Petr Viktorin [Mon, 8 Jun 2015 17:02:03 +0000 (19:02 +0200)]
buildtools: Don't configure Python more than once
Signed-off-by: Petr Viktorin <pviktori@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 20 Jul 2015 13:07:29 +0000 (15:07 +0200)]
s4-auth: Make sure error_string is correctly initialized
This should avoid a possible double free.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Günther Deschner [Tue, 5 Aug 2014 15:49:55 +0000 (17:49 +0200)]
s4-kdc_kpasswd: split out some code to a KPASSWD_GLUE subsystem.
This can then be easier shared with MIT's kadmin services for kpasswd services.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Günther Deschner [Mon, 12 May 2014 08:21:18 +0000 (10:21 +0200)]
s4-kdc: move kdc_check_pac() to a new subsystem KDC-GLUE.
This subsystem should be used to provide shared code between the s4 heimdal kdc
and the s4 heimdal wdc plugin.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Günther Deschner [Fri, 9 May 2014 22:05:23 +0000 (00:05 +0200)]
s4-kdc: only use a void* in samba_kdc_entry instead of hdb_entry_ex.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Günther Deschner [Thu, 8 May 2014 15:06:42 +0000 (17:06 +0200)]
s4-kdc/pac_glue: remove old samba_kdc_build_edata_reply().
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Günther Deschner [Thu, 15 May 2014 14:43:59 +0000 (16:43 +0200)]
s4-kdc/mit_samba: add a copy of samba_kdc_build_edata_reply for MIT.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Günther Deschner [Thu, 15 May 2014 07:13:06 +0000 (09:13 +0200)]
s4-kdc/wdc-samba4: add a copy of samba_kdc_build_edata_reply for Heimdal.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 25 Apr 2014 09:55:17 +0000 (11:55 +0200)]
waf: Make mit_samba a subsystem and do not build with Heimdal
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Thu, 16 Apr 2015 10:57:35 +0000 (12:57 +0200)]
s4-kdc: Fix a casting warning
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Thu, 16 Apr 2015 10:57:14 +0000 (12:57 +0200)]
s4-kdc: Fix a typo
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Volker Lendecke [Tue, 21 Jul 2015 08:36:09 +0000 (10:36 +0200)]
pdb_tdb: Use fstr_sprintf
Saves 160 bytes of .text
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Martin Schwenke [Tue, 21 Jul 2015 02:23:27 +0000 (12:23 +1000)]
ctdb-daemon: Ignore SIGUSR1
No use dying or failing eventscripts if someone sends a random
SIGUSR1.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Jul 21 11:00:17 CEST 2015 on sn-devel-104
Martin Schwenke [Sun, 19 Jul 2015 11:23:44 +0000 (21:23 +1000)]
ctdb-scripts: Move 60.nfs Ganesha callout to doc/examples/
We don't expect to maintain an up-to-date copy. NFS Ganesha team
might provide patches.
Also move the Ganesha .check file
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 15 Jul 2015 10:15:46 +0000 (20:15 +1000)]
ctdb-scripts: Support RPC checks for tcp6 and udp6
This adds new configuration variable CTDB_RPCINFO_LOCALHOST6.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Douglas Bagnall [Tue, 30 Jun 2015 22:41:34 +0000 (10:41 +1200)]
Use uintptr_t for pointer int cast in SMBC_getdents_ctx()
On i386, unsigned long long is 64 bit while the pointer is 32, and
this fails under autobuild with -WError.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 21 05:14:20 CEST 2015 on sn-devel-104
Volker Lendecke [Sat, 18 Jul 2015 19:50:55 +0000 (21:50 +0200)]
dbwrap_rbt: Make "key" and "value" aligned to 16 byte
Reported by Uri Simchoni <urisimchoni@gmail.com>. Thanks!
