samba.git
3 years agos3:libnet: accept empty realm for AD domains when only security=domain is set.
Günther Deschner [Tue, 31 May 2016 16:47:34 +0000 (18:47 +0200)]
s3:libnet: accept empty realm for AD domains when only security=domain is set.

Initial patch from Matt Rogers @ RedHat.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977

Guenther

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jun 15 20:28:31 CEST 2016 on sn-devel-144

3 years agos3-libnet: Print error string even on successfuly completion of libnetjoin.
Günther Deschner [Wed, 15 Jun 2016 14:04:29 +0000 (16:04 +0200)]
s3-libnet: Print error string even on successfuly completion of libnetjoin.

Sometimes useful information should be printed to the users.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
3 years agos3-libnetapi: Correctly check for lp_realm.
Andreas Schneider [Wed, 15 Jun 2016 14:05:58 +0000 (16:05 +0200)]
s3-libnetapi: Correctly check for lp_realm.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
3 years agolibnet_join: use sitename if it was set by pre-join detection
Alexander Bokovoy [Tue, 14 Jun 2016 19:37:31 +0000 (22:37 +0300)]
libnet_join: use sitename if it was set by pre-join detection

When domain member is joined to AD, we need to use the same DC to
authenticate against after the join because the machine account might
not be replicated yet to other domain controllers, including off-site.

Bug https://bugzilla.samba.org/show_bug.cgi?id=11769 dealt with
detection of the site pre-join. However, we rewrite private local
krb5.conf afterwards without taking the discovered site name into
account.

Fix this by reusing the site discovered pre-join.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11975

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 15 15:25:44 CEST 2016 on sn-devel-144

3 years agolib: Add a little closefrom() test
Volker Lendecke [Fri, 10 Jun 2016 09:40:33 +0000 (11:40 +0200)]
lib: Add a little closefrom() test

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jun 13 14:11:11 CEST 2016 on sn-devel-144

3 years agolibreplace: Add a closefrom() implementation
Volker Lendecke [Thu, 9 Jun 2016 19:27:09 +0000 (21:27 +0200)]
libreplace: Add a closefrom() implementation

There is closefrom in some BSDs, but Linux ships this only as part
of libbsd.  Add a new implementation of it in libreplace. The one in
libbsd of jessie and upstream differ and it has for example optimizations
for FreeBSD, but it gets some of the array calculations slightly wrong
from my point of view. If you want those, use libbsd. This replacement
is optimized on Linux only looking at /proc/self/fd/, everything else
would do the OPEN_MAX brute force fallback.

Signed-off-by: Volker Lendecke <vl@samba.org>
3 years agolib: Fix a signed/unsigned mixup
Volker Lendecke [Mon, 30 May 2016 09:18:48 +0000 (11:18 +0200)]
lib: Fix a signed/unsigned mixup

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agos3-winbind: Fix schannel connections against trusted domain DCs
Günther Deschner [Fri, 10 Jun 2016 14:51:18 +0000 (16:51 +0200)]
s3-winbind: Fix schannel connections against trusted domain DCs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
3 years agoctdb: use properly configured ctdb in debug-hung-script.sh
Michael Adam [Wed, 8 Jun 2016 10:32:04 +0000 (12:32 +0200)]
ctdb: use properly configured ctdb in debug-hung-script.sh

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Jun 11 10:23:03 CEST 2016 on sn-devel-144

3 years agoctdb: use properly configured ctdb in statd-callout
Michael Adam [Wed, 8 Jun 2016 10:28:56 +0000 (12:28 +0200)]
ctdb: use properly configured ctdb in statd-callout

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb: use properly configured ctdb in 99.timeout
Michael Adam [Wed, 8 Jun 2016 11:05:03 +0000 (13:05 +0200)]
ctdb: use properly configured ctdb in 99.timeout

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb: use properly configured ctdb in 91.lvs
Michael Adam [Wed, 8 Jun 2016 11:04:48 +0000 (13:04 +0200)]
ctdb: use properly configured ctdb in 91.lvs

