Stefan Metzmacher [Thu, 12 Nov 2020 16:22:19 +0000 (17:22 +0100)]
TEST1b test_spnego_connect_bind_auth_align[4|2]
Stefan Metzmacher [Wed, 11 Nov 2020 00:19:23 +0000 (01:19 +0100)]
TEST1 python/samba/tests/dcerpc/raw_protocol.py selftest/knownfail.d/dcerpc-auth-pad
Stefan Metzmacher [Wed, 11 Nov 2020 00:19:23 +0000 (01:19 +0100)]
TEST1 python/samba/tests/dcerpc/raw_protocol.py
Stefan Metzmacher [Thu, 12 Nov 2020 15:38:32 +0000 (16:38 +0100)]
dcesrv_core: introduce dcesrv_connection->transport_max_recv_frag
The max fragment size depends on the transport.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 16 Nov 2020 14:01:49 +0000 (15:01 +0100)]
tests/dcerpc/raw_protocol: run test_neg_xmit_ffff_ffff over tcp and smb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 16 Nov 2020 15:58:35 +0000 (16:58 +0100)]
dcesrv_core: add more verbose debugging for missing association groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 14 Nov 2023 13:04:30 +0000 (14:04 +0100)]
DEBUG part3
Stefan Metzmacher [Fri, 5 Jan 2024 12:21:36 +0000 (13:21 +0100)]
BACKPORT-MARKER: v4-19-witness-backports-from-wip.txt
Stefan Metzmacher [Tue, 31 Jul 2012 06:55:20 +0000 (08:55 +0200)]
smb2_tcon: add "smb3 share cap:{CONTINUOUS AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}" options
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 22 Jan 2024 18:27:03 +0000 (19:27 +0100)]
python:tests/rpcd_witness_samba_only: add tests for 'net witness force-response'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 15 Dec 2023 13:49:37 +0000 (14:49 +0100)]
s3:utils: add 'net witness force-response'
This allows generating any possible AsyncNotify response
for the specified selection of witness registrations
from rpcd_witness_registration.tdb.
This can be used by developers to test the (windows)
client behavior to specific AsyncNotify responses.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2024 13:20:00 +0000 (14:20 +0100)]
python:tests/rpcd_witness_samba_only: add tests for 'net witness force-unregister'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 15 Dec 2023 13:49:37 +0000 (14:49 +0100)]
s3:utils: add 'net witness force-unregister'
This allows removing of the specified selection
of witness registrations from rpcd_witness_registration.tdb.
Any pending AsyncNotify will get WERR_NOT_FOUND.
Typically this triggers a clean re-registration on the client.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2024 13:20:00 +0000 (14:20 +0100)]
python:tests/rpcd_witness_samba_only: add tests for 'net witness {client,share}-move'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 15 Dec 2023 13:49:37 +0000 (14:49 +0100)]
s3:utils: add 'net witness client-move' and 'net witness share-move'
These can be used to generate CLIENT_MOVE or SHARE_MOVE message
to the specified selection of witness registrations from
rpcd_witness_registration.tdb
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 20 Dec 2023 18:22:25 +0000 (19:22 +0100)]
s3:rpc_server/witness: add handling of MSG_RPCD_WITNESS_REGISTRATION_UPDATE messages
This implements the server side features for the
'net witness [client-move,...]' commands in the end.
These are administrator driven notifications for the witness client.