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jul 20 23:18:23 CEST 2015 on sn-devel-104
Martin Schwenke [Fri, 17 Jul 2015 09:51:59 +0000 (19:51 +1000)]
doc: Fix documentation for "ctdb timeout" parameter
The documentation claims this is specified in seconds. However, it is
passed straight through to poll(2), which takes a timeout in
milliseconds.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jul 20 15:47:43 CEST 2015 on sn-devel-104
Andrew Bartlett [Mon, 20 Jul 2015 01:23:30 +0000 (13:23 +1200)]
selftest: Add knownfail entry required to disable tombstone_reanimation
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 20 09:21:33 CEST 2015 on sn-devel-104
Kamen Mazdrashki [Sat, 30 May 2015 23:10:34 +0000 (02:10 +0300)]
dsdb: Disable tombstone_reanimation module until we isolate what causes flaky tests
Change-Id: I323a2cd5eb2449a44a9cb53abab5a127d21c5967
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Karolin Seeger [Sun, 19 Jul 2015 19:22:45 +0000 (21:22 +0200)]
docs: Bump version up to 4.3.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 20 06:11:53 CEST 2015 on sn-devel-104
Andrew Bartlett [Sun, 19 Jul 2015 23:46:36 +0000 (11:46 +1200)]
lib/tls: Change default supported TLS versions.
The new default is to disable SSLv3, as this is no longer considered
secure after CVE-2014-3566. Newer GnuTLS versions already disable SSLv3.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Sun, 19 Jul 2015 23:22:46 +0000 (11:22 +1200)]
lib/tls: Add new 'tls priority' option
This adds a new option to the smb.conf to allow administrators to disable
TLS protocols in GnuTLS without changing the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sun, 19 Jul 2015 22:37:21 +0000 (10:37 +1200)]
Remove support for OpenPGP certificates in our TLS client and server
We do not provide parameters to configure these, and OpenPGP for TLS (RFC 6091) is not used in AD
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 14 Jul 2015 14:30:35 +0000 (16:30 +0200)]
selftest: Add test for the dfree command
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul 17 22:09:34 CEST 2015 on sn-devel-104
Andreas Schneider [Fri, 17 Jul 2015 07:37:52 +0000 (09:37 +0200)]
s3-smbd: Remove the global dfree_broken variable
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Fri, 17 Jul 2015 07:35:11 +0000 (09:35 +0200)]
s3-smbd: Leave sys_disk_free() if dfree command is used
If we have a broken system which reports incorrect sizes we provide the
'dfree command'. This command makes sure Samba gets the correct values.
However after that we call the quota command which then reports the
broken values. The dfree command should take care to provide the correct
values and in case of quota's it should also calculate the quote
correctly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11403
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Thu, 16 Jul 2015 05:12:07 +0000 (07:12 +0200)]
s3:winbindd: initialize dst->primary_gid with (gid_t)-1
We should not leave this uninitialized.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jul 17 19:06:08 CEST 2015 on sn-devel-104
Stefan Metzmacher [Thu, 16 Jul 2015 05:00:08 +0000 (07:00 +0200)]
s3:winbindd: initialize acct_desc fields in rpc_enum_{dom,local}_groups()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Thu, 16 Jul 2015 04:57:50 +0000 (06:57 +0200)]
s3:winbindd: initialize an [in,out] variable in rpc_try_lookup_sids3()
The input value of count is ignored by the server,
but we should not send an uninitialized value.
Found by valgrind.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andreas Schneider [Fri, 17 Jul 2015 08:54:17 +0000 (10:54 +0200)]
s3-auth: Fix a possible null pointer dereference
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11404
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul 17 14:04:01 CEST 2015 on sn-devel-104
Andreas Schneider [Fri, 17 Jul 2015 07:03:25 +0000 (09:03 +0200)]
s4-kerberos: Make sure we handle kvno's in keytabs correctly
Signed-off-by: Andreas Schneider <asn@samba.org>
Uri Simchoni [Sun, 12 Jul 2015 06:38:01 +0000 (09:38 +0300)]
torture: include config.h before any glibc headers
config.h may have some flags which affect glibc behavior, e.g.
