[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6e5d79ff408 shadow_copy2: Remove an intermediate if-statement via f3350bff453 smbd: Remove non_widelink_open() support code via 2c8935cf3d7 smbd: Rewrite non_widelink_open() via 1bf0289b23c smbd: Make readlink_talloc() public via b4445ef9ab1 smbd: Slightly simplify non_widelink_open() via dbf93c9e0f5 shadow_copy2: Use dirfsp if it's around via fbc17c41aeb shadow_copy2: Use dirfsp for connectpath via e1ca4e28d89 vfs: Add dirfsp to connectpath_fn() from 9ef2f7345f0 s3:auth: Flush the GETPWSID in memory cache for NTLM auth https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6e5d79ff40892b4f8f4962b36c1c3fb2d2ce9d55 Author: Volker Lendecke Date: Thu Sep 15 08:55:01 2022 -0700 shadow_copy2: Remove an intermediate if-statement Now we always pass in a dirfsp from our only caller Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sat Sep 17 05:15:04 UTC 2022 on sn-devel-184 commit f3350bff4532b35b3c9e99e0d0865ecec55e1be5 Author: Volker Lendecke Date: Tue Sep 13 09:49:31 2022 -0700 smbd: Remove non_widelink_open() support code process_symlink_open() and check_reduced_name() are no longer used, non_widelink_open() was the only user of both. Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison commit 2c8935cf3d79dd09bc6d00793cf8fdaf031d21fc Author: Volker Lendecke Date: Mon Sep 12 12:08:13 2022 -0700 smbd: Rewrite non_widelink_open() The previous implementation relied on recursion into non_widelink_open() via process_symlink_open(). The latter used readlink() to just make sure that the opened file is actually a symlink. This implementation now relies on a fstat/fstatat on failure to open a file, removing a little complexity deciphering error codes correctly. It also relies on reading the symlink in user space, turning the recursion into a loop. Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison commit 1bf0289b23cae861ec1fa3c4a46e267392315726 Author: Volker Lendecke Date: Wed Sep 7 10:43:23 2022 +0200 smbd: Make readlink_talloc() public Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison commit b4445ef9ab1b258fbb17bb5aaa9998f14e4adfcc Author: Volker Lendecke Date: Sat Sep 10 01:36:11 2022 -0700 smbd: Slightly simplify non_widelink_open() Avoid the "is_share_root" boolean: One special case less to take care of further down and in callers: Sanitize the relative name so that it can never contain a path separator Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison commit dbf93c9e0f5d592b3cbac4c705cb10dbc9e20ea6 Author: Volker Lendecke Date: Thu Sep 15 06:11:55 2022 -0700 shadow_copy2: Use dirfsp if it's around Not used yet, and the "if" around dirfsp!=NULL will go away in a later patch. Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison commit fbc17c41aeb8eae4e603aef0fe8822b468b57205 Author: Volker Lendecke Date: Thu Sep 15 03:41:55 2022 + shadow_copy2: Use dirfsp for connectpath Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison commit e1ca4e28d89237c8910e77146824ecc3444ce272 Author: Volker Lendecke Date: Wed Sep 14 20:18:33 2022 -0700 vfs: Add dirfsp to connectpath_fn() So far we only call CONNECTPATH on full paths. In the future, we'll have a call that will not have converted a relative path to absolute just for efficiency reasons. To give shadow_copy2 the chance to still find the snapshot directory, pass the dirfsp down to it. Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison --- Summary of changes: examples/VFS/skel_opaque.c| 6 +- examples/VFS/skel_transparent.c | 8 +- source3/include/vfs.h | 11 +- source3/include/vfs_macros.h | 8 +- source3/modules/vfs_ceph.c| 6 +- source3/modules/vfs_default.c | 1 + source3/modules/vfs_full_audit.c | 8 +- source3/modules/vfs_glusterfs.c | 6 +- source3/modules/vfs_not_implemented.c | 6 +- source3/modules/vfs_shadow_copy2.c| 17 +- source3/modules/vfs_time_audit.c | 8 +- source3/smbd/files.c | 2 +- source3/smbd/open.c | 605 ++ source3/smbd/proto.h | 8 +- source3/smbd/vfs.c| 218 +--- 15 files changed, 391 insertions(+), 527 deletions(-) Changeset truncated at 500 lines: diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c index
