Andrew Bartlett [Wed, 8 Jun 2016 04:49:01 +0000 (16:49 +1200)]
s4-samr: Rework GetGroupsForUser to use memberOf
By reading the SID values from the memberOf links, we avoid an un-indexed search on
the member attribute.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 7 Jun 2016 03:43:29 +0000 (15:43 +1200)]
s4-libcli/raw: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 7 Jun 2016 03:43:13 +0000 (15:43 +1200)]
s4-kcc: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 7 Jun 2016 03:43:01 +0000 (15:43 +1200)]
s3-vfs/snapper: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 7 Jun 2016 03:42:41 +0000 (15:42 +1200)]
s3-libnet: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 7 Jun 2016 03:42:33 +0000 (15:42 +1200)]
s3-client: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 7 Jun 2016 03:42:23 +0000 (15:42 +1200)]
libgpo: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 7 Jun 2016 03:42:15 +0000 (15:42 +1200)]
libcli/smb: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 8 Jun 2016 02:46:07 +0000 (14:46 +1200)]
selftest: Expand tokenGroups test to also compare with samr.GetGroupsForUser
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 8 Jun 2016 02:45:47 +0000 (14:45 +1200)]
selftest: Expand tokenGroups test to also build nested groups
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 9 Jun 2016 02:56:44 +0000 (14:56 +1200)]
s4-samr: Fix samr.QueryUserInfo level 1 primary group
Because of this typo, the primary group ID was returned as 0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 31 May 2016 02:54:45 +0000 (14:54 +1200)]
samba-tool domain join: Refuse to re-join a DC with a still-valid password
While the DC will eventually get back to the same state, it can take a
while, so try harder not to overwrite our already-working account
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 3 Jun 2016 02:50:55 +0000 (14:50 +1200)]
samba-tool: Improve fsmo handling
This makes a clear seperation between data and display variables
and improves the tests.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 1 Jun 2016 09:27:07 +0000 (21:27 +1200)]
selftest: Rebase DrsBaseTestCase on SambaToolCmdTest
This then makes SambaToolCmdTest based on BlackboxTestCase.
This allows us to use better command output testing in the fsmo tests
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Wed, 4 May 2016 12:26:16 +0000 (14:26 +0200)]
selftest: add test for DNS updates with TKEY/TSIG
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Jun 16 04:07:41 CEST 2016 on sn-devel-144
Ralph Boehme [Mon, 30 May 2016 14:44:00 +0000 (16:44 +0200)]
s4/dns_server: enable sending of TSIG error records
This final patch enables sending TSIG error records by adding
DNS_RCODE_NOTAUTH to the set of error conditions that are allowed to
trigger sending a full generated response.
See RFC 2845 "4.5.1. KEY check and error handling" and "4.5.3. MAC check
and error handling".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Mon, 30 May 2016 14:42:14 +0000 (16:42 +0200)]
s4/dns_server: prepare sending correct error responses for dns_verify_tsig() errors
Call dns_verify_tsig() after updating state.flags and assign and use
out_packet for dns_verify_tsig().
We will need the updated flags when sending TSIG error responses when
TSIG request MAC verification fails and dns_verify_tsig() uses the
passed in packet as response, so we have to make sure we copy in_packet
to out_packet before calling out and pass out_packet.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Mon, 30 May 2016 15:25:56 +0000 (17:25 +0200)]
s4/dns_server: don't compute TSIG MAC in TSIG error records
See RFC 2845 "4.3. TSIG on TSIG Error returns".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Mon, 30 May 2016 14:40:45 +0000 (16:40 +0200)]
s4/dns_server: error codes for failing MAC verification in TSIG requests
According to RFC 2845 "4.5.3. MAC check and error handling" we must
return NOTAUTH and DNS_RCODE_BADSIG when MAC verification fails.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Mon, 30 May 2016 14:37:32 +0000 (16:37 +0200)]
s4/dns_server: ensure we store the key name in error code paths
We need the TKEY name when adding TSIG records to error responses.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Mon, 30 May 2016 14:56:21 +0000 (16:56 +0200)]
s4/dns_server: not finding the key here is a fatal error
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Mon, 30 May 2016 14:03:33 +0000 (16:03 +0200)]
s4/dns_server: split out function that does the MAC computation
Split out function that does the MAC computation from the TSIG record
creating function. This will later simplify the code when creating error
responsed to TSIG requests with bad MACs where we have to add the TSIG
record with an empty MAC.