_FILE_OFFSET_BITS=64. To make sure these flags have the desired
effect, config.h must be included before any glibc header files.
Also remove inclusion of some system files, relying on
replace/system/*.h instead.
This commit does not fix a specific known bug. It changes the code to
comply with coding conventions.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Stefan Metzmacher" <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 17 04:41:14 CEST 2015 on sn-devel-104
Uri Simchoni [Sun, 12 Jul 2015 06:36:46 +0000 (09:36 +0300)]
fssd: include config.h before any glibc headers
config.h may have some flags which affect glibc behavior, e.g.
_FILE_OFFSET_BITS=64. To make sure these flags have the desired
effect, config.h must be included before any glibc header files.
This commit does not fix a specific known bug. It changes the code to
comply with coding conventions.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Stefan Metzmacher" <metze@samba.org>
Uri Simchoni [Sun, 12 Jul 2015 06:31:52 +0000 (09:31 +0300)]
source3/lib: include config.h before any glibc headers
config.h may have some flags which affect glibc behavior, e.g.
_FILE_OFFSET_BITS=64. To make sure these flags have the desired
effect, config.h must be included before any glibc header files.
This commit does not fix a specific known bug. It changes the code to
comply with coding conventions.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Stefan Metzmacher" <metze@samba.org>
Uri Simchoni [Sun, 12 Jul 2015 06:30:36 +0000 (09:30 +0300)]
lib/util: include config.h before any glibc headers
config.h may have some flags which affect glibc behavior, e.g.
_FILE_OFFSET_BITS=64. To make sure these flags have the desired
effect, config.h must be included before any glibc header files.
This commit does not fix a specific known bug. It changes the code to
comply with coding conventions.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Stefan Metzmacher" <metze@samba.org>
Uri Simchoni [Sun, 12 Jul 2015 06:29:13 +0000 (09:29 +0300)]
tdbrestore: include config.h before any glibc headers
config.h may have some flags which affect glibc behavior, e.g.
_FILE_OFFSET_BITS=64. To make sure these flags have the desired
effect, config.h must be included before any glibc header files.
This commit does not fix a specific known bug. It changes the code to
comply with coding conventions.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Stefan Metzmacher" <metze@samba.org>
Uri Simchoni [Thu, 2 Jul 2015 17:15:43 +0000 (20:15 +0300)]
libads: disable dns_lookup_realm in auto-generated krb5.conf files
This patch sets dns_lookup_realm=false in samba-generated krb5.conf.
Disabling dns_lookup_realm in krb5.conf is the recommended practice for
Kerberos usage in Active Directory environment. dns_lookup_realm is enabled
by default, at least in Heimdal.
When used by samba, Kerberos libraries operate based on either the system
krb5.conf, or a private krb5.conf generated specifically for the domain by
samba code. In the former case, it's the responsibility of the administrator
to set dns_lookup_realm=false. In the latter case, it's the responsibility
of samba - which is what this patch does.
In many usage scenarios the value of this variable is of no consequence
since samba knows the realm in which it is operating, and knows how to
generate service principal names. However, there are some scenarios
in which samba calls kerberos_get_principal_from_service_hostname(),
and here samba consults the Kerberos libraries and this parameter comes
into play. One primary example is cli_full_connection() function.
Not setting dns_lookup_realm leads to a series of DNS TXT record lookups.
This can be observed by running "net ads join -k -U <user>".
In AD environments, the TXT queries typically fail quickly, but test setups
or misconfigured DNS may lead to large timeouts (for example, if the domain
is dept.example.com but there's no parent example.com domain and no DNS
zones for example.com). At the very least we want to avoid those lookups
because they are hardly documented and lead to confusion.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 9 Jul 2015 08:11:22 +0000 (10:11 +0200)]
selftest: Do not lookup the realm with Kerberos
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 9 Mar 2015 19:37:45 +0000 (20:37 +0100)]
s4-torture: Make the backupkey test as a noop with MIT Kerberos.
