Christof Schmitt [Mon, 6 Apr 2015 21:56:11 +0000 (14:56 -0700)]
vfs_gpfs: Remove check for fileset quota
Querying the fileset id requires additional GPFS API calls and also
opening a directory, which might have other side effects. A better
option would be configuring the file system with --filesetdf, then the
fileset quota is automatically reflected in the free space information
reported from gpfs.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Richard Sharpe [Tue, 14 Apr 2015 14:02:37 +0000 (07:02 -0700)]
Change all uses of uint16/uint32/uint64 to uintXX_t in smb.h.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 16 23:44:00 CEST 2015 on sn-devel-104
Volker Lendecke [Tue, 14 Apr 2015 10:17:20 +0000 (10:17 +0000)]
winbind: Avoid a few talloc_tos() in winbindd_cache.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 14 Apr 2015 10:06:55 +0000 (10:06 +0000)]
winbind: Use tdb_parse_record in wcache_fetch_seqnum
This removes a malloc use
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Richard Sharpe [Wed, 15 Apr 2015 20:53:09 +0000 (13:53 -0700)]
s3: smbd: Make sure we do not pass paths with ./ on the front to VFS routines.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 16 07:30:30 CEST 2015 on sn-devel-104
Richard Sharpe [Tue, 14 Apr 2015 14:50:28 +0000 (07:50 -0700)]
Change the registry subsystem to use uint32_t from uint32. Also change session.h.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 16 00:37:28 CEST 2015 on sn-devel-104
David Disseldorp [Wed, 15 Apr 2015 13:48:06 +0000 (15:48 +0200)]
spoolss: cache_key handle allocation failures early
On cache_key allocation failure, set_printer_hnd_name() currently
stumbles through the rest of the function, and includes extra logic to
handle a NULL key later on.
Handling the allocation failure early makes sense, and also allows for
the NULL key checks to be removed.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Apr 15 18:55:50 CEST 2015 on sn-devel-104
Andreas Schneider [Tue, 14 Apr 2015 08:56:53 +0000 (10:56 +0200)]
torture: Free the temporary memory context
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 15 11:20:22 CEST 2015 on sn-devel-104
Andreas Schneider [Mon, 13 Apr 2015 13:37:58 +0000 (15:37 +0200)]
torture: Correctly invalidate the memory ccache.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Andrew Bartlett [Tue, 14 Apr 2015 05:18:02 +0000 (17:18 +1200)]
autobuild: Add options to set mail host and send e-mail with logs
This helps when running the script in a cloud instance as
it is cheapest to shut it down once run
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 15 08:41:37 CEST 2015 on sn-devel-104
Andrew Bartlett [Tue, 14 Apr 2015 00:19:56 +0000 (12:19 +1200)]
autobuild: Do not consider IDL.pm and Expr.pm changes to make a build bad
This allows a different yapp to be installed on the build host without failing
the whole autobuild
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Tue, 14 Apr 2015 00:00:36 +0000 (12:00 +1200)]
Improve output of check-clean-tree.sh script
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Tue, 14 Apr 2015 00:03:43 +0000 (12:03 +1200)]
.gitignore: Ignore pidl/MYMETA.json
This is generated by newer versions of MakeMaker
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Andrew Bartlett [Mon, 13 Apr 2015 23:59:57 +0000 (11:59 +1200)]
autobuild: Do not wait when running just one target
This avoids having to remember to specify AUTOBUILD_RANDOM_SLEEP_OVERRIDE manually
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Roel van Meer [Tue, 14 Apr 2015 14:59:13 +0000 (16:59 +0200)]
Fix incorrect order of arguments in error string
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <rb@sernet.de>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 15 05:57:25 CEST 2015 on sn-devel-104
Julien Kerihuel [Mon, 6 Apr 2015 09:26:58 +0000 (11:26 +0200)]
Add DCERPC flag to call unbind hooks without destroying the connection itself upon termination of a connection with outstanding pending calls.
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 14 20:39:34 CEST 2015 on sn-devel-104
David Disseldorp [Tue, 31 Mar 2015 23:03:13 +0000 (01:03 +0200)]
spoolss: purge the printer name cache on name change
Currently the name cache is only cleared on printer deletion. This means
that if a printer undergoes a name change, the old name remains in the
cache and can be subsequently used incorrecly if another printer takes
the same name as the old.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11210
Reported-by: Franz Pförtsch <franz.pfoertsch@brose.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 14 05:37:50 CEST 2015 on sn-devel-104
Jeremy Allison [Tue, 31 Mar 2015 21:40:23 +0000 (14:40 -0700)]
s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid.