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb: use properly configured ctdb in 70.iscsi
Michael Adam [Wed, 8 Jun 2016 10:44:28 +0000 (12:44 +0200)]
ctdb: use properly configured ctdb in 70.iscsi

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb: use properly configured ctdb in 10.interfaces
Michael Adam [Wed, 8 Jun 2016 10:37:00 +0000 (12:37 +0200)]
ctdb: use properly configured ctdb in 10.interfaces

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb: use properly configured ctdb in 13.per_ip_routing
Michael Adam [Wed, 8 Jun 2016 11:23:07 +0000 (13:23 +0200)]
ctdb: use properly configured ctdb in 13.per_ip_routing

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb: use properly configured ctdb in 10.external
Michael Adam [Wed, 8 Jun 2016 11:22:44 +0000 (13:22 +0200)]
ctdb: use properly configured ctdb in 10.external

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb: use properly configured ctdb in 01.reclock
Michael Adam [Wed, 8 Jun 2016 11:22:24 +0000 (13:22 +0200)]
ctdb: use properly configured ctdb in 01.reclock

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb: use properly configured ctdb in 00.ctdb
Michael Adam [Wed, 8 Jun 2016 11:21:56 +0000 (13:21 +0200)]
ctdb: use properly configured ctdb in 00.ctdb

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb: use properly configured ctdb in ctdbd_wrapper
Michael Adam [Tue, 7 Jun 2016 07:44:53 +0000 (07:44 +0000)]
ctdb: use properly configured ctdb in ctdbd_wrapper

This makes ctdbd_wrapper usable in non-standard installs.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb: use properly configured ctdb in functions
Michael Adam [Wed, 8 Jun 2016 10:28:36 +0000 (12:28 +0200)]
ctdb: use properly configured ctdb in functions

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb: make sure scripts using $CTDB called by test find ctdb
Michael Adam [Thu, 9 Jun 2016 11:55:29 +0000 (13:55 +0200)]
ctdb: make sure scripts using $CTDB called by test find ctdb

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb: set the path to 'ctdb' in 'functions' in CTDB
Michael Adam [Wed, 8 Jun 2016 10:08:35 +0000 (12:08 +0200)]
ctdb: set the path to 'ctdb' in 'functions' in CTDB

Allow this to be overridden from the caller.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agos3-script: Install the findsmb script
Andreas Schneider [Tue, 7 Jun 2016 11:49:39 +0000 (13:49 +0200)]
s3-script: Install the findsmb script

When we transitioned from autotools to waf we dropped installing the
findsmb script. However we create and install the manpage for it so
install it in the system again.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun  9 19:10:15 CEST 2016 on sn-devel-144

3 years agoselftest: Set the correct hostname
Andreas Schneider [Tue, 7 Jun 2016 08:23:59 +0000 (10:23 +0200)]
selftest: Set the correct hostname

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
3 years agos3: krb5: keytab - The done label can be jumped to with context == NULL.
Jeremy Allison [Wed, 8 Jun 2016 21:50:59 +0000 (14:50 -0700)]
s3: krb5: keytab - The done label can be jumped to with context == NULL.

Ensure we don't crash in this case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11959

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Jun  9 13:18:56 CEST 2016 on sn-devel-144

3 years agolib: Fix uninitialized read in msghdr_copy
Jeremy Allison [Wed, 8 Jun 2016 12:34:20 +0000 (14:34 +0200)]
lib: Fix uninitialized read in msghdr_copy

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jun  8 18:34:27 CEST 2016 on sn-devel-144

3 years agoctdb-daemon: Reset push_started flag once DB_PUSH_CONFIRM is done
Amitay Isaacs [Wed, 8 Jun 2016 05:04:52 +0000 (15:04 +1000)]
ctdb-daemon: Reset push_started flag once DB_PUSH_CONFIRM is done

Once DB_PUSH_START is processed as part of recovery, push_started
flag tracks if there are multiple attempts to send DB_PUSH_START.
In DB_PUSH_CONFIRM, once the record count is confirmed, all information
related to DB_PUSH should be reset.  However, The push_started flag was
not reset when the push_state was reset.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jun  8 14:31:52 CEST 2016 on sn-devel-144

3 years agoctdb-recoverd: Avoid duplicate recoverd event in parallel recovery
Amitay Isaacs [Wed, 8 Jun 2016 04:15:22 +0000 (14:15 +1000)]
ctdb-recoverd: Avoid duplicate recoverd event in parallel recovery

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11956

In do_recovery, after the recovery and takeover is complete, recoverd
event is triggered.  When the parallel database recovery was separated,
ctdb_recovery_helper implemented sending END_RECOVERY control which
causes recoverd event to be triggered.  So when there is parallel database
recovery, recoverd event is triggered twice.

Instead move the call to run_recovered_eventscript() explicitly in
the serial recovery code path.  This avoids the duplication trigger of
recoverd event.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-system: Remove duplicate functions
Amitay Isaacs [Fri, 27 May 2016 03:32:28 +0000 (13:32 +1000)]
ctdb-system: Remove duplicate functions

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-daemon: Use lib/util functions instead of redefinitions
Amitay Isaacs [Fri, 27 May 2016 03:50:06 +0000 (13:50 +1000)]
ctdb-daemon: Use lib/util functions instead of redefinitions

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agolib/util: Add a generic definition for set_close_on_exec
Amitay Isaacs [Fri, 27 May 2016 03:43:33 +0000 (13:43 +1000)]
lib/util: Add a generic definition for set_close_on_exec

Avoid changing function names to smb_set_close_on_exec in ctdb.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-tests: Re-use set_blocking instead of re-definition
Amitay Isaacs [Fri, 27 May 2016 02:52:12 +0000 (12:52 +1000)]
ctdb-tests: Re-use set_blocking instead of re-definition

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-tests: Re-use async accept wrapper from async_req
Amitay Isaacs [Fri, 27 May 2016 02:38:20 +0000 (12:38 +1000)]
ctdb-tests: Re-use async accept wrapper from async_req

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-scripts: Add eventscript 06.nfs
Martin Schwenke [Mon, 6 Jun 2016 04:03:47 +0000 (14:03 +1000)]
ctdb-scripts: Add eventscript 06.nfs

This generates takeip-pre and releaseip-pre call-out events.

One use is to put NFS into grace before an IP is assigned to an
interface.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-scripts: Move NFS callout-related code to functions file
Martin Schwenke [Mon, 6 Jun 2016 03:56:55 +0000 (13:56 +1000)]
ctdb-scripts: Move NFS callout-related code to functions file

A second NFS eventscript may be required, so make this code available
to it.

The initialisation code can't be evaluated in the functions file
because service_state_dir isn't yet setup, so put it in a function and
call it with other initialisation code.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agobuild: Address may be used uninitialized in this function on Ubuntu 10.04
Andrew Bartlett [Thu, 2 Jun 2016 21:53:29 +0000 (09:53 +1200)]
build: Address may be used uninitialized in this function on Ubuntu 10.04

This is not found by modern compilers, but prevents the -Werror -O3 build on Ubuntu 10.04

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun  8 08:48:57 CEST 2016 on sn-devel-144

3 years agobuild: Try to work around strict aliasing rules on Ubuntu 10.04
Andrew Bartlett [Thu, 2 Jun 2016 21:23:12 +0000 (09:23 +1200)]
build: Try to work around strict aliasing rules on Ubuntu 10.04

We get cc1: warnings being treated as errors
../lib/util/util_net.c: In function get_socket_port:
../lib/util/util_net.c:921: error: dereferencing pointer sa.106 does break strict-aliasing rules
../lib/util/util_net.c:921: note: initialized from here
../lib/util/util_net.c:925: error: dereferencing pointer sa.107 does break strict-aliasing rules
../lib/util/util_net.c:925: note: initialized from here

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
3 years agoctdb-cluster-mutex: Fix #endif decoration
Amitay Isaacs [Mon, 6 Jun 2016 05:04:08 +0000 (15:04 +1000)]
ctdb-cluster-mutex: Fix #endif decoration

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Jun  8 04:52:18 CEST 2016 on sn-devel-144

3 years agoctdb-recoverd: Release recovery lock on exit
Martin Schwenke [Wed, 1 Jun 2016 23:26:40 +0000 (09:26 +1000)]
ctdb-recoverd: Release recovery lock on exit

The recovery lock helper must exit when it notices its parent is gone.
However, that can take a few seconds.

The usual way of terminating the recovery daemon is for the main ctdbd
to send it a SIGTERM.  Installing a handler is nice and simple.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-recoverd: Add handler for lost recovery lock
Martin Schwenke [Sat, 28 May 2016 21:25:05 +0000 (07:25 +1000)]
ctdb-recoverd: Add handler for lost recovery lock

If the process holding the recovery lock terminates unexpectedly then
the recovery daemon needs to know that the lock is no longer held.

While here, rename hold_reclock_handler() to take_reclock_handler() so
there is a clear difference between the two handler names.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-cluster-mutex: Register an extra handler for when mutex is lost
Martin Schwenke [Wed, 1 Jun 2016 09:05:47 +0000 (19:05 +1000)]
ctdb-cluster-mutex: Register an extra handler for when mutex is lost

Pass NULL if not needed.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-cluster-mutex: ctdb_cluster_mutex() registers handler and private data
Martin Schwenke [Wed, 1 Jun 2016 08:56:33 +0000 (18:56 +1000)]
ctdb-cluster-mutex: ctdb_cluster_mutex() registers handler and private data

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-cluster-mutex: Drop cluster_mutex_handler() ctdb and handle arguments
Martin Schwenke [Wed, 1 Jun 2016 07:10:26 +0000 (17:10 +1000)]
ctdb-cluster-mutex: Drop cluster_mutex_handler() ctdb and handle arguments

This makes the API more general.  If they are needed in a handler then
they can be in the private data.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-recovery: Wrap private data for reclock test callback
Martin Schwenke [Wed, 1 Jun 2016 07:45:36 +0000 (17:45 +1000)]
ctdb-recovery: Wrap private data for reclock test callback

This will allow a simplification of the cluster mutex API, so the
private data can be registered when calling ctdb_cluster_mutex().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-recoverd: Simplify reclock handler
Martin Schwenke [Wed, 1 Jun 2016 07:32:42 +0000 (17:32 +1000)]
ctdb-recoverd: Simplify reclock handler

Do the interesting work outside the handler.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-recoverd: Recovery lock handle should be in recovery deamon context
Martin Schwenke [Tue, 24 May 2016 04:54:39 +0000 (14:54 +1000)]
ctdb-recoverd: Recovery lock handle should be in recovery deamon context

This shouldn't be in the CTDB context.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-cluster-mutex: Pass a talloc context to allocate the handle off
Martin Schwenke [Sun, 29 May 2016 09:27:23 +0000 (19:27 +1000)]
ctdb-cluster-mutex: Pass a talloc context to allocate the handle off

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-recoverd: No need to reset reclock handler
Martin Schwenke [Mon, 30 May 2016 02:18:50 +0000 (12:18 +1000)]
ctdb-recoverd: No need to reset reclock handler

It won't be called more than once by the cluster mutex code.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-cluster-mutex: Don't call the supplied hander more than once
Martin Schwenke [Wed, 1 Jun 2016 08:46:41 +0000 (18:46 +1000)]
ctdb-cluster-mutex: Don't call the supplied hander more than once

After the first activity on the file descriptor, ignore any subsequent
activity.  Single-shot handlers are easier to write.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-recoverd: Fix buggy function return on memory allocation failure
Martin Schwenke [Wed, 1 Jun 2016 05:56:42 +0000 (15:56 +1000)]
ctdb-recoverd: Fix buggy function return on memory allocation failure

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-recoverd: Don't expose internal cluster mutex status
Martin Schwenke [Tue, 31 May 2016 08:37:30 +0000 (18:37 +1000)]
ctdb-recoverd: Don't expose internal cluster mutex status

Just expose whether the lock was taken.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-daemon: Rename recovery lock file to just recovery lock
Martin Schwenke [Tue, 17 May 2016 08:28:56 +0000 (18:28 +1000)]
ctdb-daemon: Rename recovery lock file to just recovery lock

It isn't necessarily a file.

Don't bother changing the control, since it doesn't pervade the code.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-daemon: Drop function ctdb_set_recovery_lock_file()
Martin Schwenke [Tue, 17 May 2016 08:24:53 +0000 (18:24 +1000)]
ctdb-daemon: Drop function ctdb_set_recovery_lock_file()

Setting the recovery lock file at startup can be done more simply.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-protocol: CTDB_CONTROL_SET_RECLOCK_FILE is obsolete
Martin Schwenke [Tue, 5 Apr 2016 06:13:43 +0000 (16:13 +1000)]
ctdb-protocol: CTDB_CONTROL_SET_RECLOCK_FILE is obsolete

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-protocol: Drop support for SET_RECLOCK
Martin Schwenke [Tue, 5 Apr 2016 06:12:00 +0000 (16:12 +1000)]
ctdb-protocol: Drop support for SET_RECLOCK

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-client: Remove support for SET_RECLOCK
Martin Schwenke [Tue, 5 Apr 2016 06:05:47 +0000 (16:05 +1000)]
ctdb-client: Remove support for SET_RECLOCK

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-recovery: Don't update recovery lock from daemon
Martin Schwenke [Tue, 5 Apr 2016 05:34:13 +0000 (15:34 +1000)]
ctdb-recovery: Don't update recovery lock from daemon

It can't change after startup.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-recovery: Don't sync recovery lock across cluster
Martin Schwenke [Tue, 5 Apr 2016 05:31:55 +0000 (15:31 +1000)]
ctdb-recovery: Don't sync recovery lock across cluster

Support for updating the recovery lock is being removed because it
isn't possible to recover from failure.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-recovery: Consistency check reclock in start recovery control
Martin Schwenke [Tue, 5 Apr 2016 05:26:22 +0000 (15:26 +1000)]
ctdb-recovery: Consistency check reclock in start recovery control

If the recovery lock setting is not consistent with that of the
recovery master then abort.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tool: Drop support for "ctdb setreclock" command
Martin Schwenke [Tue, 1 Mar 2016 01:32:48 +0000 (12:32 +1100)]
ctdb-tool: Drop support for "ctdb setreclock" command

The recovery lock can not be reliably updated at run-time.  If it
fails to update on some nodes then split-brain protection is gone and
there is no reasonable way to repair the situation.  CTDB will have to
be restarted on all nodes.  So, if this feature is being used to avoid
scheduling an outage then an outage will have to be scheduled just in
case!

To update the recovery lock, shut down CTDB on all nodes, reconfigure
the recovery lock and start CTDB again.

Those that *really* want to be able to change the recovery lock at
run-time can still do so.  Set CTDB_RECOVERY_LOCK to point to a script
and this script can then be modified at run-time.  However, please
don't report bugs if bad things happen...

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tests: Replace "ctdb setrelock" test with "ctdb getreclock" test
Martin Schwenke [Tue, 10 May 2016 09:54:09 +0000 (19:54 +1000)]
ctdb-tests: Replace "ctdb setrelock" test with "ctdb getreclock" test

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agolibsmb: Fix two CIDs for NULL dereference
Volker Lendecke [Tue, 7 Jun 2016 08:07:21 +0000 (10:07 +0200)]
libsmb: Fix two CIDs for NULL dereference

This whole area is a known-to-be-broken mess, but this patch should fix
the immediate crash

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jun  7 18:31:30 CEST 2016 on sn-devel-144

3 years agorpc_server: Fix CID 1362565 Improper use of negative value
Volker Lendecke [Tue, 7 Jun 2016 08:01:32 +0000 (10:01 +0200)]
rpc_server: Fix CID 1362565 Improper use of negative value

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
3 years agolib: Fix CID 1362566 Dereference null return value
Volker Lendecke [Tue, 7 Jun 2016 07:58:24 +0000 (09:58 +0200)]
lib: Fix CID 1362566 Dereference null return value

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
3 years agolib: Add accept_send/recv
Volker Lendecke [Sun, 30 Nov 2014 15:10:32 +0000 (16:10 +0100)]
lib: Add accept_send/recv

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agolib: Move poll_funcs to lib/
Volker Lendecke [Sat, 14 May 2016 08:07:24 +0000 (10:07 +0200)]
lib: Move poll_funcs to lib/

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agolib/util: Expose few more subsystems for standalone ctdb build
Amitay Isaacs [Sun, 15 May 2016 11:44:22 +0000 (21:44 +1000)]
lib/util: Expose few more subsystems for standalone ctdb build

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agolib: Move msghdr to lib/util/
Volker Lendecke [Sat, 14 May 2016 07:45:49 +0000 (09:45 +0200)]
lib: Move msghdr to lib/util/

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agolib/poll_funcs: Build as SAMBA_SUBSYSTEM
Amitay Isaacs [Sun, 15 May 2016 11:43:57 +0000 (21:43 +1000)]
lib/poll_funcs: Build as SAMBA_SUBSYSTEM

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agorepl: Avoid use-after-free when working with the working_schema
Andrew Bartlett [Tue, 7 Jun 2016 04:41:15 +0000 (16:41 +1200)]
repl: Avoid use-after-free when working with the working_schema

The original schema must live as long as the working_schema
as the working_schema starts as a shallow-copy of schema.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11953

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun  7 14:33:39 CEST 2016 on sn-devel-144

3 years agoselftest: Add a reverse variation to ReplicateMoveObject3
Andrew Bartlett [Thu, 2 Jun 2016 03:31:15 +0000 (15:31 +1200)]
selftest: Add a reverse variation to ReplicateMoveObject3

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Samba <garming@catalyst.net.nz>
3 years agoselftest: Assert replPropertyMetaData values before and after replication
Andrew Bartlett [Thu, 12 May 2016 23:41:53 +0000 (11:41 +1200)]
selftest: Assert replPropertyMetaData values before and after replication

This covers renames, addition of attributes, and the delete.

We also confirm the results via DRS.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agodsdb: Fix rename and RDN handling for replPropertyMetaData
Andrew Bartlett [Wed, 25 May 2016 02:49:31 +0000 (14:49 +1200)]
dsdb: Fix rename and RDN handling for replPropertyMetaData

This matches Windows 2012R2, which both has the RDN not sorted last and has it updated with the local
invocation_id and a local version.

The RDN attribute, unlike name, is not replicated over DRS, so the impact for interopability extends only to
the incorrect RDN values that we were finding with dbcheck (values that did not match the name values).

Finally, we always force the RDN to match the name attribute, which avoids issues
in dbcheck where these diverge.  As such, we can finally remove dbcheck as a
flapping test, last re-added in e4bab3a8282d263eb2391bc7e8a6fd64ae068935

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agodsdb: Fix incorrect sorting of replPropertyMetaData with RDN last
Andrew Bartlett [Fri, 13 May 2016 11:12:47 +0000 (23:12 +1200)]
dsdb: Fix incorrect sorting of replPropertyMetaData with RDN last

Per tests against Windows 2012R2 the RDN is not sorted last and is
instead sorted normally with all the other elements.

The RDN attribute, unlike name, is not replicated over DRS, so this
has no interopability impact.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
3 years agodsdb: Show initial replicated modify as well as resolved modify in repl_meta_data
Andrew Bartlett [Thu, 12 May 2016 23:40:55 +0000 (11:40 +1200)]
dsdb: Show initial replicated modify as well as resolved modify in repl_meta_data

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
3 years agoselftest: Add more tests to cover attribute changes vs DN renames
Andrew Bartlett [Tue, 10 May 2016 04:40:51 +0000 (16:40 +1200)]
selftest: Add more tests to cover attribute changes vs DN renames

This covers a bug where unrelated attribute changes would reverse a rename

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
3 years agodsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_apply...
Andrew Bartlett [Tue, 3 May 2016 22:42:41 +0000 (10:42 +1200)]
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_apply_search_callback()

This is the primary handler for renames

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
3 years agodsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_apply...
Andrew Bartlett [Tue, 3 May 2016 22:42:05 +0000 (10:42 +1200)]
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_apply_merge()

This is the main handler for attribute conflicts

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
3 years agodsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_handl...
Andrew Bartlett [Tue, 3 May 2016 22:41:48 +0000 (10:41 +1200)]
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_handle_rename()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agodsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_op_possible_conf...
Andrew Bartlett [Tue, 3 May 2016 22:41:15 +0000 (10:41 +1200)]
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_op_possible_conflict_callback()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agodsdb: Add new helper function replmd_replPropertyMetaData1_new_should_be_taken()
Andrew Bartlett [Tue, 3 May 2016 22:00:21 +0000 (10:00 +1200)]
dsdb: Add new helper function replmd_replPropertyMetaData1_new_should_be_taken()

This will allow the test for "name" and the actual DN to be consistent,
and so avoids dbcheck errors when CN and name do not match the DN

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
3 years agoselftest: Do not scan the full DB to confirm a specific DN in dbcheck
Andrew Bartlett [Tue, 7 Jun 2016 01:54:28 +0000 (13:54 +1200)]
selftest: Do not scan the full DB to confirm a specific DN in dbcheck

This avoids a full DB scan and therefore reduces the test time taken
when we just modified the cn=administrator record.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agoselftest: Run the krb5.kdc test on a more selective basis
Andrew Bartlett [Tue, 7 Jun 2016 01:51:09 +0000 (13:51 +1200)]
selftest: Run the krb5.kdc test on a more selective basis

The previous tests would take 20mins, the new set of tests take around 7 mins and still cover
the important combinations, given that it is the same KDC code in each environment

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agoselftest: These replication tests are now OK after we fixed all the replication bugs
Andrew Bartlett [Tue, 19 Apr 2016 05:28:59 +0000 (17:28 +1200)]
selftest: These replication tests are now OK after we fixed all the replication bugs

We have run this test a number of times, and these tests do not flap
in those tests

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun  7 01:45:08 CEST 2016 on sn-devel-144

3 years agoselftest: Add tests to show that we can not create duplicate schema entries
Andrew Bartlett [Tue, 19 Apr 2016 01:37:19 +0000 (13:37 +1200)]
selftest: Add tests to show that we can not create duplicate schema entries

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun  6 20:32:54 CEST 2016 on sn-devel-144

3 years agosamldb: Make checks for schema attributes much more strict
Andrew Bartlett [Tue, 19 Apr 2016 05:22:35 +0000 (17:22 +1200)]
samldb: Make checks for schema attributes much more strict

This avoids corrupting Samba when invalid schema is imported

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
3 years agoRemove the try/catch from urgent_replication.py
Andrew Bartlett [Mon, 18 Apr 2016 02:59:21 +0000 (14:59 +1200)]
Remove the try/catch from urgent_replication.py

This meant that for ages, the duplicate OID was unnoticed, and when the syntax
was corrected recently, this caused the test to run, and so cause trouble

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
3 years agoselftest: Assert that name, the RDN attribute and actual RDN are in sync
Andrew Bartlett [Sun, 27 Mar 2016 01:43:32 +0000 (14:43 +1300)]
selftest: Assert that name, the RDN attribute and actual RDN are in sync

This allows us to catch such errors here, rather than just on dbcheck later

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
3 years agoselftest: Add another test case to replica_sync test
Andrew Bartlett [Thu, 24 Mar 2016 01:06:12 +0000 (14:06 +1300)]
selftest: Add another test case to replica_sync test

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
3 years agorepl: Do not report all replication failures at level 0
Andrew Bartlett [Mon, 21 Mar 2016 02:51:12 +0000 (15:51 +1300)]
repl: Do not report all replication failures at level 0

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agoselftest/drs: Show we return the correct 3 objects for DRSUAPI_EXOP_FSMO_RID_ALLOC
Andrew Bartlett [Fri, 4 Mar 2016 00:12:42 +0000 (13:12 +1300)]
selftest/drs: Show we return the correct 3 objects for DRSUAPI_EXOP_FSMO_RID_ALLOC

This does not depend on DRSUAPI_DRS_GET_ANC.

This test is not new, but it was not previously being run.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agoselftest: initial version of new repl_move test
Andrew Bartlett [Wed, 9 Dec 2015 01:00:10 +0000 (14:00 +1300)]
selftest: initial version of new repl_move test

This tests complex rename and modify combinations in a way that
demonstrated a number of replication failures, due to incorrect
handling in Samba when the parent of the record changes.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
3 years agodsdb: Give the objectGUID ahead of LDIF dump of replicated changes
Andrew Bartlett [Mon, 21 Mar 2016 01:06:21 +0000 (14:06 +1300)]
dsdb: Give the objectGUID ahead of LDIF dump of replicated changes

This can help isolate which object this is when the object is involved
in a rename.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agodsdb: Simplify replmd_op_possible_conflict_callback behaviour
Andrew Bartlett [Sun, 27 Mar 2016 02:39:03 +0000 (15:39 +1300)]
dsdb: Simplify replmd_op_possible_conflict_callback behaviour

The previous behaviour of this code was to overwrite the req->callback of the original, failed request.

This is a problem for many reasons - including that ldb_module_done() may already have been
called on that pointer.

The correct pattern is to create a new request, and to call ldb_module_done() on the parent
request (the one in ar->req) not in this one, in the error case.

We use the passed in new callback either as the callback to call on success, or
as the callback to the ADD request.  We overwrite it with replmd_op_name_modify_callback
in the rename remote case, as before, but no longer modify req->callback as
this will not be used again.

This is less tricky and a little simpler to follow, as we also remove the
now unused handling for RENAME, which is in a separate routine now

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agodsdb: Split rename case out of replmd_op_possible_conflict_callback
Andrew Bartlett [Mon, 21 Mar 2016 00:32:55 +0000 (13:32 +1300)]
dsdb: Split rename case out of replmd_op_possible_conflict_callback

This avoids running this code path, originally written for the add case, in
a semi-async manner in the rename case, which caused both bugs and complexity.

This does create a deal of duplicated code, but it is easier to follow because
there are no longer special cases for ADD and RENAME in the "common" code and
the behaviour of ldb_module_done() and the callbacks is well defined and expected

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz
3 years agorepl_meta_data: Give more information on replication rename behaviour
Andrew Bartlett [Tue, 15 Mar 2016 02:19:21 +0000 (15:19 +1300)]
repl_meta_data: Give more information on replication rename behaviour

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agorepl_meta_data: Fail to replicate over local objects not NC_HEAD with a all-zero...
Andrew Bartlett [Tue, 15 Mar 2016 02:15:07 +0000 (15:15 +1300)]
repl_meta_data: Fail to replicate over local objects not NC_HEAD with a all-zero parentGUID

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agodsdb: Give more errors in operational module when building the parentGUID
Andrew Bartlett [Tue, 15 Mar 2016 02:11:54 +0000 (15:11 +1300)]
dsdb: Give more errors in operational module when building the parentGUID

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agodsdb: Clearly fail to replicate objects not NC_HEAD with a all-zero parentGUID
Andrew Bartlett [Tue, 15 Mar 2016 02:09:50 +0000 (15:09 +1300)]
dsdb: Clearly fail to replicate objects not NC_HEAD with a all-zero parentGUID

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agorepl: Enforce that we have parent objects for all replicated objects
Andrew Bartlett [Wed, 9 Dec 2015 04:05:56 +0000 (17:05 +1300)]
repl: Enforce that we have parent objects for all replicated objects

The creating of replicated objects without their parent object allows database corruption as they can end up under
the wrong object.  We need to re-try the replication with the DRSUAPI_DRS_GET_ANC flag
set to get the objects in tree order.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>