RPCD_WITNESS_REGISTRATION_UPDATE_FORCE_RESPONSE and
RPCD_WITNESS_REGISTRATION_UPDATE_FORCE_UNREGISTER will be very useful
for later automated testing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 21 Dec 2023 14:03:05 +0000 (15:03 +0100)]
s3:rpcd_witness.idl: add rpcd_witness_registration_updateB message definitions
This will be used for rpcd_witness_registration_updateB messages
in 'net witness [client-move,...]' commands later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 21 Dec 2023 14:03:05 +0000 (15:03 +0100)]
messaging.idl: add MSG_RPCD_WITNESS_REGISTRATION_UPDATE
This will be used for rpcd_witness_registration_updateB messages
in 'net witness [client-move,...]' commands later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Jan 2024 16:30:41 +0000 (17:30 +0100)]
python:tests/rpcd_witness_samba_only: add tests for 'net witness list'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 15 Dec 2023 13:49:37 +0000 (14:49 +0100)]
s3:utils: add 'net witness list' command
It lists the entries from the rpcd_witness_registration.tdb.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 24 Nov 2023 16:15:36 +0000 (17:15 +0100)]
s3:rpc_server/witness: let Register[Ex] store rpcd_witness_registration.tdb records
This will allow 'net witness list' to be implemented in the end.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 21 Dec 2023 14:03:05 +0000 (15:03 +0100)]
s3:rpcd_witness.idl: introduce definitions for rpcd_witness_registration.tdb records
A rpcd_witness_registration.tdb will be added shortly in order to
implement useful 'net witness [list,client-move,...]' commands
in the end.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 10 Jan 2024 14:11:24 +0000 (15:11 +0100)]
python/blackbox: add rpcd_witness_samba_only.py test
This tests the witness service and its interaction with
ctdb.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Jan 2024 15:56:58 +0000 (16:56 +0100)]
python/tests: add TestCase.get_loadparm(s3=True) support
This will be used for tests with registry shares,
as the top level loadparm system doesn't support them.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2024 12:06:57 +0000 (13:06 +0100)]
script/autobuild.py: also pass PYTHONPATH to make test of 'samba-ctdb'
Otherwise tests won't find the custom tdb python bindings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Jan 2024 16:09:51 +0000 (17:09 +0100)]
selftest/Samba: export CTDB_PREFIX in clusteredmember testenv
It means ctdb/tests/local_daemons.sh will be easily useable
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Jan 2024 16:08:06 +0000 (17:08 +0100)]
selftest/Samba3: start samba_dcerpcd in clusteredmember
This enables the rpcd_witness to be available.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Jan 2024 16:06:05 +0000 (17:06 +0100)]
selftest/Samba3: remove unused variable in setup_clusteredmember
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Jan 2024 16:03:38 +0000 (17:03 +0100)]
selftest/Samba3: get NETBIOSNAME correct for clusteredmember
It was missed in commit
7598b9069d3b983f8eb3b89b8459ec993ee43c80
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 9 Aug 2023 18:24:52 +0000 (20:24 +0200)]
s3:rpc_server/witness: add implementation based on CTDB_SRVID_IPREALLOCATED and ctdbd_all_ip_foreach()
The design is relatively simple in the end:
- We use ctdbd_all_ip_foreach() in order to build an
in memory list of interfaces(ip addresses) and
record if:
- they are currently available or not
- if they node local or not
- The current list is would we use for the
GetInterfaceList() call.
- Register[Ex] will create an in memory structure
holding a queue for pending AsyncNotify requests.
- Unregister() will cancel pending AsyncNotify requests and
let them return NOT_FOUND.
- CTDB_SRVID_IPREALLOCATED messages will cause we refresh
with ctdbd_all_ip_foreach():
- this will detect changes in the interface state
and remove stale interfaces.
- for each change the list of registrations is checked
for a matching ip address and a RESOURCE_CHANGE
will be scheduled in the queue of the registration,
the started queue will trigger AsyncNotify responses
- We also register the connections with ctdb in order
to give other nodes a chance to generate tickle-acks
for the witness tcp connections.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 9 Aug 2023 10:18:05 +0000 (12:18 +0200)]
s3:rpc_server: add basic rpcd_witness template
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 11 Aug 2023 11:07:46 +0000 (13:07 +0200)]
s3:ctdbd_conn: add ctdbd_all_ip_foreach() helper
This can we used to traverse through all ip addresses ctdb knows
about.
The caller can select node ips and/or public ips.