Bug #11186: Crash seen in libsmbclient due to free of server structure during SMBC_getxattr() call
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11186
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Apr 14 02:58:43 CEST 2015 on sn-devel-104
Günther Deschner [Mon, 13 Apr 2015 11:05:59 +0000 (13:05 +0200)]
witness: add WITNESS_UNSPECIFIED_VERSION to IDL.
This version is seen in witness_GetInterfaceList replies from Windows Server
2012 R2.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Apr 13 15:44:42 CEST 2015 on sn-devel-104
Günther Deschner [Thu, 2 Apr 2015 11:19:59 +0000 (13:19 +0200)]
s4-torture: skip witness_AsyncNotify test for now.
We need to use real async calls in this test and add some clusapi commands so we
can remotely modify the cluster to actually trigger notifications.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 16 Jan 2015 12:49:46 +0000 (13:49 +0100)]
s4-torture: add witness torture rpc testsuite.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Mon, 23 Feb 2015 14:34:35 +0000 (15:34 +0100)]
srvsvc: add cluster specific share types to IDL.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Günther Deschner [Fri, 16 Jan 2015 12:43:01 +0000 (13:43 +0100)]
s4-torture: add witness torture ndr testsuite.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Gregor Beck [Tue, 4 Feb 2014 14:43:39 +0000 (15:43 +0100)]
librpc: further fixes for witness.idl.
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Sat, 28 Mar 2015 09:04:30 +0000 (10:04 +0100)]
s4:torture/winbind: add torture:winbindd_domain_without_prefix option
We should not assume that names in the domain
specified by 'torture:winbindd_netbios_domain' have no DOMAIN\ prefix.
On an AD DC we prefix all principals.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11183
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 9 19:35:38 CEST 2015 on sn-devel-104
Stefan Metzmacher [Sun, 29 Mar 2015 09:21:16 +0000 (11:21 +0200)]
s4:torture/local: add more torture_assert() checks
We need to make sure we return when torture_assert_passwd_equal()
or torture_assert_group_equal() fails.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11183
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sun, 29 Mar 2015 09:15:29 +0000 (11:15 +0200)]
selftest/Samba4: use 'testallowed account' instead of 'test allowed'
local.nss test might print lines starting with 'test allowed:...'
and that confused the subunit parser.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sat, 28 Mar 2015 09:07:41 +0000 (10:07 +0100)]
selftest/knownfail: remove unused ^samba4.winbind.struct.show_sequence\(ad_dc\) line
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Tue, 7 Apr 2015 14:12:18 +0000 (16:12 +0200)]
rpcclient: Fix the timeout command
https://bugzilla.samba.org/show_bug.cgi?id=11199
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr 9 16:57:15 CEST 2015 on sn-devel-104
Volker Lendecke [Wed, 8 Apr 2015 14:46:44 +0000 (16:46 +0200)]
fss: Fix CID
1293354 Wrong operator used
Not used right now, but prevent future confusion.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Apr 8 19:36:36 CEST 2015 on sn-devel-104
Andreas Schneider [Tue, 7 Apr 2015 14:30:30 +0000 (16:30 +0200)]
waf: Fix systemd detection
https://bugzilla.samba.org/show_bug.cgi?id=11200
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 8 15:06:26 CEST 2015 on sn-devel-104
Martin Schwenke [Sat, 21 Feb 2015 19:37:41 +0000 (06:37 +1100)]
ctdb-tests: Use ctdb_node_list_to_map() in tool stubs
Drop copy of old ctdb_control_nodemap().