The test is planned but will be skipped in the MIT case this way. We
need to rewrite the test using a proper cryto/tls library.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 8 Jul 2015 15:03:18 +0000 (17:03 +0200)]
s4-waf: Reformat torture_rpc
This makes it easier to read and see what changed in patches.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 23 Apr 2015 17:18:32 +0000 (19:18 +0200)]
s4-auth: Always pass down the salt principal
We should always pass down the saltPrincipal to smb_krb5_update_keytab()
function.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 17 Apr 2015 13:54:03 +0000 (15:54 +0200)]
s4-auth: Use kerberos util functions in srv_keytab
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 17 Apr 2015 13:53:41 +0000 (15:53 +0200)]
s4-auth: Add smb_krb5_remove_obsolete_keytab_entries()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 17 Apr 2015 13:53:06 +0000 (15:53 +0200)]
s4-auth: Add smb_krb5_create_principals_array()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Thu, 16 Apr 2015 11:00:54 +0000 (13:00 +0200)]
s4-samdb: Correctly cast data pointer
This fixes a signedness warning.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 16 Jul 2015 13:01:09 +0000 (15:01 +0200)]
vfs: Consolidate failure paths in vfswrap_init_asys_ctx
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 17 01:35:33 CEST 2015 on sn-devel-104
Volker Lendecke [Thu, 16 Jul 2015 13:00:12 +0000 (15:00 +0200)]
vfs: Fix CID
1035384 Unchecked return value from library
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 25 Jun 2015 16:44:44 +0000 (18:44 +0200)]
s3:smbd: change a loglevel from 0 to 1 when SMB_VFS_CONNECT fails
Logging at level 0 may result in log flooding. Additionally log the
share name that failed in SMB_VFS_CONNECT.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jul 16 20:24:47 CEST 2015 on sn-devel-104
Ralph Boehme [Thu, 25 Jun 2015 16:43:50 +0000 (18:43 +0200)]
vfs_shadow_copy2: change log level from 0 to 1 and log share path
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Uri Simchoni [Mon, 13 Jul 2015 18:42:57 +0000 (21:42 +0300)]
winbindd: shorten client list scan
Counting on the client list being sorted by last access time,
the list scan for removing timed-out clients is shortened - once
the list is scanned oldest to newest, and once a non-timed-out
client is found, the scan can stop.
Also, finding the oldest idle client for removing an idle client
is simplified - oldest idle client is last idle client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11397
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 16 01:45:20 CEST 2015 on sn-devel-104
Uri Simchoni [Mon, 13 Jul 2015 18:33:41 +0000 (21:33 +0300)]
winbindd: keep client list sorted by access time
Keep client list sorted by last access time, newest
to oldest.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11397
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Uri Simchoni [Mon, 13 Jul 2015 18:08:16 +0000 (21:08 +0300)]
winbindd: add service routines to support a sorted client list
Add some routines that support keeping the client list sorted
(by last access time) and traversing the list from oldest to
newest
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11397
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Uri Simchoni [Mon, 6 Jul 2015 09:13:15 +0000 (12:13 +0300)]
doc: clarify "winbind max clients"
Add clarification about the nature of "winbind max clients" parameter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11397
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Uri Simchoni [Mon, 6 Jul 2015 18:29:17 +0000 (21:29 +0300)]
winbindd: periodically remove timed out clients
Periodically scan winbind client list and close connections
in which either the client is idle, or the request is taking
too long to complete.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11397
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Uri Simchoni [Tue, 2 Jun 2015 21:36:27 +0000 (00:36 +0300)]
winbind client: avoid vicious cycle created by client retry
This patch cancels the retry policy of the winbind client.
