) ) /* Print a separator to the debug log. */ @@ -318,7 +320,6 @@ void force_check_log_size( void ); bool need_to_check_log_size( void ); void check_log_size( void ); void dbgflush( void ); -bool dbghdrclass(int level, int cls, const char *location, const char *func); bool debug_get_output_is_stderr(void); bool debug_get_output_is_stdout(void); void debug_schedule_reopen_logs(void); diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py index a0500c6c578..04304b0b0dc 100644 --- a/python/samba/dbchecker.py +++ b/python/samba/dbchecker.py @@ -220,7 +220,10 @@ class dbcheck(object): scope=ldb.SCOPE_BASE, expression="(objectClass=nTDSService)", attrs=["tombstoneLifetime"]) - self.tombstoneLifetime = int(res[0]["tombstoneLifetime"][0]) + if "tombstoneLifetime" in res[0]: + self.tombstoneLifetime = int(res[0]["tombstoneLifetime"][0]) + else: + self.tombstoneLifetime = 180 self.compatibleFeatures = [] self.requiredFeatures = [] diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py index 5bf646caf9f..82d950fbbc9 100644 --- a/python/samba/ntacls.py +++ b/python/samba/ntacls.py @@ -49,7 +49,7 @@ SECURITY_SECINFO_FLAGS = security.SECINFO_OWNER | \ # SEC_FLAG_SYSTEM_SECURITY is required otherwise get Access Denied SECURITY_SEC_FLAGS = security.SEC_FLAG_SYSTEM_SECURITY | \ - security.SEC_FLAG_MAXIMUM_ALLOWED + security.SEC_STD_READ_CONTROL class XattrBackendError(Exception): diff --git a/source4/dsdb/samdb/ldb_modules/audit_log.c b/source4/dsdb/samdb/ldb_modules/audit_log.c index 931147efc72..ef674950100 100644 --- a/source4/dsdb/samdb/ldb_modules/audit_log.c +++ b/source4/dsdb/samdb/ldb_modules/audit_log.c @@ -928,6 +928,7 @@ static char *operation_human_readable( { struct ldb_context *ldb = NULL; const char *remote_host = NULL; + const struct tsocket_address *remote = NULL; const struct dom_sid *sid = NULL; struct dom_sid_buf user_sid; const char *timestamp = NULL; @@ -942,7 +943,8 @@ static char *operation_human_readable( ldb = ldb_module_get_ctx(module); remote_host = dsdb_audit_get_remote_host(ldb, ctx); - if (remote_host != NULL && dsdb_audit_is_system_session(module)) { + remote = dsdb_audit_get_remote_address(ldb); + if (remote != NULL && dsdb_audit_is_system_session(module)) { sid = dsdb_audit_get_actual_sid(ldb); } else { sid = dsdb_audit_get_user_sid(module); -- Samba Shared Repository