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Apr 7 10:20:41 CEST 2015 on sn-devel-104
Martin Schwenke [Fri, 20 Feb 2015 01:34:25 +0000 (12:34 +1100)]
ctdb-common: Move ctdb_node_list_to_map() to utilities
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 20 Feb 2015 01:31:37 +0000 (12:31 +1100)]
ctdb-daemon: Factor out new function ctdb_node_list_to_map()
Change ctdb_control_getnodemap() to use this.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 4 Feb 2015 01:06:56 +0000 (12:06 +1100)]
ctdb-tools: Drop the recovery from "reloadnodes"
A recovery is not required: when deleting a node it should already be
disconnected and when adding a node it will also be disconnected. The
new sanity checks in "reloadnodes" ensure that these assumptions are
met.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 10 Feb 2015 04:43:03 +0000 (15:43 +1100)]
ctdb-daemon: Don't delay reloading the nodes file
Presumably this was done to minimise the chance of a recovery
occurring while the nodemaps are inconsistent across nodes.
Another potential theory is that the forced recovery in the
ctdb.c:control_reload_nodes_file() stops another recovery occurring
for ReRecoveryTimeout seconds, so this delay causes the reloads to
occur during that period.
This is no longer necessary because recoveries are now explicitly
disabled while node files are reloaded.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 6 Feb 2015 09:59:11 +0000 (20:59 +1100)]
ctdb-recoverd: Avoid nodemap-related checks when recoveries are disabled
The potential resulting recovery won't run anyway. Also recoveries
may have been disabled by "reloadnodes" and if the nodemaps are
inconsistent between nodes then avoid triggering an unnecessary
recovery.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 9 Feb 2015 09:20:44 +0000 (20:20 +1100)]
ctdb-tool: Update "reloadnodes" to disable recoveries
If a recovery occurs when some nodes have reloaded and others haven't
then the nodemaps with be inconsistent so bad things will happen.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 6 Feb 2015 04:06:44 +0000 (15:06 +1100)]
ctdb-recoverd: New message ID CTDB_SRVID_DISABLE_RECOVERIES
Also add test stub support.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 6 Feb 2015 04:03:03 +0000 (15:03 +1100)]
ctdb-recoverd: Simplify disable_ip_check_handler() using ctdb_op_disable()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 6 Feb 2015 02:05:12 +0000 (13:05 +1100)]
ctdb-recoverd: Add slightly more abstraction for disabling takeover runs
Factor out new function srvid_disable_and_reply(), which can be
re-used.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 6 Feb 2015 03:47:33 +0000 (14:47 +1100)]
ctdb-recoverd: Reimplement ReRecoveryTimeout using ctdb_op_disable()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 6 Feb 2015 03:32:08 +0000 (14:32 +1100)]
ctdb-recoverd: Use a goto for do_recovery() failures
This will allow extra things to be done on failure.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sun, 8 Feb 2015 09:52:12 +0000 (20:52 +1100)]
ctdb-recoverd: Reimplement disabling takeover runs using ctdb_op_disable()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sun, 8 Feb 2015 09:50:38 +0000 (20:50 +1100)]
ctdb-recoverd: Add a new abstraction ctdb_op_disable()
This can be used to disable and re-enable an operation, and do all the
relevant sanity checking.
Most of this is from existing functions
disable_takeover_runs_handler(), clear_takeover_runs_disable() and
reenable_takeover_runs().
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 4 Feb 2015 06:18:12 +0000 (17:18 +1100)]
ctdb-daemon: Pass on consistent flag information to recovery daemon
Signed-off-by: Martin Schwenke <martin@meltin.net>
Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 1 Apr 2015 07:00:04 +0000 (18:00 +1100)]
ctdb-tests: Add "ctdb reloadnodes" test for "node remains deleted"
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 1 Apr 2015 06:10:46 +0000 (17:10 +1100)]
ctdb-tools: Fix spurious messages about deleted nodes being disconnected
The code was too "clever". The 4 different cases should be separate.
The "node remains deleted" case doesn't need the IP address comparison
(always 0.0.0.0) or the disconnected check.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Rajesh Joseph [Tue, 31 Mar 2015 13:28:54 +0000 (18:58 +0530)]
rpc_server: Coverity fix for CID
1273079
leaked_storage: Variable pk going out of scope leaks the storage it points to.
On failure get_pk_from_raw_keypair_params function should free up
the private key (pk) it allocates internally.
Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Apr 2 19:38:22 CEST 2015 on sn-devel-104
Michael Adam [Wed, 1 Apr 2015 10:56:05 +0000 (12:56 +0200)]
build:wafsamba: fix a typo
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Apr 2 16:39:01 CEST 2015 on sn-devel-104
Yan, Zheng [Thu, 2 Apr 2015 02:11:03 +0000 (10:11 +0800)]
vfs_ceph: add empty ACL callbacks
If a vfs module has no ACL callbacks, smbd will use its default ACL
callbacks. These default ACL callbacks operate on local filesytem,
it's clearly wrong for ceph case.
libcephfs does not support ACL yet, so this patch adds ACL callbacks
that do nothing.
Signed-off-by: Yan, Zheng <zyan@redhat.com>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Yan, Zheng [Thu, 2 Apr 2015 02:11:02 +0000 (10:11 +0800)]
vfs_ceph: use 'file descriptor' version xattr functions when possible
libcephfs version 0.94 adds 'file descriptor' version xattr functions.
This patch makes corresponding samba VFS callbacks use these new
functions.
Signed-off-by: Yan, Zheng <zyan@redhat.com>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
David Disseldorp [Tue, 31 Mar 2015 16:06:43 +0000 (18:06 +0200)]
ctdb: check for talloc_asprintf() failure
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Apr 1 15:36:03 CEST 2015 on sn-devel-104
Rajesh Joseph [Tue, 31 Mar 2015 13:13:36 +0000 (18:43 +0530)]
ctdb: Coverity fix for CID
1291643
CID
1291643: Resource leak: leaked_handle: Handle
variable lock_fd going out of scope leaks the handle.
Fix: on failure case release handle variable lock_fd
Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Andreas Schneider [Tue, 31 Mar 2015 16:15:51 +0000 (18:15 +0200)]
s3-passdb: Fix 'force user' with winbind default domain
If we set 'winbind use default domain' and specify 'force user = user'
without a domain name we fail to log in. In this case we need to try a
lookup with the domain name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11185
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 31 21:17:23 CEST 2015 on sn-devel-104
David Disseldorp [Tue, 14 May 2013 22:45:17 +0000 (00:45 +0200)]
selftest: run the FSRVP test suite against s3fs
With FSRVP server support now present along with suitable mock-up test
infrastructure, run the FSRVP test suite against s3fs.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Tue, 14 May 2013 22:42:35 +0000 (00:42 +0200)]
selftest: add snapshot share configuration
Define a share that uses both vfs_shell_snap and fake_snap.pl to create,
delete and expose fake snapshots in response to FSRVP requests.
Additionally test snapshot enumeration and access via the shadow_copy2
module.
Allow for simple testing of FSRVP message sequence timeouts, by
specifying an artificially small interval.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Mon, 7 Jul 2014 12:16:13 +0000 (14:16 +0200)]
doc: add vfs_shell_snap manpage
Document usage of the shell_snap VFS module, explaining when and how
each of the shell script commands are called.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Wed, 30 Jan 2013 13:42:46 +0000 (14:42 +0100)]
vfs: add vfs_shell_snap module
The shell_snap VFS module plumbs into the snapshot (aka shadow-copy)
management paths used by Samba's File Server Remote VSS Protocol (FSRVP)
server.
The following shell callouts may be configured in smb.conf:
shell_snap: check path command
- Called when an FSRVP client wishes to check whether a given
share supports snapshot create/delete requests.
- The command is called with a single <share path> argument.
- The command must return 0 if <share path> is capable of being
snapshotted.
shell_snap: create command
- Called when an FSRVP client wishes to create a snapshot.
- The command is called with a single <share path> argument.
- The command must return 0 status if the snapshot was
successfully taken.
- The command must output the path of the newly created snapshot
to stdout.
shell_snap: delete command
- Called when an FSRVP client wishes to delete a snapshot.
- The command is called with <base share path> and
<snapshot share path> arguments.
- The command must return 0 status if the snapshot was
successfully removed.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Fri, 14 Sep 2012 18:55:40 +0000 (20:55 +0200)]
doc: explain vfs_btrfs remote snapshot configuration
This extends the vfs_btrfs man page to also cover FSRVP remote snapshot
behaviour and configuration.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Fri, 14 Feb 2014 00:18:41 +0000 (01:18 +0100)]
doc: explain vfs_snapper remote snapshot configuration
This extends the vfs_snapper man page to also cover FSRVP remote
snapshot behaviour and configuration.