No functional behaviour change besides hard coding "gss-tsig" algorithm
name: later when sending a TSIG error response for a TKEY request with a
bad keyname, we won't have a tkey to fetch the algorithm name from.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Mon, 23 May 2016 17:09:05 +0000 (19:09 +0200)]
s4/dns_server: include request MAC in TSIG response MAC calculation
According to RFC 2845 "4.2 TSIG on Answers", when the request is signed,
the request MAC must be included in the response MAC calculation.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Sat, 14 May 2016 17:08:51 +0000 (19:08 +0200)]
librpc/dns: remove original_id from dns_fake_tsig_rec
Cf RFC2845, 3.4.2. "TSIG Variables", the request id (original_id) is not
used in the MAC calculation. This also explains the mysterious 2 bytes
padding.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Tue, 17 May 2016 12:34:52 +0000 (14:34 +0200)]
librpc/dns: don't compress strings in TKEY and TSIG responses
Certain DNS clients fail TSIG record MAC validation if the TSIG record
contains compressed strings.
Windows DNS server behaviour seems to be to not send compressed names in
TKEY and TSIG records.
This patch ensures we conform to this behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Tue, 17 May 2016 10:30:46 +0000 (12:30 +0200)]
librpc/ndr: add flag LIBNDR_FLAG_NO_COMPRESSION
This flag can be used to change marshalling behaviour with regard to
compression.
Example: DNS packets make use of so called DNS name compression which
means that for identical strings in a DNS packet, the second string is
replaced with a reference (an offset) to the first.
Setting this flag requests to turns off the marshalling compression.
This will be used in the next commit to prevent name compression in DNS
TSIG records.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Günther Deschner [Tue, 31 May 2016 16:47:34 +0000 (18:47 +0200)]
s3:libnet: accept empty realm for AD domains when only security=domain is set.
Initial patch from Matt Rogers @ RedHat.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
Guenther
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jun 15 20:28:31 CEST 2016 on sn-devel-144
Günther Deschner [Wed, 15 Jun 2016 14:04:29 +0000 (16:04 +0200)]
s3-libnet: Print error string even on successfuly completion of libnetjoin.
Sometimes useful information should be printed to the users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Andreas Schneider [Wed, 15 Jun 2016 14:05:58 +0000 (16:05 +0200)]
s3-libnetapi: Correctly check for lp_realm.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Alexander Bokovoy [Tue, 14 Jun 2016 19:37:31 +0000 (22:37 +0300)]
libnet_join: use sitename if it was set by pre-join detection
When domain member is joined to AD, we need to use the same DC to
authenticate against after the join because the machine account might
not be replicated yet to other domain controllers, including off-site.
Bug https://bugzilla.samba.org/show_bug.cgi?id=11769 dealt with
detection of the site pre-join. However, we rewrite private local
krb5.conf afterwards without taking the discovered site name into
account.
Fix this by reusing the site discovered pre-join.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11975
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 15 15:25:44 CEST 2016 on sn-devel-144
Volker Lendecke [Fri, 10 Jun 2016 09:40:33 +0000 (11:40 +0200)]
lib: Add a little closefrom() test
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jun 13 14:11:11 CEST 2016 on sn-devel-144
Volker Lendecke [Thu, 9 Jun 2016 19:27:09 +0000 (21:27 +0200)]
libreplace: Add a closefrom() implementation
There is closefrom in some BSDs, but Linux ships this only as part
of libbsd. Add a new implementation of it in libreplace. The one in
libbsd of jessie and upstream differ and it has for example optimizations
for FreeBSD, but it gets some of the array calculations slightly wrong
from my point of view. If you want those, use libbsd. This replacement
is optimized on Linux only looking at /proc/self/fd/, everything else
would do the OPEN_MAX brute force fallback.