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9ef2f7345f0 s3:auth: Flush the GETPWSID in memory cache for NTLM auth from 3e95c677f24 pytests:s4/dsdb/passwords: avoid unused imports https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9ef2f7345f0d387567fca598cc7008af95598903 Author: Andreas Schneider Date: Mon Sep 12 16:31:05 2022 +0200 s3:auth: Flush the GETPWSID in memory cache for NTLM auth Example valgrind output: ==22502== 22,747,002 bytes in 21,049 blocks are possibly lost in loss record 1,075 of 1,075 ==22502==at 0x4C29F73: malloc (vg_replace_malloc.c:309) ==22502==by 0x11D7089C: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.16) ==22502==by 0x9027834: tcopy_passwd (in /usr/lib64/libsmbconf.so.0) ==22502==by 0x6A1E1A3: pdb_copy_sam_account (in /usr/lib64/libsamba-passdb.so.0.27.2) ==22502==by 0x6A28AB7: pdb_getsampwnam (in /usr/lib64/libsamba-passdb.so.0.27.2) ==22502==by 0x65D0BC4: check_sam_security (in /usr/lib64/samba/libauth-samba4.so) ==22502==by 0x65C70F0: ??? (in /usr/lib64/samba/libauth-samba4.so) ==22502==by 0x65C781A: auth_check_ntlm_password (in /usr/lib64/samba/libauth-samba4.so) ==22502==by 0x14E464: ??? (in /usr/sbin/winbindd) ==22502==by 0x151CED: winbind_dual_SamLogon (in /usr/sbin/winbindd) ==22502==by 0x152072: winbindd_dual_pam_auth_crap (in /usr/sbin/winbindd) ==22502==by 0x167DE0: ??? (in /usr/sbin/winbindd) ==22502==by 0x12F29B12: tevent_common_invoke_fd_handler (in /usr/lib64/libtevent.so.0.9.39) ==22502==by 0x12F30086: ??? (in /usr/lib64/libtevent.so.0.9.39) ==22502==by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39) ==22502==by 0x12F2925C: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.39) ==22502==by 0x16A243: ??? (in /usr/sbin/winbindd) ==22502==by 0x16AA04: ??? (in /usr/sbin/winbindd) ==22502==by 0x12F29F68: tevent_common_invoke_immediate_handler (in /usr/lib64/libtevent.so.0.9.39) ==22502==by 0x12F29F8F: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.39) ==22502==by 0x12F2FE3C: ??? (in /usr/lib64/libtevent.so.0.9.39) ==22502==by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39) ==22502==by 0x12F2925C: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.39) ==22502==by 0x12F4C7: main (in /usr/sbin/winbindd) You can find one for each string in pdb_copy_sam_account(), in total this already has 67 MB in total for this valgrind run. pdb_getsampwnam() -> memcache_add_talloc(NULL, PDB_GETPWSID_CACHE, ...) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15169 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Fri Sep 16 20:30:31 UTC 2022 on sn-devel-184 --- Summary of changes: source3/auth/check_samsec.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c index 8c64456c582..1b346b43870 100644 --- a/source3/auth/check_samsec.c +++ b/source3/auth/check_samsec.c @@ -24,6 +24,7 @@ #include "auth.h" #include "../libcli/auth/libcli_auth.h" #include "passdb.h" +#include "lib/util/memcache.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH @@ -568,8 +569,6 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge, nt_status = make_server_info_sam(mem_ctx, sampass, server_info); unbecome_root(); - TALLOC_FREE(sampass); - if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status))); goto done; @@ -588,6 +587,11 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge, (*server_info)->nss_token |= user_info->was_mapped; done: + /* +* Always flush the getpwsid cache or this will grow indefinetly for +* each NTLM auththentication. +*/ + memcache_flush(NULL, PDB_GETPWSID_CACHE); TALLOC_FREE(sampass); data_blob_free(_sess_key); data_blob_free(_sess_key); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3e95c677f24 pytests:s4/dsdb/passwords: avoid unused imports via 884f1052149 pytests:s4/drs/getnc_schema: avoid unused imports via 1cf48a588fc pytests:s4/drs/repl_move: avoid unused and star imports via 7283fed0b35 pytests:s4/drs/repl_rodc: avoid unused imports via 7f9fedd744c pytests:s4/drs/linked_attributes_drs: avoid unused imports via b1ff59fb8b7 pytests:s4/drs/ridalloc_exop: avoid unused imports via 3c5cb27885a pytests: remove backwards compat workaround for python 2.6 via 2775d6b5d1c pytest: samba-tool visualize: improve a message via ed72ec76313 samba-tool: no stack trace on missing ldb tdb via b350a9c37c9 samba-tool: write ERROR in red if colour is wanted via a64e6c9639c samba-tool visualize: simplify --color-scheme calculations via 07cbb10dc07 samba-tool visualise: use global --color via adf8b8b4a16 py:colour: is_colour_wanted() can take filenames via c0d0c13670a samba-tool: --color=auto looks at stderr and stdout via 7d4387d15df samba-tool drs showrepl: use global --color option via baf7c5c585d samba-tool: save --color choice for subcommands via 5dd4696fb79 samba-tool: make --color a general option via 4c623356ce5 py:colour: colour_if_wanted() returns the result via 4f30d06a365 pytest: samba-tool visualize: fix filename via 3119349a3f1 libcli/auth/proto.h: remove unneeded path details. via 53f6dbe03f7 ldb: ldb_build_search_req() check for a talloc failure via 9983ea0ed26 s4/server: stop suggesting ntvfs in error message via 1f60e881973 libaddns: remove duplicate declaration via eab89c8e29d pytest/password_lockout: be less verbose by default via 7af1326a58e samba-tool: simplify and clarify SuperCommand._run() a little from 4f5b4bd9dfb ctdb-tests: Reformat remaining test stubs with "shfmt -w -p -i 0 -fn" https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3e95c677f242b28eaa031ed402a28dbdc0958d9f Author: Douglas Bagnall Date: Fri Sep 16 11:42:48 2022 +1200 pytests:s4/dsdb/passwords: avoid unused imports Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Fri Sep 16 06:47:43 UTC 2022 on sn-devel-184 commit 884f105214973d0b414fdf2b3be6eaff4c75512c Author: Douglas Bagnall Date: Fri Sep 16 11:42:14 2022 +1200 pytests:s4/drs/getnc_schema: avoid unused imports Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit 1cf48a588fc440eba665b27cf5d8f56264d2ca51 Author: Douglas Bagnall Date: Fri Sep 16 11:41:39 2022 +1200 pytests:s4/drs/repl_move: avoid unused and star imports Found the names using something like: flake8 repl_move.py | \ grep -oP "(?<=F405 ')[\w.]+" /tmp/repl_move | sort | uniq Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit 7283fed0b3524cd00d256eb1a9292685e0f9b43a Author: Douglas Bagnall Date: Fri Sep 16 11:38:40 2022 +1200 pytests:s4/drs/repl_rodc: avoid unused imports Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit 7f9fedd744c1f5144518efbe975330ea0df1cfd0 Author: Douglas Bagnall Date: Fri Sep 16 11:38:08 2022 +1200 pytests:s4/drs/linked_attributes_drs: avoid unused imports Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit b1ff59fb8b729f07836c4953a77eb710dc361f4c Author: Douglas Bagnall Date: Fri Sep 16 11:37:14 2022 +1200 pytests:s4/drs/ridalloc_exop: avoid unused imports Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit 3c5cb27885a542e0c0ba80e6c9b776859a29d2ff Author: Douglas Bagnall Date: Fri Sep 16 11:36:28 2022 +1200 pytests: remove backwards compat workaround for python 2.6 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit 2775d6b5d1c92aa72d02bde617927020cd8a79a2 Author: Douglas Bagnall Date: Wed Sep 14 21:12:47 2022 +1200 pytest: samba-tool visualize: improve a message Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett commit ed72ec763133b3ed17a9f75bf4ae0bf0782c2967 Author: Douglas Bagnall Date: Fri Sep 9 16:13:12 2022 +1200 samba-tool: no stack trace on missing ldb tdb Now, in a testenv, if you forget to use '-s st/ad_dc/etc/smb.conf', you only see this: $ bin/samba-tool user rename dsadsa ldb: Unable to open tdb '$HERE/st/client/private/secrets.ldb': No such file or directory ldb: Failed to connect to '$HERE/st/client/private/secrets.ldb' with backend 'tdb': Unable to open tdb '$HERE/st/client/private/secrets.ldb': No such file or directory Could not find machine account in secrets database: Failed to