When winbindd fails to respond to a request within 30 seconds,
the winbind client closes the connection and retries up to 10
times.
In some cases, delayed response is a result of multiple
requests from multiple clients piling up on the winbind domain
child process. Retrying just piles more and more requests,
creating a vicious cycle.
Even in the case of a single request taking long to complete,
there's no point in retrying because the retry request would just
wait for the current request to complete. Better to wait patiently.
There's one possible benefit in the retry, namely that winbindd typically
caches the results, and therefore a retry might take a cached result, so
the net effect of the retry may be to increase the timeout to 300 seconds.
But a more straightforward way to have a 300 second timeout is to modify the
timeout. Therefore the timeout is modified from 30 seconds to 300 seconds
(IMHO 300 seconds is too much, but we have "winbind rquest timeout"
with a default of 60 to make sure the request completes or fails
within 60 seconds)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11397
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Uri Simchoni [Thu, 25 Jun 2015 07:12:37 +0000 (10:12 +0300)]
winbindd: verify that client has closed the connection
A recent change was to remove a client if the client socket
has become readable. In this change, a check is added to
determine the source of the readbility (actual readability,
closed connection, or some other error), and a suitable
debug message is printed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11397
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Uri Simchoni [Thu, 25 Jun 2015 06:46:24 +0000 (09:46 +0300)]
async_req: check for errors when monitoring socket for readability
Add an option to wait_for_read_send(), so that the request, upon
calling back, report whether the socket actually contains data
or is in EOF/error state. EOF is signalled via the EPIPE error.
This is useful for clients which do not expect data to arrive but
wait for readability to detect a closed socket (i.e. they do not
intend to actually read the socket when it's readable). Actual data
arrival would indicate a bug in this case, so the check can
be used to print an error message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11397
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Uri Simchoni [Thu, 25 Jun 2015 05:59:20 +0000 (08:59 +0300)]
winbindd: cleanup client connection if the client closes the connection
This patch allows for early cleanup of client connections if the client
has given up.
Before this patch, any received request would be processed, and then only
upon transmitting the result to the client would winbindd find out the
client is no longer with us, possibly leading to a situation where the
same client tries over and over and increases the number of client
connections.
This patch monitors the client socket for readability while the request
is being processed, and closes the client connection if the socket
becomes readable. The client is not supposed to be writing anything to
the socket while it is waiting, so readability means either that the client
has closed the connection, or that it has broken the protocol.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11397
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Uri Simchoni [Mon, 22 Jun 2015 03:38:04 +0000 (06:38 +0300)]
winbindd: set file descriptor limit according to configuration
Set the winbindd process file descriptor limit according to
the values that affect it in the configuration:
- Maximum number of clients
- Number of outgoing connections per domain
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11397
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Wed, 15 Jul 2015 14:23:12 +0000 (16:23 +0200)]
docs:smb.conf: fix typo in 'smb encrypt' text.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jul 15 22:40:54 CEST 2015 on sn-devel-104
Andreas Schneider [Wed, 15 Jul 2015 11:22:40 +0000 (13:22 +0200)]
docs: Documents length limitations for NetBIOS name
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11401
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 15 19:35:48 CEST 2015 on sn-devel-104
Alexander Bokovoy [Thu, 7 May 2015 14:12:03 +0000 (14:12 +0000)]
auth/credentials: if credentials have principal set, they are not anonymous anymore
When dealing with Kerberos, we cannot consider credentials anonymous
if credentials were obtained properly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11265
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan (metze) Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Jul 15 16:32:55 CEST 2015 on sn-devel-104
Andreas Schneider [Tue, 14 Jul 2015 09:46:22 +0000 (11:46 +0200)]
CID
1311772: Fix null pointer check
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 15 04:50:36 CEST 2015 on sn-devel-104
Andreas Schneider [Tue, 14 Jul 2015 09:44:58 +0000 (11:44 +0200)]
CID
1311771: Fix a null pointer dereference
We check for dir == NULL but dereference it during variable declaration.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 14 Jul 2015 09:40:31 +0000 (11:40 +0200)]
CID
1311767: Cast enum type to avoid compiler warnings
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 14 Jul 2015 09:34:45 +0000 (11:34 +0200)]
CID
1311764: Fix logical compare in if clause
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 14 Jul 2015 09:33:35 +0000 (11:33 +0200)]
CID
1311763: Fix incorrect return value
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Günther Deschner [Thu, 9 Jul 2015 13:44:41 +0000 (15:44 +0200)]
s4-torture: add test for ClusterControl to clusapi testsuite.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Autobuild-User(master): José A. Rivera <jarrpa@samba.org>
Autobuild-Date(master): Wed Jul 15 00:25:38 CEST 2015 on sn-devel-104
Günther Deschner [Thu, 9 Jul 2015 13:12:58 +0000 (15:12 +0200)]
clusapi: add and use clusapi_ClusterControlCode to IDL.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Günther Deschner [Thu, 9 Jul 2015 13:56:44 +0000 (15:56 +0200)]
s3-rpcclient: add cmd_clusapi_get_cluster_version2.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Günther Deschner [Mon, 6 Jul 2015 11:59:27 +0000 (13:59 +0200)]
s4-torture: add test for clusapi_QueryValue.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Günther Deschner [Fri, 3 Jul 2015 23:26:44 +0000 (01:26 +0200)]
clusapi: use winreg_AccessMask in clusapi.idl.
Make winreg_AccessMask public to access it outside winreg.idl.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Günther Deschner [Fri, 3 Jul 2015 23:26:01 +0000 (01:26 +0200)]
s4-torture: add more tests for dcerpc_clusapi_CreateEnum.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Günther Deschner [Wed, 1 Jul 2015 17:29:28 +0000 (19:29 +0200)]
s4-torture: make sure to always seal the clusapi connection in witness test.
clusapi only works via DCE/RPC sealed connections in Windows 2012R2.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Günther Deschner [Wed, 1 Jul 2015 13:40:06 +0000 (15:40 +0200)]
s4-torture: do some more inspection on expected witness_AsyncNotify replies.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Günther Deschner [Wed, 1 Jul 2015 13:14:19 +0000 (15:14 +0200)]
s4-torture: add test for ClusterControl to clusapi testsuite.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Günther Deschner [Thu, 9 Jul 2015 16:05:12 +0000 (18:05 +0200)]
s4-torture: use smb_krb5_principal_set_type() in lsa forest krb5 tests.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul 14 19:15:59 CEST 2015 on sn-devel-104
Günther Deschner [Thu, 9 Jul 2015 16:02:31 +0000 (18:02 +0200)]
s4-torture: use krb5_error in lsa forest trust tests.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 9 Jul 2015 16:01:34 +0000 (18:01 +0200)]
s4-torture: use smb_krb5_free_error() in lsa forest krb5 tests.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 9 Jul 2015 16:00:49 +0000 (18:00 +0200)]
lib/krb5: add new KRB5_ERROR_CODE() abstraction macro.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 9 Jul 2015 16:00:13 +0000 (18:00 +0200)]
s4-torture: use smb_krb5_principal_get_type in lsa forest krb5 tests.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Thu, 9 Jul 2015 15:59:28 +0000 (17:59 +0200)]
s4-torture: use smb_krb5_make_principal() in lsa forest krb5 tests.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jeremy Allison [Mon, 13 Jul 2015 21:15:45 +0000 (14:15 -0700)]