The permissions section is also extended to describe specific Samba and
Snapper requirements for remote snapshot creation and deletion using
DiskShadow.exe.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Wed, 26 Nov 2014 12:01:00 +0000 (13:01 +0100)]
doc: "prune stale" and "sequence timeout" fssd parameters
This change adds smb.conf documentation for the "fss: prune stale" and
"fss: sequence timeout" parameters accepted by Samba's FSRVP server.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Noel Power [Thu, 13 Nov 2014 11:13:35 +0000 (11:13 +0000)]
fsrvp: prune shadow copies if associated path doesn't exist
This patch implements some simple FSRVP server housekeeping. On startup
the server scans the cached entries, any entries where the underlying
system paths associated with shadow copies no longer exist are removed
from the cache and from the registry.
This behaviour is disabled by default, but can be enabled via the new
"fss: prune stale" smb.conf parameter.
Signed-off-by: Noel Power <noel.power@suse.com>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Tue, 10 Apr 2012 12:32:41 +0000 (14:32 +0200)]
fsrvp: add remote snapshot RPC server
The Samba fss_agent RPC server is an implementation of the File Server
Remote VSS (Volume Shadow Copy Service) Protocol, or FSRVP for short.
FSRVP is new with Windows Server 2012, and allows authenticated clients
to remotely request the creation, exposure and deletion of share
snapshots.
The fss_agent RPC server processes requests on the FssAgentRpc named
pipe, and dispatches relevant snapshot creation and deletion requests
through to the VFS.
The registry smb.conf back-end is used to expose snapshot shares, with
configuration parameters and share ACLs cloned from the base share.
There are three FSRVP client implementations that I'm aware of:
- Samba rpcclient includes fss_X commands.
- Windows Server 2012 includes diskshadow.exe.
- System Center 2012.
FSRVP operations are only processed for users with:
- Built-in Administrators group membership, or
- Built-in Backup Operators group membership, or
- Backup Operator privileges, or
- Security token matches the initial process UID
MS-FSRVP specifies that server state should be stored persistently
during operation and retrieved on startup. Use the existing fss_srv.tdb
FSRVP state storage back-end to satisfy this requirement.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Sun, 14 Oct 2012 17:54:24 +0000 (19:54 +0200)]
vfs_snapper: create/delete snapshot support
Extend vfs_snapper to support the new remote snapshot creation and
deletion hooks added for FSRVP.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Tue, 4 Sep 2012 13:29:58 +0000 (15:29 +0200)]
vfs_btrfs: add snapshot create/delete calls
The "btrfs: manipulate snapshots" smb.conf parameter is disabled by
default, to encourage use of, and pass requests through to, the
vfs_snapper module.
When enabled, issue BTRFS_IOC_SNAP_CREATE_V2 and BTRFS_IOC_SNAP_DESTROY
ioctls accordingly. The ioctls are issued as root, so rely on permission
checks in the calling FSRVP server process.
Base share paths must exist as btrfs subvolumes in order to
be supported for snapshot operations.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Mon, 23 Mar 2015 18:37:05 +0000 (19:37 +0100)]
replace: check for dirname() and basename()
These functions are provided by libgen.h, and conform to POSIX.1-2001.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Tue, 10 Apr 2012 01:16:57 +0000 (03:16 +0200)]
vfs: add snapshot create/delete hooks
This change adds three new VFS hooks covering snapshot manipulation:
- snap_check_path
Check whether a path supports snapshots.
- snap_create
Request the creation of a snapshot of the provided path.
- snap_delete
Request the deletion of a snapshot.
These VFS call-outs will be used in future by Samba's File Server Remote
VSS Protocol (FSRVP) server.
MS-FSVRP states:
At any given time, Windows servers allow only one shadow copy set to
be going through the creation process.
Therefore, only provide synchronous hooks for now, which can be
converted to asynchronous _send/_recv functions when the corresponding
DCE/RPC server infrastructure is in place.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Tue, 11 Sep 2012 09:59:45 +0000 (11:59 +0200)]
torture: add local FSRVP server state tests
Test the storage and retrieval of FSRVP server state, with varying
shadow-copy set, shadow copy and share map hierarchies.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Fri, 3 Jan 2014 15:21:22 +0000 (16:21 +0100)]
fsrvp: add server state storage back-end
MS-FSRVP specifies:
the server MUST persist all state information into an implementation-
specific configuration store.