Signed-off-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Mon, 30 May 2016 09:18:48 +0000 (11:18 +0200)]
lib: Fix a signed/unsigned mixup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Fri, 10 Jun 2016 14:51:18 +0000 (16:51 +0200)]
s3-winbind: Fix schannel connections against trusted domain DCs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Michael Adam [Wed, 8 Jun 2016 10:32:04 +0000 (12:32 +0200)]
ctdb: use properly configured ctdb in debug-hung-script.sh
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Jun 11 10:23:03 CEST 2016 on sn-devel-144
Michael Adam [Wed, 8 Jun 2016 10:28:56 +0000 (12:28 +0200)]
ctdb: use properly configured ctdb in statd-callout
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 11:05:03 +0000 (13:05 +0200)]
ctdb: use properly configured ctdb in 99.timeout
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 11:04:48 +0000 (13:04 +0200)]
ctdb: use properly configured ctdb in 91.lvs
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 10:44:28 +0000 (12:44 +0200)]
ctdb: use properly configured ctdb in 70.iscsi
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 10:37:00 +0000 (12:37 +0200)]
ctdb: use properly configured ctdb in 10.interfaces
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 11:23:07 +0000 (13:23 +0200)]
ctdb: use properly configured ctdb in 13.per_ip_routing
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 11:22:44 +0000 (13:22 +0200)]
ctdb: use properly configured ctdb in 10.external
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 11:22:24 +0000 (13:22 +0200)]
ctdb: use properly configured ctdb in 01.reclock
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 11:21:56 +0000 (13:21 +0200)]
ctdb: use properly configured ctdb in 00.ctdb
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Tue, 7 Jun 2016 07:44:53 +0000 (07:44 +0000)]
ctdb: use properly configured ctdb in ctdbd_wrapper
This makes ctdbd_wrapper usable in non-standard installs.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 10:28:36 +0000 (12:28 +0200)]
ctdb: use properly configured ctdb in functions
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Thu, 9 Jun 2016 11:55:29 +0000 (13:55 +0200)]
ctdb: make sure scripts using $CTDB called by test find ctdb
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Michael Adam [Wed, 8 Jun 2016 10:08:35 +0000 (12:08 +0200)]
ctdb: set the path to 'ctdb' in 'functions' in CTDB
Allow this to be overridden from the caller.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Andreas Schneider [Tue, 7 Jun 2016 11:49:39 +0000 (13:49 +0200)]
s3-script: Install the findsmb script
When we transitioned from autotools to waf we dropped installing the
findsmb script. However we create and install the manpage for it so
install it in the system again.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 9 19:10:15 CEST 2016 on sn-devel-144
Andreas Schneider [Tue, 7 Jun 2016 08:23:59 +0000 (10:23 +0200)]
selftest: Set the correct hostname
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Jeremy Allison [Wed, 8 Jun 2016 21:50:59 +0000 (14:50 -0700)]
s3: krb5: keytab - The done label can be jumped to with context == NULL.
Ensure we don't crash in this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11959
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Jun 9 13:18:56 CEST 2016 on sn-devel-144
Jeremy Allison [Wed, 8 Jun 2016 12:34:20 +0000 (14:34 +0200)]
lib: Fix uninitialized read in msghdr_copy
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jun 8 18:34:27 CEST 2016 on sn-devel-144
Amitay Isaacs [Wed, 8 Jun 2016 05:04:52 +0000 (15:04 +1000)]
ctdb-daemon: Reset push_started flag once DB_PUSH_CONFIRM is done
Once DB_PUSH_START is processed as part of recovery, push_started
flag tracks if there are multiple attempts to send DB_PUSH_START.