s3: tests: Add blackbox test for scopy.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul 14 16:10:44 CEST 2015 on sn-devel-104
Jeremy Allison [Fri, 10 Jul 2015 17:29:01 +0000 (10:29 -0700)]
docs: Document new scopy command.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Anubhav Rakshit [Thu, 25 Jun 2015 06:07:18 +0000 (11:37 +0530)]
s3:client: Add "scopy" cmd to perform Server Side copy using smbclient.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Amitay Isaacs [Tue, 14 Jul 2015 06:54:59 +0000 (16:54 +1000)]
ctdb-daemon: Return correct sequence number for CONTROL_GET_DB_SEQNUM
Due to the missing cast of uint64_t, CONTROL_GET_DB_SEQNUM always returned
seqnum <= 256.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11398
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Jul 14 13:03:25 CEST 2015 on sn-devel-104
Martin Schwenke [Tue, 14 Jul 2015 02:13:58 +0000 (12:13 +1000)]
ctdb-scripts: Implement registration in nfs-linux-kernel-callout
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 14 Jul 2015 02:11:39 +0000 (12:11 +1000)]
ctdb-scripts: Add registration for CTDB_NFS_CALLOUT operations
This is an optimisation to avoid forking the callout for operations
that are not implemented.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 14 Jul 2015 00:59:55 +0000 (10:59 +1000)]
ctdb-tests: Add some simple tests for CTDB_NFS_CALLOUT
One always passes, the other fails early.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 13 Jul 2015 11:00:29 +0000 (21:00 +1000)]
ctdb-scripts: Add portmapper NFS .check file
Unhealthy after 1 failed attempt to contact the portmapper.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 13 Jul 2015 05:22:23 +0000 (15:22 +1000)]
ctdb-scripts: Move NFS support functions to 60.nfs
Now that there is only a single NFS eventscript, other eventscripts no
longer need to load all of this.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 13 Jul 2015 04:54:07 +0000 (14:54 +1000)]
ctdb-scripts: Drop configuration variable CTDB_NFS_DUMP_STUCK_THREADS
This is now handled by passing the desired number of threads to the
command specified in the dump_stuck_threads variable in .check files.
Remove unused function nfs_dump_some_threads().
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 13 Jul 2015 04:49:02 +0000 (14:49 +1000)]
ctdb-scripts: Remove unused function startstop_ganesha()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 1 Jul 2015 08:32:35 +0000 (18:32 +1000)]
ctdb-scripts: Remove 60.ganesha, replace with callout for 60.nfs
This isn't a straightforward move of code from 60.ganesha to the
callout. Simplifications have been made to allow better
interoperation with the new NFS checking logic.
The following configuration variables have been removed:
CTDB_GANESHA_REC_SUBDIR
Edit NFS ganesha callout to change this location
CTDB_NFS_SERVER_MODE, NFS_SERVER_MODE
Use CTDB_NFS_CALLOUT instead
CTDB_NFS_SKIP_KNFSD_ALIVE_CHECK, CTDB_SKIP_GANESHA_NFSD_CHECK
Disable the corresponding .check file instead
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 13 Jul 2015 01:30:51 +0000 (11:30 +1000)]
ctdb-scripts: Extend NFS .check files with service_check_cmd variable
$service_check_cmd specifies a command to run instead of the regular
rpcinfo-based check.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 24 Jun 2015 12:28:33 +0000 (22:28 +1000)]
ctdb-scripts: Remove functions startstop_nfs() and startstop_nfslock()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 13 Jul 2015 05:02:48 +0000 (15:02 +1000)]
ctdb-scripts: Remove configuration variable CTDB_MONITOR_NFS_THREAD_COUNT
This is now always enabled. If nfsd thread monitoring is not required
then make CTDB_NFS_CALLOUT point to a wrapper around
nfs-linux-kernel-callout that does not implement "monitor-post".
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 24 Jun 2015 11:36:14 +0000 (21:36 +1000)]
ctdb-scripts: Parameterise 60.nfs with $CTDB_NFS_CALLOUT
The goal is to have a single NFS eventscript.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 19 Jun 2015 06:54:33 +0000 (16:54 +1000)]
ctdb-scripts: Remove old NFS checking code
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>