This change adds a fss_srv TDB database to preserve FSRVP server state,
with the following keys used to track shadow copy state and hierarchy:
- sc_set/<shadow copy set GUID>
A shadow copy set tracks a collection of zero or more shadow copies,
as initiated by a StartShadowCopySet FSRVP client request.
- sc_set/<shadow copy set GUID>/sc/<shadow copy GUID>
A shadow copy defines information about a snapshot base volume, the
snapshot path, and a collection of share maps. It is initiated by an
AddToShadowCopySet client request.
- sc_set/<shadow copy set GUID>/sc/<shadow copy GUID>/smap/<smap GUID>
A share map tracks new shares that are created to expose shadow
copies.
All structures are marshalled into on-disk format using the previously
added fsrvp_state IDL library.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Wed, 25 Mar 2015 11:35:27 +0000 (12:35 +0100)]
librpc: add FSRVP server state idl
FSRVP server state must be retained persistently. This change adds IDL
definitions for the share map, shadow-copy and shadow-copy set types,
which will be used for marshalling and unmarshalling state alongside
database storage or retrieval.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Mon, 30 Mar 2015 18:41:09 +0000 (11:41 -0700)]
waf: Remove 'linkflags.remove(x)' line added in error.
Fixes bug #11165 - Bug in configure scripts when system-mitkrb5 is used
https://bugzilla.samba.org/show_bug.cgi?id=11165
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Mar 31 04:32:52 CEST 2015 on sn-devel-104
Amitay Isaacs [Fri, 15 Aug 2014 01:36:40 +0000 (11:36 +1000)]
tdb: Do not build test binaries if it's not a standalone build
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 31 01:56:02 CEST 2015 on sn-devel-104
Günther Deschner [Fri, 27 Mar 2015 14:31:36 +0000 (15:31 +0100)]
s4-torture: add test to verify nbt_name with "." ending handling.
Windows uses a username of 'domain.example.com.' and we need to return it that
way in the NETLOGON_SAM_LOGON_RESPONSE_EX.
See
e6e2ec0001fe3c010445e26cc0efddbc1f73416b for further details.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Mar 30 16:18:04 CEST 2015 on sn-devel-104
Günther Deschner [Fri, 27 Mar 2015 16:47:42 +0000 (17:47 +0100)]
s4-torture: use torture_comment instead of printf in raw notify test.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Günther Deschner [Fri, 27 Mar 2015 16:40:16 +0000 (17:40 +0100)]
s4-torture: use tctx variable name in raw notify test consistently.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Michael Adam [Fri, 27 Mar 2015 09:34:34 +0000 (10:34 +0100)]
s4:torture:raw:notify: torture_assert on creation of secondary tcon
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Fri, 27 Mar 2015 09:25:17 +0000 (10:25 +0100)]
s4:torture:raw:notify: use torture_assert instead of printf in test_notify_tree
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Fri, 27 Mar 2015 09:19:26 +0000 (10:19 +0100)]
s4:torture:raw:notify: let NOTIFY_MASK_TEST use torture_assert macros
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Thu, 26 Mar 2015 23:43:30 +0000 (00:43 +0100)]
s4:torture:raw:notify: remove extra do-loop in NOTIFY_MASK_TEST macro.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Thu, 26 Mar 2015 18:41:06 +0000 (19:41 +0100)]
s4:torture:raw:notify: use torture_assert instead of printf in failure case
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Thu, 26 Mar 2015 18:36:52 +0000 (19:36 +0100)]
s4:torture:raw:notify: remove superfluous conditional goto
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Thu, 26 Mar 2015 18:22:08 +0000 (19:22 +0100)]
s4:torture:raw:notify: treat torture_open_connection calls with torture_assert
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Thu, 26 Mar 2015 18:18:43 +0000 (19:18 +0100)]
s4:torture:raw:notify: use torture_assert with torture_setup_dir
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Thu, 26 Mar 2015 18:13:58 +0000 (19:13 +0100)]
s4:torture:raw:notify: add a few comments to torture_assert calls
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Thu, 26 Mar 2015 18:11:16 +0000 (19:11 +0100)]
s4:torture:raw:notify: improve the CHECK_WSTR() macro
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Thu, 26 Mar 2015 18:08:26 +0000 (19:08 +0100)]
s4:torture:raw:notify: make check_rename_reply() properly use torture_result
Only change currently: the CHECK_WSTR calls report the line
number of this function now instead of the handed in
line of the callers. This could be fixed by turning this
function into a macro...