In DB_PUSH_CONFIRM, once the record count is confirmed, all information
related to DB_PUSH should be reset. However, The push_started flag was
not reset when the push_state was reset.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jun 8 14:31:52 CEST 2016 on sn-devel-144
Amitay Isaacs [Wed, 8 Jun 2016 04:15:22 +0000 (14:15 +1000)]
ctdb-recoverd: Avoid duplicate recoverd event in parallel recovery
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11956
In do_recovery, after the recovery and takeover is complete, recoverd
event is triggered. When the parallel database recovery was separated,
ctdb_recovery_helper implemented sending END_RECOVERY control which
causes recoverd event to be triggered. So when there is parallel database
recovery, recoverd event is triggered twice.
Instead move the call to run_recovered_eventscript() explicitly in
the serial recovery code path. This avoids the duplication trigger of
recoverd event.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 27 May 2016 03:32:28 +0000 (13:32 +1000)]
ctdb-system: Remove duplicate functions
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 27 May 2016 03:50:06 +0000 (13:50 +1000)]
ctdb-daemon: Use lib/util functions instead of redefinitions
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 27 May 2016 03:43:33 +0000 (13:43 +1000)]
lib/util: Add a generic definition for set_close_on_exec
Avoid changing function names to smb_set_close_on_exec in ctdb.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 27 May 2016 02:52:12 +0000 (12:52 +1000)]
ctdb-tests: Re-use set_blocking instead of re-definition
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 27 May 2016 02:38:20 +0000 (12:38 +1000)]
ctdb-tests: Re-use async accept wrapper from async_req
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Mon, 6 Jun 2016 04:03:47 +0000 (14:03 +1000)]
ctdb-scripts: Add eventscript 06.nfs
This generates takeip-pre and releaseip-pre call-out events.
One use is to put NFS into grace before an IP is assigned to an
interface.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 6 Jun 2016 03:56:55 +0000 (13:56 +1000)]
ctdb-scripts: Move NFS callout-related code to functions file
A second NFS eventscript may be required, so make this code available
to it.
The initialisation code can't be evaluated in the functions file
because service_state_dir isn't yet setup, so put it in a function and
call it with other initialisation code.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Andrew Bartlett [Thu, 2 Jun 2016 21:53:29 +0000 (09:53 +1200)]
build: Address may be used uninitialized in this function on Ubuntu 10.04
This is not found by modern compilers, but prevents the -Werror -O3 build on Ubuntu 10.04
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 8 08:48:57 CEST 2016 on sn-devel-144
Andrew Bartlett [Thu, 2 Jun 2016 21:23:12 +0000 (09:23 +1200)]
build: Try to work around strict aliasing rules on Ubuntu 10.04
We get cc1: warnings being treated as errors
../lib/util/util_net.c: In function get_socket_port:
../lib/util/util_net.c:921: error: dereferencing pointer sa.106 does break strict-aliasing rules
../lib/util/util_net.c:921: note: initialized from here
../lib/util/util_net.c:925: error: dereferencing pointer sa.107 does break strict-aliasing rules
../lib/util/util_net.c:925: note: initialized from here
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Amitay Isaacs [Mon, 6 Jun 2016 05:04:08 +0000 (15:04 +1000)]
ctdb-cluster-mutex: Fix #endif decoration
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Jun 8 04:52:18 CEST 2016 on sn-devel-144
Martin Schwenke [Wed, 1 Jun 2016 23:26:40 +0000 (09:26 +1000)]
ctdb-recoverd: Release recovery lock on exit
The recovery lock helper must exit when it notices its parent is gone.
However, that can take a few seconds.
The usual way of terminating the recovery daemon is for the main ctdbd
to send it a SIGTERM. Installing a handler is nice and simple.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sat, 28 May 2016 21:25:05 +0000 (07:25 +1000)]
ctdb-recoverd: Add handler for lost recovery lock
If the process holding the recovery lock terminates unexpectedly then
the recovery daemon needs to know that the lock is no longer held.