This will we useful to monitor the addresses from a witness
service...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 11 Aug 2023 09:51:04 +0000 (11:51 +0200)]
s3:ctdbd_conn: split out ctdbd_control_get_nodemap()
This will simplify future changes...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 11 Aug 2023 09:30:07 +0000 (11:30 +0200)]
s3:ctdbd_conn: pass vnn to ctdbd_control_get_public_ips()
In future we also want to ask other nodes for their public_ips.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Jan 2024 15:54:32 +0000 (16:54 +0100)]
witness.idl: make witness_interfaceList public to that ndr_print works in python
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 9 Jan 2024 15:46:06 +0000 (16:46 +0100)]
smbstatus: let --json include session.{creation,expiration,auth}_time
This is very useful in order to predict NETWORK_SESSION_EXPIRED
messages...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Rob van der Linde [Wed, 13 Dec 2023 01:00:00 +0000 (14:00 +1300)]
selftest: make get_loadparm a classmethod
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
18fd2e4ff35e4ec3491a1836c1896c1417126b08)
Stefan Metzmacher [Fri, 5 Jan 2024 12:17:03 +0000 (13:17 +0100)]
BACKPORT-MARKER: v4-19-witness-backports-from-txt
Stefan Metzmacher [Fri, 24 Nov 2023 13:42:35 +0000 (14:42 +0100)]
dcesrv_reply: just drop responses if the connection is already terminating
There's no reason to waste resources...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 9 11:26:55 UTC 2024 on atb-devel-224
(cherry picked from commit
1b6ef968d8370757cb472a1e3bfe030f8066c50d)
Stefan Metzmacher [Fri, 24 Nov 2023 13:02:02 +0000 (14:02 +0100)]
dcesrv_core: add dcesrv_call_state->subreq in order to allow tevent_req_cancel() on termination
Requests might be cancelled if the connection got disconnected,
we got an ORPHANED or CO_CANCEL pdu.
But this is all opt-in for the backends to choose.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
e829f5d8ec3a77acb52a22d45e61dcce03762a10)
Stefan Metzmacher [Fri, 29 Dec 2023 09:20:02 +0000 (10:20 +0100)]
witness.idl: add flag(NDR_PAHEX) to some hex based enums
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
87e37e73a9ba13ed92a33a385a387b225b2b9190)
Stefan Metzmacher [Fri, 24 Nov 2023 15:38:06 +0000 (16:38 +0100)]
witness.idl: make some types public in order to be used elsewhere
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
290b0b04ae41b835f864bba02b1320693ef199d3)
Samuel Cabrero [Wed, 21 Oct 2020 16:30:29 +0000 (18:30 +0200)]
witness.idl: Set cifs as auth service name for the witness interface
Windows clients use the 'cifs' service name to bind to the witness interface.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
5beef87816d103a729508ce88368c30c87b1fa4e)
Stefan Metzmacher [Fri, 24 Nov 2023 15:28:38 +0000 (16:28 +0100)]
tdb: fix python/tdbdump.py example
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
78ec47a6674db65d738305cf00861aa711886a43)
Ralph Boehme [Sun, 28 Jan 2018 14:35:44 +0000 (15:35 +0100)]
examples/scripts: add smbXsrvdump
A simple python tool to dump smbXsrv TDB databases.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
3c73d201d454a88135757065a2b238e6d94a1ac9)
Stefan Metzmacher [Fri, 24 Nov 2023 15:09:58 +0000 (16:09 +0100)]
smbXsrv.idl: add python bindings
This is useful for some scripting examples and debugging...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
8e850685a1052a16bea402df3e8057218080c373)
Stefan Metzmacher [Fri, 15 Dec 2023 15:46:50 +0000 (16:46 +0100)]
smbstatus: let --json dump also session channels
This makes if easier to see how tcp connections belong
to a session or client_guid.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
b96ce32f826ba03384e6a7535200d7e18354fc4b)
Stefan Metzmacher [Thu, 28 Dec 2023 09:36:25 +0000 (10:36 +0100)]
smbstatus: let --json report the client_guid a session belongs to
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
3f92a684abb577b84d01b8f9124a7a459635d851)
Stefan Metzmacher [Thu, 28 Dec 2023 09:35:43 +0000 (10:35 +0100)]
smbXsrv_session: store session_global->client_guid
This is very useful for debugging...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
c1c326ebccb272acc918a97aff5b659cc299c9e5)
Stefan Metzmacher [Fri, 15 Dec 2023 15:45:54 +0000 (16:45 +0100)]
s3:sessionid: export smbXsrv_session_global via sessionid->global
This will allow smbstatus --json to dump more details.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
88b1c8723b30930585514dacd472e4941c69220c)
Stefan Metzmacher [Thu, 21 Dec 2023 12:02:43 +0000 (13:02 +0100)]
lib/util: let is_zero_addr() return true for AF_UNSPEC
It means the completely zero'ed structure is detected
as zero address, as AF_UNSPEC is 0.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
d52f7279063817055b6816d9f8372e374c90f75f)
Stefan Metzmacher [Fri, 17 Nov 2023 12:36:02 +0000 (13:36 +0100)]
s3:smbd multichannel: improve smbXsrv_connection_dbg()
client_guid as well as local and remote address help a lot
for debugging...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
10b084f824f839497405665b904cd54f8f5ff703)
Stefan Metzmacher [Fri, 22 Dec 2023 20:50:57 +0000 (21:50 +0100)]
s3:smbd multichannel: let a cross-node session binding NT_STATUS_REQUEST_NOT_ACCEPTED
This is better than NT_STATUS_USER_SESSION_DELETED, as it means the
client can keep it's session alive. Otherwise a windows client believes
the whole session is gone and all other channels are invalid.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
475784d63e9381e8a76cd666842686c1b8d2d0b4)
Stefan Metzmacher [Fri, 29 Dec 2023 12:09:32 +0000 (13:09 +0100)]
s3:smbd multichannel: always allow multichannel to the ip of the queried connection
We can announce the ip of the current connection even if it's
a moveable cluster address... as the client is already connected to it.
This change means in a typical ctdb cluster, where we only have public
addresses, the client can at least have more than one multichannel'ed
connection to the public ip.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
8a3707e3ed96df43c8f825527deb7d27fe0c6be8)
Stefan Metzmacher [Thu, 28 Dec 2023 09:18:51 +0000 (10:18 +0100)]
libcli/security: remove PRIMARY_{USER,GROUP}_SID_INDEX defines from security.h
These and more are also defined in security_token.h, which is later included
from security.h anyway.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
f94d2ed13e6aa54e7e4e4cc292c565de1711a2a9)
Stefan Metzmacher [Fri, 22 Dec 2023 23:04:33 +0000 (00:04 +0100)]
libcli/smb: add new SMB2_SHAREFLAG_ defines in smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
6331d33ae498e03368422e585c3e47cfc73dfdb2)
Stefan Metzmacher [Fri, 24 Nov 2023 10:51:54 +0000 (11:51 +0100)]
ctdb: add comments to "addip"/"delip" when CTDB_{CONTROL,EVENT,SRVID}_IPREALLOCATED happens
"addip"/"delip" are different from "moveip" so they don't need to
call ipreallocate() nor send_ipreallocated_control_to_nodes().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
62654f0aeb1909129e87df061186509560859bed)
Stefan Metzmacher [Fri, 24 Nov 2023 09:53:44 +0000 (10:53 +0100)]
ctdb: let "moveip" end with CTDB_CONTROL_IPREALLOCATED to all connected nodes
This matches the behavior of takeover_send/recv() from
ctdb_takeover_helper.c.
It means we consistently call the ipreallocated event scripts
and also send CTDB_SRVID_IPREALLOCATED after moving ips.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
589ebabc95eef0c301a47696e82c0ac341027597)
Stefan Metzmacher [Fri, 24 Nov 2023 09:50:16 +0000 (10:50 +0100)]
ctdb: remove unused ctdb_message_disable_ip_check()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
2c6b455bd7656b4e43d1f4ea488f06cd7918586b)
Stefan Metzmacher [Thu, 23 Nov 2023 12:57:28 +0000 (13:57 +0100)]
ctdb: let "moveip" also use disable_takeover_runs()
That makes the behavior more consistent compared to a takeover run
started from the within ctdbd.
The behavior is the same but ctdb_message_disable_ip_check() used
a legacy code path and the next commits will also touch some
of the moveip logic...
The logic and comments are copied from control_reloadips().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
cad1969b171766a5264973e7bfb5f9f7295421b6)
Stefan Metzmacher [Thu, 23 Nov 2023 14:04:09 +0000 (15:04 +0100)]
ctdb: send a CTDB_SRVID_IPREALLOCATED message after CTDB_EVENT_IPREALLOCATED
Event scripts run the "ipreallocated" hook in order to notice that some ip addresses
in the cluster potentially changed.
CTDB_SRVID_IPREALLOCATED gives C code a chance to get notified as well once the event
scripts are finished.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
b1d0d5d51422f377c2e989ea6dacb2aa5794082b)
Stefan Metzmacher [Fri, 13 Oct 2023 07:18:25 +0000 (09:18 +0200)]
s4:rpc_server/epmapper: use ndr_syntax_id_equal() in dcesrv_epm_Map() to match the request
This matches it much easier to understand.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5ec5496df40e6015ec8de6133a406bb50efebe35)
Stefan Metzmacher [Fri, 13 Oct 2023 07:11:51 +0000 (09:11 +0200)]
s4:rpc_server/epmapper: check dcerpc_floor_get_uuid_full() result in dcesrv_epm_Map()
This already checks for EPM_PROTOCOL_UUID and simplifies the logic.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
53e4fe647ec3f840836340cf9eac4f79b8794aad)
Stefan Metzmacher [Thu, 12 Oct 2023 15:19:21 +0000 (17:19 +0200)]
s4:rpc_server: simplify logic in dcesrv_epm_Map matching
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
dfdb8736c750079bc42d274a416c9f7ea3f820dc)
Stefan Metzmacher [Wed, 9 Aug 2023 17:39:21 +0000 (19:39 +0200)]
librpc/rpc: also get the 2nd half of the ndr_syntax_id from a floor
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
7a7a38b870dd8f0b384e290b8e9e18305bf54f90)
Stefan Metzmacher [Wed, 9 Aug 2023 17:23:59 +0000 (19:23 +0200)]
librpc/rpc: add dcerpc_floor_pack_uuid_full() helper function
This handles the full syntax with split major and minor version,
from lhs and rhs.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
1058382d048bc368a3825cb295d9aeabf0ef9b10)
Stefan Metzmacher [Sun, 13 Aug 2023 11:34:30 +0000 (13:34 +0200)]
s3:rpc_server: let create_policy_hnd() return a pointer
This allows a TALLOC_FREE() on it to unregister and destroy the
handle easily.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ac392c35e4993e1f4bd25519c607a00508e57de4)
Stefan Metzmacher [Thu, 12 Oct 2023 09:05:46 +0000 (11:05 +0200)]
s4:rpc_server/remote: make use of dcesrv_async_reply()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
403bceef914d6793a7f5ec4432445f043919c277)
Stefan Metzmacher [Thu, 12 Oct 2023 09:05:46 +0000 (11:05 +0200)]
s4:rpc_server/netlogon: make use of dcesrv_async_reply()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
06c12033b355d234d561ad11b5f4b1bad1c79417)
Stefan Metzmacher [Thu, 12 Oct 2023 09:05:46 +0000 (11:05 +0200)]
s4:rpc_server/lsa: make use of dcesrv_async_reply()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
d880999480ed62cd0249f3bd67d5f7830d396b57)
Stefan Metzmacher [Thu, 12 Oct 2023 09:05:46 +0000 (11:05 +0200)]
s4:rpc_server/common: make use of dcesrv_async_reply()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
eaf3654dd1e6f8d0557148e673a574e57ce7a71c)
Stefan Metzmacher [Thu, 12 Oct 2023 09:05:46 +0000 (11:05 +0200)]
s4:rpc_server/echo: make use of dcesrv_async_reply()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
27d11803a45d7cb7c2d4b422cc2ec6a02fb04616)
Stefan Metzmacher [Mon, 14 Aug 2023 10:58:14 +0000 (12:58 +0200)]
librpc/rpc: add dcesrv_async_reply() helper that disconnects as needed
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
b8eae782251d89b11e86c19f3cd8dbd58fa506ca)
Stefan Metzmacher [Mon, 14 Aug 2023 10:48:28 +0000 (12:48 +0200)]
librpc/rpc: allow dcesrv_context to propose the preferred ndr syntax
This allows specific services to use ndr64.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5a6978205edc2217006762bfe540e8f62caad74b)
Stefan Metzmacher [Thu, 12 Oct 2023 13:39:38 +0000 (15:39 +0200)]
s3:rpc_server: distribute clients based on available association group slots
The important factor to distribute connection to workers
should be the number of used association group slots instead
of the raw number of connections. If one worker has a lot of
association groups with just one connection each, but another
with few association groups, but multiple connections per
association group. The one with less association groups should
get the connection. Note each worker is only able to allocate
UINT16_MAX allocation groups, but the number of connections
is only limited by RAM.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
f8b76235fe0fda5a58fed8a527bbeba196560ca1)
Stefan Metzmacher [Thu, 12 Oct 2023 10:49:42 +0000 (12:49 +0200)]
dcesrv_core: maintain the number of allocated association groups per dce_ctx
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
40e780ad162c8c561822d6284f8e6227fca69c8a)
Stefan Metzmacher [Thu, 12 Oct 2023 12:21:44 +0000 (14:21 +0200)]
s3:rpc_server: improve debugging in rpc_host_distribute_clients()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
2c2c2f43688748de4687c12bef46a4c2c3fd140d)
Stefan Metzmacher [Thu, 12 Oct 2023 12:16:48 +0000 (14:16 +0200)]
s3:rpc_server: simplify rpc_host_find_worker()
This will help me in the next commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
cd2cb49179cebb63ca04bd35670d10af9ed55f67)
Stefan Metzmacher [Thu, 19 Jan 2023 11:27:20 +0000 (12:27 +0100)]
s3:rpc_server: correctly allow up to 65536 workers processes
We already limit the per worker portion of the association
group id to UINT16_MAX, so we can also use 16-bit instead
of just 8-bit to encode the worker index.
While there we should actually ensure that the max worker
index is UINT16_MAX.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
eb8cf371b8dc9575e2b838ac8e4f03518eb092da)
Stefan Metzmacher [Thu, 12 Oct 2023 10:30:00 +0000 (12:30 +0200)]
rpc_host.idl: change server_index from uint8 to uint32
This reflects what we're using in the C code already...
Note this is an incompatible change, but we also changed
from named_pipe_auth_req_info7 to named_pipe_auth_req_info8
in master...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
e4bdab659bbe88f8687cefea9ef80850b585a37d)
Stefan Metzmacher [Wed, 9 Aug 2023 14:41:33 +0000 (16:41 +0200)]
s3:rpc_server: make use of dcesrv_register_default_auth_types[_machine_principal]()
This mostly matches windows now...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
f35baa4eb2e68a4253f90f85052306471d61bd04)
Stefan Metzmacher [Wed, 9 Aug 2023 14:06:06 +0000 (16:06 +0200)]
s3:rpc_server: let get_servers() callback of rpc_worker_main() return NTSTATUS
This means the rpc_worker_main() logic is the only layer that
needs to call exit() and its able to do some cleanup before.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
ae38cfe6da728ea565d02e010d77360447b6007f)
Stefan Metzmacher [Wed, 9 Aug 2023 13:37:12 +0000 (15:37 +0200)]
s3:rpc_server: let register_ep_server() errors result in DBG_ERR()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
2d73b1e06188f3570bf88598a3b01f09f6ff633c)
Stefan Metzmacher [Wed, 9 Aug 2023 13:29:29 +0000 (15:29 +0200)]
librpc/rpc: add dcesrv_register_default_auth_types[_machine_principal]() helpers
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
2ba5016e4b496a8f123fe91403cf178f7930d43e)
Stefan Metzmacher [Wed, 9 Aug 2023 11:26:31 +0000 (13:26 +0200)]
librpc/rpc: implement dcesrv_mgmt_inq_princ_name infrastructure
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
1d0a5b3ac751d4162b8414453303e28cc1b87c21)
Stefan Metzmacher [Wed, 9 Aug 2023 15:05:56 +0000 (17:05 +0200)]
librpc/rpc: let dcesrv_mgmt_inq_if_ids() filter out the mgmt syntax_id
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
9f51379dd731f5c5b19a41ced4fd4ef1e2f4d2aa)
Stefan Metzmacher [Wed, 9 Aug 2023 10:42:43 +0000 (12:42 +0200)]
librpc/rpc: apply some code cleanup and error checks to dcesrv_mgmt.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
6cb12d3955d3c7f216c79b081f5431ec9f4c14ce)
Stefan Metzmacher [Wed, 9 Aug 2023 15:24:07 +0000 (17:24 +0200)]
s4:torture/rpc: let test_inq_princ_name_size also test for princ_name_size = 0 and BAD_STUB_DATA
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
a38f58ac85fbba7a6f1076516117acc6eae44358)