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Thu, 26 Mar 2015 17:58:05 +0000 (18:58 +0100)]
s4:torture:raw:notify: remove CHECK_WSTR2.
The original CHECK_WSTR() macro was not setting torture failure,
leading to errors instead of propoer failures.
The original CHECK_WSTR2() macro was exactly like the CHECK_WSTR
macro but using propoer torture_result() calls.
This patch removes the original CHECK_WSTR(), renames CHECK_WSTR2
to CHECK_WSTR and adapts the callers, hence removing the source
of many potential missing torture_assert messages.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Thu, 26 Mar 2015 17:45:47 +0000 (18:45 +0100)]
s4:torture:raw:notify: remove CHECK_VAL.
This macro is not setting torture failure, leading to errors instead
of failures. Use torture_assert_ntstatus_(ok|equal)* macros.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Thu, 26 Mar 2015 11:00:15 +0000 (12:00 +0100)]
s4:torture:raw:notify: remove CHECK_STATUS.
This macro is not setting torture failure, leading to errors instead
of failures. Use torture_assert_ntstatus_(ok|equal)* macros.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Thu, 26 Mar 2015 20:20:23 +0000 (21:20 +0100)]
torture: add torture_assert_not_null[_goto]
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Michael Adam [Fri, 27 Mar 2015 09:02:28 +0000 (10:02 +0100)]
torture: add torture_assert_int_not_equal_goto
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 30 Jan 2015 09:21:59 +0000 (09:21 +0000)]
s3:trusts_util: generate completely random passwords in trust_pw_change()
Instead of having every 2nd byte as '\0' in the utf16 password,
because the utf8 form is based on an ascii subset, we convert
the random buffer from CH_UTF16MUNGED to CH_UTF8.
This way we have a random but valid utf8 string,
which is almost like what Windows is doing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 30 Jan 2015 09:21:59 +0000 (09:21 +0000)]
s3:trusts_util: pass new_trust_version to netlogon_creds_cli_ServerPasswordSet() in trust_pw_change()
We should maintain current and previous passwords on both sides of the trust,
which mean we need to pass our view of the new version to the remote DC.
This avoid problems with replication delays and make sure the kvno
for cross-realm tickets is in sync.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 30 Jan 2015 09:21:59 +0000 (09:21 +0000)]
s3:trusts_util: make use of pdb_get_trust_credentials() and pdb_get_trusted_domain() in trust_pw_change()
Using pdb_get_trust_credentials() works for all kind of trusts
and gives us much more details regarding the credentials.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 30 Jan 2015 09:21:59 +0000 (09:21 +0000)]
s3:trusts_util: add support for SEC_CHAN_DNS_DOMAIN in trust_pw_change()
SEC_CHAN_DNS_DOMAIN trusts use longer passwords, Windows uses 240 UTF16 bytes.
Some trustAttribute flags may also make impact on the length on Windows,
but we could be better if we know that the remote domain is an AD domain.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Sat, 31 Jan 2015 10:45:12 +0000 (11:45 +0100)]
s3:rpc_server/lsa: we need to normalize the trustAuth* blobs before storing them
The number of current and previous elements need to match and we have to
fill TRUST_AUTH_TYPE_NONE if needed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Sat, 31 Jan 2015 10:45:12 +0000 (11:45 +0100)]
s4:rpc_server/lsa: we need to normalize the trustAuth* blobs before storing them
The number of current and previous elements need to match and we have to
fill TRUST_AUTH_TYPE_NONE if needed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 23 Jan 2015 15:59:27 +0000 (16:59 +0100)]
s4:rpc_server/lsa: notify winbindd about new trusted domains
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Fri, 23 Jan 2015 15:59:07 +0000 (16:59 +0100)]
s3:winbindd: add MSG_WINBIND_NEW_TRUSTED_DOMAIN that takes a lsa_TrustDomainInfoInfoEx
When a new trusted domain is added in the LSA server, we need to immediately
have the domain within winbindd. This notification is done via a
MSG_WINBIND_NEW_TRUSTED_DOMAIN message.
In future we might want just a "rescan direct trusts" message,
but that requires a lot of redesign within winbindd.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>