While here, rename hold_reclock_handler() to take_reclock_handler() so
there is a clear difference between the two handler names.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 1 Jun 2016 09:05:47 +0000 (19:05 +1000)]
ctdb-cluster-mutex: Register an extra handler for when mutex is lost
Pass NULL if not needed.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 1 Jun 2016 08:56:33 +0000 (18:56 +1000)]
ctdb-cluster-mutex: ctdb_cluster_mutex() registers handler and private data
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 1 Jun 2016 07:10:26 +0000 (17:10 +1000)]
ctdb-cluster-mutex: Drop cluster_mutex_handler() ctdb and handle arguments
This makes the API more general. If they are needed in a handler then
they can be in the private data.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 1 Jun 2016 07:45:36 +0000 (17:45 +1000)]
ctdb-recovery: Wrap private data for reclock test callback
This will allow a simplification of the cluster mutex API, so the
private data can be registered when calling ctdb_cluster_mutex().
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 1 Jun 2016 07:32:42 +0000 (17:32 +1000)]
ctdb-recoverd: Simplify reclock handler
Do the interesting work outside the handler.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 24 May 2016 04:54:39 +0000 (14:54 +1000)]
ctdb-recoverd: Recovery lock handle should be in recovery deamon context
This shouldn't be in the CTDB context.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sun, 29 May 2016 09:27:23 +0000 (19:27 +1000)]
ctdb-cluster-mutex: Pass a talloc context to allocate the handle off
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 30 May 2016 02:18:50 +0000 (12:18 +1000)]
ctdb-recoverd: No need to reset reclock handler
It won't be called more than once by the cluster mutex code.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 1 Jun 2016 08:46:41 +0000 (18:46 +1000)]
ctdb-cluster-mutex: Don't call the supplied hander more than once
After the first activity on the file descriptor, ignore any subsequent
activity. Single-shot handlers are easier to write.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 1 Jun 2016 05:56:42 +0000 (15:56 +1000)]
ctdb-recoverd: Fix buggy function return on memory allocation failure
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 31 May 2016 08:37:30 +0000 (18:37 +1000)]
ctdb-recoverd: Don't expose internal cluster mutex status
Just expose whether the lock was taken.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 17 May 2016 08:28:56 +0000 (18:28 +1000)]
ctdb-daemon: Rename recovery lock file to just recovery lock
It isn't necessarily a file.
Don't bother changing the control, since it doesn't pervade the code.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 17 May 2016 08:24:53 +0000 (18:24 +1000)]
ctdb-daemon: Drop function ctdb_set_recovery_lock_file()
Setting the recovery lock file at startup can be done more simply.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 5 Apr 2016 06:13:43 +0000 (16:13 +1000)]
ctdb-protocol: CTDB_CONTROL_SET_RECLOCK_FILE is obsolete
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 5 Apr 2016 06:12:00 +0000 (16:12 +1000)]
ctdb-protocol: Drop support for SET_RECLOCK
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 5 Apr 2016 06:05:47 +0000 (16:05 +1000)]
ctdb-client: Remove support for SET_RECLOCK
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 5 Apr 2016 05:34:13 +0000 (15:34 +1000)]
ctdb-recovery: Don't update recovery lock from daemon
It can't change after startup.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 5 Apr 2016 05:31:55 +0000 (15:31 +1000)]
ctdb-recovery: Don't sync recovery lock across cluster
Support for updating the recovery lock is being removed because it
isn't possible to recover from failure.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 5 Apr 2016 05:26:22 +0000 (15:26 +1000)]
ctdb-recovery: Consistency check reclock in start recovery control
If the recovery lock setting is not consistent with that of the
recovery master then abort.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 1 Mar 2016 01:32:48 +0000 (12:32 +1100)]
ctdb-tool: Drop support for "ctdb setreclock" command
The recovery lock can not be reliably updated at run-time. If it
fails to update on some nodes then split-brain protection is gone and
there is no reasonable way to repair the situation. CTDB will have to
be restarted on all nodes. So, if this feature is being used to avoid
scheduling an outage then an outage will have to be scheduled just in
case!