Stefan Metzmacher [Wed, 9 Aug 2023 15:32:11 +0000 (17:32 +0200)]
s3:selftest: also run rpc.mgmt against the nt4_dc (and ad_dc)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
2a290dcb9456ce1b855fe426e197f0edad27a747)
Stefan Metzmacher [Fri, 18 Aug 2023 08:59:00 +0000 (10:59 +0200)]
libcli/util: let win_errstr() fallback to hresult_errstr()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
09daeba6962d9f2534762250eb3b172154aa4aaf)
Stefan Metzmacher [Fri, 5 Jan 2024 12:15:38 +0000 (13:15 +0100)]
BACKPORT-MARKER: v4-19-test-witness-backports.txt
Stefan Metzmacher [Thu, 22 Aug 2019 17:25:30 +0000 (17:25 +0000)]
auth/credentials_krb5: make use of smb_gss_krb5_prepare_acceptor_cred()
We should check all keys in our in memory keytab
and skip the transited checks unless we're
in standalone/MIT-realm mode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12907
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 22 Aug 2019 17:25:09 +0000 (17:25 +0000)]
auth/credentials_krb5: let cli_credentials_get_server_gss_creds() use an early return
This will simplify the next commits.
Check with: git show -w
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12907
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 22 Aug 2019 17:13:41 +0000 (17:13 +0000)]
s3:gse: let gse_init_server() use smb_gss_krb5_prepare_acceptor_cred()
We should check all keys in our in memory keytab
and skip the transited checks unless we're in
standalone/MIT-realm mode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12907
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 22 Aug 2019 16:52:15 +0000 (16:52 +0000)]
krb5_wrap: add smb_gss_krb5_prepare_acceptor_cred()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12907
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 22 Aug 2019 16:09:47 +0000 (16:09 +0000)]
configure_mitkrb5: check for GSS_KRB5_CRED_SKIP_TRANSIT_CHECK_X
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12907
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 22 Aug 2019 16:09:47 +0000 (16:09 +0000)]
s4:heimdal_build: define HAVE_GSS_KRB5_CRED_{SKIP_TRANSIT_CHECK,ITERATE_ACCEPTOR_KEYTAB}_X
We can only do that for our own copy of heimdal, see
https://github.com/heimdal/heimdal/pull/656
In future we may want to use
source4/heimdal_build/wscript_configure only for
our in tree copy of heimdal and do real configure
checks for the system heimdal build.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12907
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 22 Aug 2019 08:30:01 +0000 (10:30 +0200)]
HEIMDAL:lib/gssapi/krb5: add GSS_KRB5_CRED_ITERATE_ACCEPTOR_KEYTAB_X
This allows krb5_rd_req_in_set_iterate_keytab() to be used via the
gssapi layer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12907
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Sat, 20 Jul 2019 10:15:04 +0000 (10:15 +0000)]
HEIMDAL:lib/krb5: add krb5_rd_req_in_set_iterate_keytab()
A caller might not know the kvno maintained by the KDC.
And most often there's need to know it.
So this function makes it possible to force the keytab
iteration in order to get a consistent behavior.
Otherwise it's possible to get a different behavior
if the guessed kvno in the keytab accidentally matches
the kvno of the ticket and we'll give up if the
key is not able to decrypt the ticket.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12907
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14125
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Sat, 20 Jul 2019 10:15:04 +0000 (10:15 +0000)]
HEIMDAL:lib/krb5: let krb5_rd_req_ctx() fallback only on KRB5KRB_AP_ERR_BAD_INTEGRITY
This avoids hidding a real error like KRB5KRB_AP_ERR_ILL_CR_TKT.
We only want to retry with the next key if the decryption
failed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12907
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14125
Signed-off-by: Stefan Metzmacher <metze@samba.org>