To update the recovery lock, shut down CTDB on all nodes, reconfigure
the recovery lock and start CTDB again.
Those that *really* want to be able to change the recovery lock at
run-time can still do so. Set CTDB_RECOVERY_LOCK to point to a script
and this script can then be modified at run-time. However, please
don't report bugs if bad things happen...
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 10 May 2016 09:54:09 +0000 (19:54 +1000)]
ctdb-tests: Replace "ctdb setrelock" test with "ctdb getreclock" test
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Volker Lendecke [Tue, 7 Jun 2016 08:07:21 +0000 (10:07 +0200)]
libsmb: Fix two CIDs for NULL dereference
This whole area is a known-to-be-broken mess, but this patch should fix
the immediate crash
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jun 7 18:31:30 CEST 2016 on sn-devel-144
Volker Lendecke [Tue, 7 Jun 2016 08:01:32 +0000 (10:01 +0200)]
rpc_server: Fix CID
1362565 Improper use of negative value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Tue, 7 Jun 2016 07:58:24 +0000 (09:58 +0200)]
lib: Fix CID
1362566 Dereference null return value
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Sun, 30 Nov 2014 15:10:32 +0000 (16:10 +0100)]
lib: Add accept_send/recv
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 14 May 2016 08:07:24 +0000 (10:07 +0200)]
lib: Move poll_funcs to lib/
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Amitay Isaacs [Sun, 15 May 2016 11:44:22 +0000 (21:44 +1000)]
lib/util: Expose few more subsystems for standalone ctdb build
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Sat, 14 May 2016 07:45:49 +0000 (09:45 +0200)]
lib: Move msghdr to lib/util/
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Amitay Isaacs [Sun, 15 May 2016 11:43:57 +0000 (21:43 +1000)]
lib/poll_funcs: Build as SAMBA_SUBSYSTEM
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andrew Bartlett [Tue, 7 Jun 2016 04:41:15 +0000 (16:41 +1200)]
repl: Avoid use-after-free when working with the working_schema
The original schema must live as long as the working_schema
as the working_schema starts as a shallow-copy of schema.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11953
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun 7 14:33:39 CEST 2016 on sn-devel-144
Andrew Bartlett [Thu, 2 Jun 2016 03:31:15 +0000 (15:31 +1200)]
selftest: Add a reverse variation to ReplicateMoveObject3
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Samba <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 12 May 2016 23:41:53 +0000 (11:41 +1200)]
selftest: Assert replPropertyMetaData values before and after replication
This covers renames, addition of attributes, and the delete.
We also confirm the results via DRS.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 25 May 2016 02:49:31 +0000 (14:49 +1200)]
dsdb: Fix rename and RDN handling for replPropertyMetaData
This matches Windows 2012R2, which both has the RDN not sorted last and has it updated with the local
invocation_id and a local version.
The RDN attribute, unlike name, is not replicated over DRS, so the impact for interopability extends only to
the incorrect RDN values that we were finding with dbcheck (values that did not match the name values).
Finally, we always force the RDN to match the name attribute, which avoids issues
in dbcheck where these diverge. As such, we can finally remove dbcheck as a
flapping test, last re-added in
e4bab3a8282d263eb2391bc7e8a6fd64ae068935
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 13 May 2016 11:12:47 +0000 (23:12 +1200)]
dsdb: Fix incorrect sorting of replPropertyMetaData with RDN last
Per tests against Windows 2012R2 the RDN is not sorted last and is
instead sorted normally with all the other elements.
The RDN attribute, unlike name, is not replicated over DRS, so this
has no interopability impact.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz