samba.git
15 months agoWHATSNEW: Add entry for "Dynamic DNS record scavenging support"
Andrew Bartlett [Tue, 10 Jul 2018 05:13:48 +0000 (17:13 +1200)]
WHATSNEW: Add entry for "Dynamic DNS record scavenging support"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
15 months agopython/tests: check setting values on dnsRecord attributes
Bob Campbell [Thu, 8 Dec 2016 20:13:11 +0000 (09:13 +1300)]
python/tests: check setting values on dnsRecord attributes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12451

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agotests dns: dns_base.py remove flake8 warnings
Gary Lockyer [Tue, 3 Jul 2018 05:03:38 +0000 (17:03 +1200)]
tests dns: dns_base.py remove flake8 warnings

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agotests dns: dns.py remove flake8 warnings
Gary Lockyer [Mon, 2 Jul 2018 04:51:00 +0000 (16:51 +1200)]
tests dns: dns.py remove flake8 warnings

Remove flake8 warnings from the code, this highlighted the issue with
test_update_add_null_char_rpc_to_dns fixed in the preceding commit.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agotests dns: fix rpc null byte test
Gary Lockyer [Mon, 2 Jul 2018 04:47:16 +0000 (16:47 +1200)]
tests dns: fix rpc null byte test

Fix update_add_null_char_rpc_to_dns so that the test matches the name.
It was not passing the embedded null to the rpc call.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agodns: static records
Aaron Haslett [Thu, 7 Jun 2018 04:51:37 +0000 (16:51 +1200)]
dns: static records

Modifies bind9 and internal dns to match windows static records behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agodns: update tool changed for scavenging
Aaron Haslett [Tue, 10 Jul 2018 01:14:18 +0000 (13:14 +1200)]
dns: update tool changed for scavenging

Now that scavenging is implemented, the DNS update tool needs to be changed so
that it always updates every name required by the DC.  Otherwise, the records
might be scavenged.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agodns+kcc: adding dns scavenging to kcc periodic run
Aaron Haslett [Tue, 29 May 2018 03:50:19 +0000 (15:50 +1200)]
dns+kcc: adding dns scavenging to kcc periodic run

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Pair-Programmed-With: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agodns: dns record scavenging function (without task)
Aaron Haslett [Fri, 1 Jun 2018 04:07:46 +0000 (16:07 +1200)]
dns: dns record scavenging function (without task)

DNS record scavenging function with testing.  The logic of the custom match rule
in previous commit is inverted so that calculations using zone properties can
be taken out of the function's inner loop. Periodic task to come.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agodns: Use ldb.SCOPE_SUBTREE in ldap_get_records() routine in tests/dns.py
Aaron Haslett [Tue, 10 Jul 2018 01:23:42 +0000 (13:23 +1200)]
dns: Use ldb.SCOPE_SUBTREE in ldap_get_records() routine in tests/dns.py

DNS records have the odd property that the DN can be reliably determined by the
name only, so we do not need a subtree search.

However by using a subtree search under the zone we can without
trapping exceptions confirm if the record exists or not in the tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
15 months agodns: custom match rule for DNS records to be tombstoned
Aaron Haslett [Mon, 2 Jul 2018 01:48:06 +0000 (13:48 +1200)]
dns: custom match rule for DNS records to be tombstoned

A custom match rule for records to be tombstoned by the scavenging process.
Needed because DNS records are a multi-valued attribute on name records, so
without a custom match rule we'd have entire zones into memory to search for
expired records.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
15 months agodns: server side implementation of record aging
Aaron Haslett [Mon, 2 Jul 2018 01:43:33 +0000 (13:43 +1200)]
dns: server side implementation of record aging

Code for retrieving aging properties from a zone and using them for timestamp
setting logic during processing of DNS requests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agodns: moving name_equal func into common
Aaron Haslett [Tue, 5 Jun 2018 05:12:44 +0000 (17:12 +1200)]
dns: moving name_equal func into common

This function is duplicated in the BIND9 and RPC DNS servers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agorpc dns: reset dword aging related zone properties
Aaron Haslett [Tue, 3 Jul 2018 03:34:32 +0000 (15:34 +1200)]
rpc dns: reset dword aging related zone properties

This allows a user to set zone properties relevant to DNS record aging over RPC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agorpc dns: reading zone properties from LDB
Aaron Haslett [Tue, 3 Jul 2018 03:33:06 +0000 (15:33 +1200)]
rpc dns: reading zone properties from LDB

Reading zone properties from LDB on server connection initialisation, instead
of them being volatile fields.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agodns: Reformat DNS with clang-format
Gary Lockyer [Tue, 10 Jul 2018 01:37:18 +0000 (13:37 +1200)]
dns: Reformat DNS with clang-format

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agorpc dns: setting timestamp to 0 on RPC processed records
Aaron Haslett [Wed, 30 May 2018 06:56:16 +0000 (18:56 +1200)]
rpc dns: setting timestamp to 0 on RPC processed records

All records created by RPC DNS server calls should have timestamp set to 0
according to [MS-DNSP]

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12451
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Aaron Haslett<aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agodns: record aging tests
Aaron Haslett [Wed, 9 May 2018 06:02:28 +0000 (18:02 +1200)]
dns: record aging tests

First basic DNS record aging tests.  These check that we can
turn aging on and off, and that timestamps are written on DNS
add and update calls, but not RPC calls.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agosmb.conf: add dns_zone_scavenging
Gary Lockyer [Wed, 11 Jul 2018 04:30:38 +0000 (16:30 +1200)]
smb.conf: add dns_zone_scavenging

Add parameter dns_zone_scavenging to control dns zone scavenging.
Scavenging is disabled by default, as due to
https://bugzilla.samba.org/show_bug.cgi?id=12451 the ageing properties of
existing DNS entries are incorrect.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
15 months agos4:messaging: make sure only imessaging_client_init() can be used with a wrapper...
Stefan Metzmacher [Fri, 18 May 2018 14:28:47 +0000 (16:28 +0200)]
s4:messaging: make sure only imessaging_client_init() can be used with a wrapper tevent_context wrapper

imessaging_client_init() can be used with a wrapper tevent_context,
but only if a global messaging_dgm_ref() already exist.

All other uses of imessaging_init() and imessaging_client_init()
require a raw tevent_context.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Jul 12 02:23:37 CEST 2018 on sn-devel-144

15 months agos4:messaging: allow imessaging_post_handler() to free the messaging context from...
Stefan Metzmacher [Sat, 19 May 2018 08:14:25 +0000 (10:14 +0200)]
s4:messaging: allow imessaging_post_handler() to free the messaging context from a handler

In usecases like using messaging_client_init() with irpc processing we may
free the imessaging_context during the messaging handler.
imessaging_post_handler() is not yet really used, but it will change in
the next commits. imessaging_post_state is a child of imessaging_context
and might be implicitly free'ed before the explicit TALLOC_FREE(state).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agos3:messages: allow messaging_filtered_read_send() to use wrapper tevent_context
Stefan Metzmacher [Fri, 23 Mar 2018 13:48:46 +0000 (14:48 +0100)]
s3:messages: allow messaging_filtered_read_send() to use wrapper tevent_context

As it gets 'messaging_context' as argument, we're sure a messaging context
with a raw tevent context already exist.

It means we can allow a wrapper tevent context that wrapps the main tevent
context of the messaging context.

The use of tevent_req_defer_callback() makes sure that the callers
callback function calls messaging_filtered_read_recv() from the
correct "wrapped" environment.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agos3:messages: allow messaging_dgm_ref() to use wrapper tevent_context
Stefan Metzmacher [Fri, 23 Mar 2018 13:48:46 +0000 (14:48 +0100)]
s3:messages: allow messaging_dgm_ref() to use wrapper tevent_context

This is only allowed if the raw tevent context is already registered.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agos3:messages: allow messaging_{dgm,ctdb}_register_tevent_context() to use wrapper...
Stefan Metzmacher [Fri, 23 Mar 2018 13:48:46 +0000 (14:48 +0100)]
s3:messages: allow messaging_{dgm,ctdb}_register_tevent_context() to use wrapper tevent_context

This is only allowed if the raw tevent context is already registered.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agos3:messages: protect against usage of wrapper tevent_context objects for messaging
Stefan Metzmacher [Fri, 18 May 2018 14:28:47 +0000 (16:28 +0200)]
s3:messages: protect against usage of wrapper tevent_context objects for messaging

This makes a lot of assumtion easier to understand and the introduction
of wrapper tevent contexts will not change the existing behaviour.

We'll relax this a bit in the next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agowinbindd: Do request profiling
Volker Lendecke [Tue, 19 Jun 2018 09:13:19 +0000 (11:13 +0200)]
winbindd: Do request profiling

By default we log a request that takes more than 60 seconds. This can be
changed by setting

winbind:request profile threshold = <seconds>

Another parameter controls the depth of the request hierarchy printed:

winbind:request profile depth = <n>

The default request logged to syslog via DEBUG(0) looks like the
following for a wbinfo -P:

[struct process_request_state] ../source3/winbindd/winbindd.c:683 [2018/06/19 13:33:14.190365] ../source3/winbindd/winbindd.c:853 [2018/06/19 13:33:14.192737] [0.002372] -> TEVENT_REQ_DONE (2 0))
 [struct winbindd_ping_dc_state] ../source3/winbindd/winbindd_ping_dc.c:41 [2018/06/19 13:33:14.190369] ../source3/winbindd/winbindd_ping_dc.c:112 [2018/06/19 13:33:14.192681] [0.002312] -> TEVENT_REQ_DONE (2 0))
  [struct dcerpc_wbint_PingDc_state] default/librpc/gen_ndr/ndr_winbind_c.c:4335 [2018/06/19 13:33:14.190383] default/librpc/gen_ndr/ndr_winbind_c.c:4396 [2018/06/19 13:33:14.192680] [0.002297] -> TEVENT_REQ_DONE (2 0))
   [struct dcerpc_wbint_PingDc_r_state] default/librpc/gen_ndr/ndr_winbind_c.c:4251 [2018/06/19 13:33:14.190385] default/librpc/gen_ndr/ndr_winbind_c.c:4285 [2018/06/19 13:33:14.192678] [0.002293] -> TEVENT_REQ_DONE (2 0))
    [struct dcerpc_binding_handle_call_state] ../librpc/rpc/binding_handle.c:371 [2018/06/19 13:33:14.190387] ../librpc/rpc/binding_handle.c:520 [2018/06/19 13:33:14.192675] [0.002288] -> TEVENT_REQ_DONE (2 0))
     [struct dcerpc_binding_handle_raw_call_state] ../librpc/rpc/binding_handle.c:149 [2018/06/19 13:33:14.190400] ../librpc/rpc/binding_handle.c:203 [2018/06/19 13:33:14.192646] [0.002246] -> TEVENT_REQ_DONE (2 0))
      [struct wbint_bh_raw_call_state] ../source3/winbindd/winbindd_dual_ndr.c:89 [2018/06/19 13:33:14.190402] ../source3/winbindd/winbindd_dual_ndr.c:204 [2018/06/19 13:33:14.192644] [0.002242] -> TEVENT_REQ_DONE (2 0))
       [struct wb_domain_request_state] ../source3/winbindd/winbindd_dual.c:473 [2018/06/19 13:33:14.190404] ../source3/winbindd/winbindd_dual.c:708 [2018/06/19 13:33:14.192640] [0.002236] -> TEVENT_REQ_DONE (2 0))
        [struct wb_child_request_state] ../source3/winbindd/winbindd_dual.c:198 [2018/06/19 13:33:14.190411] ../source3/winbindd/winbindd_dual.c:273 [2018/06/19 13:33:14.192638] [0.002227] -> TEVENT_REQ_DONE (2 0))
         [struct tevent_queue_wait_state] ../lib/tevent/tevent_queue.c:336 [2018/06/19 13:33:14.190412] ../lib/tevent/tevent_queue.c:355 [2018/06/19 13:33:14.190415] [0.000003] -> TEVENT_REQ_DONE (2 0))
         [struct wb_simple_trans_state] ../nsswitch/wb_reqtrans.c:375 [2018/06/19 13:33:14.190424] ../nsswitch/wb_reqtrans.c:432 [2018/06/19 13:33:14.192630] [0.002206] -> TEVENT_REQ_DONE (2 0))
          [struct req_write_state] ../nsswitch/wb_reqtrans.c:158 [2018/06/19 13:33:14.190425] ../nsswitch/wb_reqtrans.c:194 [2018/06/19 13:33:14.190472] [0.000047] -> TEVENT_REQ_DONE (2 0))
           [struct writev_state] ../lib/async_req/async_sock.c:263 [2018/06/19 13:33:14.190432] ../lib/async_req/async_sock.c:412 [2018/06/19 13:33:14.190470] [0.000038] -> TEVENT_REQ_DONE (2 0))
          [struct resp_read_state] ../nsswitch/wb_reqtrans.c:222 [2018/06/19 13:33:14.190475] ../nsswitch/wb_reqtrans.c:275 [2018/06/19 13:33:14.192629] [0.002154] -> TEVENT_REQ_DONE (2 0))
           [struct read_packet_state] ../lib/async_req/async_sock.c:458 [2018/06/19 13:33:14.190476] ../lib/async_req/async_sock.c:546 [2018/06/19 13:33:14.192626] [0.002150] -> TEVENT_REQ_DONE (2 0))
 [struct resp_write_state] ../nsswitch/wb_reqtrans.c:307 [2018/06/19 13:33:14.192693] ../nsswitch/wb_reqtrans.c:344 [2018/06/19 13:33:14.192734] [0.000041] -> TEVENT_REQ_DONE (2 0))
  [struct writev_state] ../lib/async_req/async_sock.c:263 [2018/06/19 13:33:14.192694] ../lib/async_req/async_sock.c:412 [2018/06/19 13:33:14.192732] [0.000038] -> TEVENT_REQ_DONE (2 0))

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agowinbindd: Convert process_request() to tevent_req
Volker Lendecke [Thu, 3 May 2018 13:12:55 +0000 (15:12 +0200)]
winbindd: Convert process_request() to tevent_req

Having a central tevent_req per winbind child request is prerequisite
for request profiling

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotorture: Test tevent_req_profile
Volker Lendecke [Wed, 2 May 2018 12:02:18 +0000 (14:02 +0200)]
torture: Test tevent_req_profile

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agolib: Add tevent_req_profile helpers
Volker Lendecke [Wed, 2 May 2018 11:59:57 +0000 (13:59 +0200)]
lib: Add tevent_req_profile helpers

Print and marshall/unmarshall tevent_req_profile structs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agolib: Multi-line a long line in wscript_build
Volker Lendecke [Wed, 2 May 2018 11:54:42 +0000 (13:54 +0200)]
lib: Multi-line a long line in wscript_build

Why? I'll add another file in a later commit

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agotevent: version 0.9.37 tevent-0.9.37
Stefan Metzmacher [Thu, 14 Aug 2014 19:51:09 +0000 (21:51 +0200)]
tevent: version 0.9.37

* simplify "poll" and "poll_mt" backends
* make tevent_abort() reachable for backends
* add tevent_common_invoke_*_handler() functions
* add tevent_context_same_loop() function
* add tevent_context_wrapper_create() infrastructure
* add tevent_req_profile infrastructure

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: Add tevent_req_profile
Volker Lendecke [Wed, 2 May 2018 12:01:56 +0000 (14:01 +0200)]
tevent: Add tevent_req_profile

This allows detailed reporting where a tevent_req spends its time

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agotevent: add a test that frees wrapper_ev with pending events
Ralph Boehme [Sat, 16 Jun 2018 14:55:44 +0000 (16:55 +0200)]
tevent: add a test that frees wrapper_ev with pending events

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agotevent: add a simple wrapper test
Ralph Boehme [Sat, 16 Jun 2018 12:12:01 +0000 (14:12 +0200)]
tevent: add a simple wrapper test

This checks that for all supported event types the before and after
handlers are called.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agotevent: add tevent_context_wrapper_create() infrastructure
Stefan Metzmacher [Tue, 22 Jul 2014 14:51:38 +0000 (16:51 +0200)]
tevent: add tevent_context_wrapper_create() infrastructure

This allows to specify wrapper tevent_contexts, which adds the ability
to run functions before and after the event handler functions.

This can be used to implement impersonation hooks
or advanced debugging/profiling hooks.

We'll undo the 0.9.36 ABI change on the 0.9.37 release
at the end of this patchset.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: make use of #include "system/threads.h"
Stefan Metzmacher [Tue, 22 May 2018 13:43:12 +0000 (15:43 +0200)]
tevent: make use of #include "system/threads.h"

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: split out tevent_common_invoke_fd_handler()
Stefan Metzmacher [Tue, 22 Jul 2014 12:45:33 +0000 (14:45 +0200)]
tevent: split out tevent_common_invoke_fd_handler()

We'll undo the 0.9.36 ABI change on the 0.9.37 release
at the end of this patchset.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: split out tevent_common_invoke_immediate_handler()
Stefan Metzmacher [Tue, 22 Jul 2014 11:08:42 +0000 (13:08 +0200)]
tevent: split out tevent_common_invoke_immediate_handler()

We'll undo the 0.9.36 ABI change on the 0.9.37 release
at the end of this patchset.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: split out tevent_common_invoke_timer_handler()
Stefan Metzmacher [Tue, 22 Jul 2014 11:08:42 +0000 (13:08 +0200)]
tevent: split out tevent_common_invoke_timer_handler()

As side effect this avoids tricks with an extra
tevent_common_timed_deny_destructor().

We'll undo the 0.9.36 ABI change on the 0.9.37 release
at the end of this patchset.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: split out tevent_common_invoke_signal_handler()
Stefan Metzmacher [Tue, 22 Jul 2014 11:01:01 +0000 (13:01 +0200)]
tevent: split out tevent_common_invoke_signal_handler()

As side effect this avoids tricks with tevent_se_exists_destructor() to
figure out if the event handler removed itself.

We'll undo the 0.9.36 ABI change on the 0.9.37 release
at the end of this patchset.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: simplify tevent_signal_destructor()
Stefan Metzmacher [Tue, 17 Apr 2018 14:43:54 +0000 (16:43 +0200)]
tevent: simplify tevent_signal_destructor()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: use talloc_zero() in tevent_signal.c
Stefan Metzmacher [Tue, 27 Mar 2018 12:30:20 +0000 (14:30 +0200)]
tevent: use talloc_zero() in tevent_signal.c

This might not be strictly required, but it might
avoid problems in future...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: simplify tevent_cleanup_pending_signal_handlers()
Stefan Metzmacher [Tue, 22 Jul 2014 10:02:45 +0000 (12:02 +0200)]
tevent: simplify tevent_cleanup_pending_signal_handlers()

Calling tevent_signal_destructor() does the same as se->event_ctx is already
NULL.

This also makes sure we correctly cleanup the SA_SIGINFO array.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: add tevent_common_check_double_free() helper function
Stefan Metzmacher [Tue, 17 Apr 2018 14:33:47 +0000 (16:33 +0200)]
tevent: add tevent_common_check_double_free() helper function

This will be used to generically support TALLOC_FREE() on
event which are currently running.

It aborts on every explicit talloc_free(), but ignores implicit
cleanup when the talloc parent is about to go.

We'll undo the 0.9.36 ABI change on the 0.9.37 release
at the end of this patchset.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: add tevent_threaded_schedule_immediate_destructor that just aborts
Stefan Metzmacher [Fri, 23 Mar 2018 09:32:15 +0000 (10:32 +0100)]
tevent: add tevent_threaded_schedule_immediate_destructor that just aborts

This will be active while the event is part of the ev->scheduled_immediates
list.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: use _tevent_schedule_immediate() to move events from a thread to the main_ev
Stefan Metzmacher [Fri, 23 Mar 2018 09:25:27 +0000 (10:25 +0100)]
tevent: use _tevent_schedule_immediate() to move events from a thread to the main_ev

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: use struct initializers for tevent_immediate
Stefan Metzmacher [Thu, 23 Oct 2014 05:15:14 +0000 (07:15 +0200)]
tevent: use struct initializers for tevent_immediate

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: use struct initializers for tevent_signal
Stefan Metzmacher [Thu, 23 Oct 2014 05:15:14 +0000 (07:15 +0200)]
tevent: use struct initializers for tevent_signal

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: use struct initializers for tevent_timer
Stefan Metzmacher [Thu, 23 Oct 2014 05:15:14 +0000 (07:15 +0200)]
tevent: use struct initializers for tevent_timer

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: use struct initializers for tevent_fd
Stefan Metzmacher [Thu, 23 Oct 2014 05:15:14 +0000 (07:15 +0200)]
tevent: use struct initializers for tevent_fd

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: make tevent_abort() available for backends
Stefan Metzmacher [Tue, 22 Jul 2014 13:10:00 +0000 (15:10 +0200)]
tevent: make tevent_abort() available for backends

We'll undo the 0.9.36 ABI change on the 0.9.37 release
at the end of this patchset.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: allow tevent_abort() to cope with ev == NULL
Stefan Metzmacher [Thu, 22 Mar 2018 15:51:01 +0000 (16:51 +0100)]
tevent: allow tevent_abort() to cope with ev == NULL

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent/testsuite: return after torture_fail()
Stefan Metzmacher [Thu, 23 Oct 2014 04:54:10 +0000 (06:54 +0200)]
tevent/testsuite: return after torture_fail()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent.h: improve tevent_req documentation
Ralph Boehme [Wed, 23 Sep 2015 02:27:53 +0000 (04:27 +0200)]
tevent.h: improve tevent_req documentation

Document tevent_req naming conventions.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agotevent: rewrite/simplify tevent_poll and maintain ev->fd_events correctly
Stefan Metzmacher [Mon, 18 Jun 2018 17:49:52 +0000 (19:49 +0200)]
tevent: rewrite/simplify tevent_poll and maintain ev->fd_events correctly

The following patches will rely on having all valid fd events in
ev->fd_events, even if they are temporary disabled with
tevent_set_fd_flags(fde, 0);

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agotevent: make use of tevent_common_wakeup() in the poll and poll_mt backends
Stefan Metzmacher [Mon, 18 Jun 2018 15:59:40 +0000 (17:59 +0200)]
tevent: make use of tevent_common_wakeup() in the poll and poll_mt backends

This simplifies the "poll_mt" logic a lot.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agowinbindd: Remove ads.h include from nss_info
Christof Schmitt [Tue, 26 Jun 2018 20:30:06 +0000 (13:30 -0700)]
winbindd: Remove ads.h include from nss_info

nss_info does not use libads. Removing this include
fixes a compile error when trying to compile with a
system provided heimdal library:

[2188/3043] Compiling source3/winbindd/nss_info.c
In file included from ../source3/libads/kerberos_proto.h:33:0,
                 from ../source3/include/ads.h:154,
                 from ../source3/winbindd/nss_info.c:24:
../lib/replace/system/kerberos.h:33:10: fatal error: krb5.h: No such file or directory
 #include <krb5.h>
          ^~~~~~~~

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Wed Jul 11 22:39:36 CEST 2018 on sn-devel-144

15 months agoctdb-scripts: Provide a gstack function if gstack is not available
Martin Schwenke [Sat, 2 Dec 2017 09:06:25 +0000 (20:06 +1100)]
ctdb-scripts: Provide a gstack function if gstack is not available

gstack isn't widely available, so provide a simple function that does
the same thing if it gstack can't be found.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jul 11 14:47:21 CEST 2018 on sn-devel-144

15 months agoctdb-tests: Drop residual CTDB_MANAGED_<service> variables
Martin Schwenke [Sat, 7 Jul 2018 10:16:42 +0000 (20:16 +1000)]
ctdb-tests: Drop residual CTDB_MANAGED_<service> variables

These no longer do anything.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-scripts: Drop event script CTDB_MANAGED_<service> variables
Martin Schwenke [Sat, 7 Jul 2018 10:06:47 +0000 (20:06 +1000)]
ctdb-scripts: Drop event script CTDB_MANAGED_<service> variables

Enable required event scripts to manage services.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-tests: Drop event script tests where CTDB_MANAGED_<service>=no
Martin Schwenke [Sat, 7 Jul 2018 09:58:38 +0000 (19:58 +1000)]
ctdb-tests: Drop event script tests where CTDB_MANAGED_<service>=no

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-tests: Ensure some event scripts are enabled for cluster tests
Martin Schwenke [Sat, 7 Jul 2018 12:07:54 +0000 (22:07 +1000)]
ctdb-tests: Ensure some event scripts are enabled for cluster tests

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-packaging: Enable some standard event scripts if none are enabled
Martin Schwenke [Sat, 7 Jul 2018 05:58:06 +0000 (15:58 +1000)]
ctdb-packaging: Enable some standard event scripts if none are enabled

CTDB needs the legacy/00.ctdb event script to be able to function
properly.  If this script is not enabled then assume a first-time
install or an upgrade to a version that requires events scripts to be
enabled via symlinks.  In these cases enable this script and other
commonly used scripts.

Remove links during uninstall (but not during upgrade).

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-build: Enable some standard event scripts if none are enabled
Martin Schwenke [Sat, 7 Jul 2018 05:23:27 +0000 (15:23 +1000)]
ctdb-build: Enable some standard event scripts if none are enabled

CTDB needs the legacy/00.ctdb event script to be able to function
properly.  If this script is not enabled then assume a first-time
install or an upgrade to a version that requires events scripts to be
enabled via symlinks.  In these cases enable this script and other
commonly used scripts.

Only do this for a direct install.  If DESTDIR is being used then
assume a package is being built and let the packager handle this case.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-build: Install event scripts in CTDB_DATADIR
Martin Schwenke [Fri, 6 Jul 2018 06:38:43 +0000 (16:38 +1000)]
ctdb-build: Install event scripts in CTDB_DATADIR

Signed-off-by: Martin Schwenke <martin@meltin.net>
Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-tests: Clean up define_test() for event scripts
Martin Schwenke [Sat, 7 Jul 2018 03:46:34 +0000 (13:46 +1000)]
ctdb-tests: Clean up define_test() for event scripts

Factor out a little bit of common code.  More coming.

Most of this is whitespace changes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-tests: Drop an unused case
Martin Schwenke [Sat, 7 Jul 2018 03:55:07 +0000 (13:55 +1000)]
ctdb-tests: Drop an unused case

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-tests: New install path CTDB_SCRIPT_DATA_DIR
Martin Schwenke [Sat, 7 Jul 2018 03:43:32 +0000 (13:43 +1000)]
ctdb-tests: New install path CTDB_SCRIPT_DATA_DIR

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-tools: All ctdb event commands to run without ctdbd
Martin Schwenke [Sat, 7 Jul 2018 23:05:11 +0000 (09:05 +1000)]
ctdb-tools: All ctdb event commands to run without ctdbd

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-event: Allow tool to enable/disable scripts without daemon
Martin Schwenke [Sat, 7 Jul 2018 23:02:44 +0000 (09:02 +1000)]
ctdb-event: Allow tool to enable/disable scripts without daemon

Only open the client socket when it is needed.  Note that this only
works for enabling/disabling event scripts via symlinks.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-event: Update event tool to handle symbolic links
Martin Schwenke [Fri, 6 Jul 2018 07:51:27 +0000 (17:51 +1000)]
ctdb-event: Update event tool to handle symbolic links

Supports the case when scripts are installed in the data directory and
are linked to when enabled.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-common: Add path support for datadir
Martin Schwenke [Fri, 6 Jul 2018 07:14:27 +0000 (17:14 +1000)]
ctdb-common: Add path support for datadir

Signed-off-by: Martin Schwenke <martin@meltin.net>
Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-build: Add CTDB_DATADIR
Martin Schwenke [Fri, 6 Jul 2018 06:37:55 +0000 (16:37 +1000)]
ctdb-build: Add CTDB_DATADIR

Signed-off-by: Martin Schwenke <martin@meltin.net>
Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-daemon: Drop the noiphost "node flags" bitmap
Martin Schwenke [Mon, 18 Jun 2018 07:00:57 +0000 (17:00 +1000)]
ctdb-daemon: Drop the noiphost "node flags" bitmap

This is no longer needed because inactive/disabled nodes no longer
report any available public IP addresses.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-daemon: Stop inactive/disabled nodes from reporting available IPs
Martin Schwenke [Mon, 18 Jun 2018 06:22:14 +0000 (16:22 +1000)]
ctdb-daemon: Stop inactive/disabled nodes from reporting available IPs

This can be done now that NoIPHostOnAllDisabled is gone and will allow
the public IP address failover logic to be simplified.

In the test code, still filter available IP addresses by node state.
This code can't currently read information about available IP
addresses but that will change in future

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-daemon: Drop plumbing for obsolete tunable NoIPHostOnAllDisabled
Martin Schwenke [Mon, 18 Jun 2018 06:06:18 +0000 (16:06 +1000)]
ctdb-daemon: Drop plumbing for obsolete tunable NoIPHostOnAllDisabled

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-daemon: Mark NoIPHostOnAllDisabled tunable as obsolete
Martin Schwenke [Mon, 18 Jun 2018 06:05:44 +0000 (16:05 +1000)]
ctdb-daemon: Mark NoIPHostOnAllDisabled tunable as obsolete

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-daemon: Change default for tunable NoIPHostOnAllDisabled to 1
Martin Schwenke [Mon, 18 Jun 2018 05:01:01 +0000 (15:01 +1000)]
ctdb-daemon: Change default for tunable NoIPHostOnAllDisabled to 1

Defaulting to host public IP addresses when all nodes are unhealthy
does not obey the principle of least surprise.  It has caused much
confusion over the years.  It often leads to problems when all nodes
are unhealthy due to something like a cluster filesystem being
unmounted.

Change the default value for this tunable as the first step of
completely removing this behaviour.

Remove tests that set NoIPHostOnAllDisabled=1 and update the expected
result for other tests where no nodes are healthy.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-tests: Setup public addresses in 60.nfs unit tests
Martin Schwenke [Tue, 3 Jul 2018 03:45:25 +0000 (13:45 +1000)]
ctdb-tests: Setup public addresses in 60.nfs unit tests

Even the monitor event runs update_tickles(), which needs public IP
addresses and FAKE_CTDB_NUMNODES to be initialised.  Currently this
works by default but soon we'll need FAKE_CTDB_NUMNODES in another
context.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoctdb-tests: Replace hardcoded IP address in test results
Martin Schwenke [Wed, 20 Jun 2018 07:59:53 +0000 (17:59 +1000)]
ctdb-tests: Replace hardcoded IP address in test results

Parameterise them with a variable instead.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
15 months agoWHATSNEW: Add more text about work done by Catalyst developers
Andrew Bartlett [Wed, 11 Jul 2018 04:03:42 +0000 (16:03 +1200)]
WHATSNEW: Add more text about work done by Catalyst developers

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 11 11:47:09 CEST 2018 on sn-devel-144

15 months agodoc: samba-tool drs showrepl --json and --summary
Douglas Bagnall [Wed, 11 Jul 2018 02:37:53 +0000 (14:37 +1200)]
doc: samba-tool drs showrepl --json and --summary

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agodoc: samba-tool visualize uptodateness
Douglas Bagnall [Wed, 11 Jul 2018 02:37:22 +0000 (14:37 +1200)]
doc: samba-tool visualize uptodateness

and --xdot option.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agoWHATSNEW: samba-tool drs showrepl and visualize changes
Douglas Bagnall [Wed, 11 Jul 2018 02:35:18 +0000 (14:35 +1200)]
WHATSNEW: samba-tool drs showrepl and visualize changes

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agovfs_audit: Extend list of recognized syslog(3) facilities and wrap them into #ifdef...
Timur I. Bakeyev [Mon, 9 Jul 2018 21:57:59 +0000 (23:57 +0200)]
vfs_audit: Extend list of recognized syslog(3) facilities and wrap them into #ifdef's. That list should be comprehensive enough to cover most of the existing OSes.

Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed Jul 11 08:44:10 CEST 2018 on sn-devel-144

15 months agowscript: Add --with-system-heimdalkrb5
Christof Schmitt [Tue, 10 Jul 2018 21:51:02 +0000 (14:51 -0700)]
wscript: Add --with-system-heimdalkrb5

Add the configure option --with-system-heimdalkrb5 to build Samba
explicitly with a system Heimdal kerberos library. This does the same as
the more complicated syntax

--bundled-libraries='!heimdal,!asn1,!com_err,!roken,!hx509,!wind,!gssapi,!hcrypto,!krb5,!heimbase,!asn1_compile,!compile_et,!kdc,!hdb,!heimntlm'

and it also enforces the conflicts with MIT Kerbros and the AD DC
build.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 11 05:18:59 CEST 2018 on sn-devel-144

15 months agoWHATSNEW: Added entries for PSOs, domain backup/restore, and rename
Tim Beale [Tue, 10 Jul 2018 22:15:12 +0000 (10:15 +1200)]
WHATSNEW: Added entries for PSOs, domain backup/restore, and rename

Added WHATSNEW blurbs for the following features:
- Password Settings Objects
- Domain backup and restore
- Domain rename tool

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
15 months agopass 'rdonly' or 'directory' flag to open a directory file.
Pooja Mahadik [Tue, 10 Jul 2018 05:47:42 +0000 (11:17 +0530)]
pass 'rdonly' or 'directory' flag to open a directory file.

Signed-off-by: Pooja Mahadik <pooja.mahadik@veritas.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul 11 02:22:18 CEST 2018 on sn-devel-144

15 months agos3/rpc_server: Character Encode Spotlight Queries
Ralph Boehme [Wed, 15 Mar 2017 12:38:19 +0000 (13:38 +0100)]
s3/rpc_server: Character Encode Spotlight Queries

Fix path escaping in Spotlight so paths with spaces or special
characters can be properly matched to tracker paths.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12688

Based-on-a-patch-from: Mike M Pestorich <mmpestorich@gmail.com>
(similar to github.com/netatalk/netatalk/commit/90aa43d)

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 10 23:17:20 CEST 2018 on sn-devel-144

15 months agos3:messages: make the loop in msg_dgm_ref_recv() more robust against stale pointers
Stefan Metzmacher [Mon, 9 Jul 2018 10:33:34 +0000 (12:33 +0200)]
s3:messages: make the loop in msg_dgm_ref_recv() more robust against stale pointers

The interaction between msg_dgm_ref_recv() and msg_dgm_ref_destructor()
doesn't allow two references from messaging_dgm_ref() to be free'd
during the loop in msg_dgm_ref_recv().

In addition to the global 'refs' list, we also need to
have a global 'next_ref' pointer, which can be adjusted in
msg_dgm_ref_destructor().

As AD DC we hit this when using irpc in auth_winbind,
which uses imessaging_client_init().
In addition to the main messaging_dgm_ref() in smbd,
source3/auth/auth_samba4.c: prepare_gensec() and
make_auth4_context_s4() also generate a temporary
imessaging_context for auth_context->msg_ctx from within
auth_generic_prepare().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13514

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
15 months agos4:messaging: add local.messaging.multi_ctx.multi_ctx test
Stefan Metzmacher [Tue, 10 Jul 2018 14:21:55 +0000 (16:21 +0200)]
s4:messaging: add local.messaging.multi_ctx.multi_ctx test

This tests the usage of multiple imessaging_contexts in one process
and also freeing two of them during a message handler.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13514

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
15 months agopython/tests: make the test_assoc_group_fail2() test more resilient against timing
Stefan Metzmacher [Thu, 21 Jun 2018 04:31:03 +0000 (06:31 +0200)]
python/tests: make the test_assoc_group_fail2() test more resilient against timing

On a busy system [e]poll() on the server will mark both the
old connection fd and also the listening fd as readable.

epoll() returns the events in order, so the server processes the
disconnect first.

With poll() we don't have an order of the events and the
server is likely to process the connect before the disconnect.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
15 months agoctdb: close the correct pipe fd in a test
Ralph Boehme [Tue, 19 Jun 2018 08:35:04 +0000 (10:35 +0200)]
ctdb: close the correct pipe fd in a test

This was discovered in an autobuild with a patched tevent that used the
"poll" backend by default. Test failure:

$ bin/sock_daemon_test /dev/shm/sock_daemon_test.pid /dev/shm/sock_daemon_test.sock 5
test5[28011]: daemon started, pid=28011
test5[28011]: listening on /dev/shm/sock_daemon_test.sock
sock_daemon_test: ../ctdb/tests/src/sock_daemon_test.c:980: test5: Assertion `ret == i+1' failed.
Abgebrochen (Speicherabzug geschrieben)
metze@SERNOX14:~/devel/samba/4.0/master4-test$ test5[28011]: PID 28010 gone away, exiting
test5[28011]: Shutting down
sock_daemon_test: ../ctdb/tests/src/sock_daemon_test.c:964: test5:
Assertion `ret == EINTR' failed.

After an epic debugging session we spotted the problem.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
15 months agoWHATSNEW add entries audit logging and lmdb.
Gary Lockyer [Tue, 10 Jul 2018 01:57:18 +0000 (13:57 +1200)]
WHATSNEW add entries audit logging and lmdb.

Add WHATSNEW entries for dsdb, password and group change audit logging,
as well as the ldb lmdb backend

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 10 12:53:54 CEST 2018 on sn-devel-144

15 months agoheimdal: Fix build with system provided heimdal library
Christof Schmitt [Tue, 26 Jun 2018 20:32:28 +0000 (13:32 -0700)]
heimdal: Fix build with system provided heimdal library

Trying to compile with a system provided heimdal library
results in this compile error:

[ 876/3043] Compiling source4/auth/kerberos/srv_keytab.c
In file included from /usr/include/heimdal/krb5.h:949:0,
                 from ../lib/replace/system/kerberos.h:33,
                 from ../source4/auth/kerberos/srv_keytab.c:31:
/usr/include/heimdal/krb5-protos.h:3894:1: error: unknown type name ‘HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE’; did you mean ‘_WARN_UNUSED_RESULT_’?
 HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 _WARN_UNUSED_RESULT_
/usr/include/heimdal/krb5-protos.h:3895:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘krb5_generate_random’
 krb5_generate_random (

The problem is that Samba provides a minimal krb5-types.h file
for the internal build that gets used during the build with
the system provided heimdal library. As the minimal file
does not provide all definitions, the build fails.

Fix this by having the krb-types.h file simply include the
include file from the system library, if the build is done
using the system provided heimdal library.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 10 07:30:26 CEST 2018 on sn-devel-144

15 months agonetcmd: Add sanity-check for invalid domain rename args
Tim Beale [Sun, 8 Jul 2018 21:44:30 +0000 (09:44 +1200)]
netcmd: Add sanity-check for invalid domain rename args

We are suggesting to users that it's safe to run a renamed domain in
parallel with the old backed-up domain. However, this would not be the
case if the user (foolishly) "renames" their domain using the exact same
NetBIOS name or DNS realm.

Using the same DNS realm fails later on (updating the dnsRoot values),
but using the same NetBIOS name actually succeeds. While we can't make
samba tools completely idiot-proof, we can protect users from the most
basic of (potentially unintended) errors with some simple sanity-checks.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agoselftest: Add a 'LABDC' testenv to mimic a preproduction test-bed
Tim Beale [Fri, 6 Jul 2018 03:59:31 +0000 (15:59 +1200)]
selftest: Add a 'LABDC' testenv to mimic a preproduction test-bed

One of the use-cases for the domain rename tool is to produce a lab
domain that can be used for pre-production testing of Samba.
Basically this involves taking a backup rename with --no-secrets (which
scrubs any sensitive info), and then restoring it.

This patch adds a testenv that mimics how a user would go about creating
a lab-domain. We run the same tests that we run against the restore and
rename testenvs.

Note that the rpc.echo tests for the testallowed and testdenied users
fail, because we don't backup the secrets for these users. So these
tests failing proves that the lab-DC testenv is correct.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agonetcmd: Add brief log file of what the backup actually contains
Tim Beale [Thu, 5 Jul 2018 22:35:03 +0000 (10:35 +1200)]
netcmd: Add brief log file of what the backup actually contains

There are now several different permutations of backup file that can be
created (i.e. online, rename, with/without secrets). Hopefully the admin
users would organize their backup files sensibly, but it can't hurt to
keep track of what the backup-file actually contains in a simple
human-readable file within the backup tar. E.g. We really don't want
backups with secrets-included and secrets-excluded getting mixed up.

Recording the DC used to make the domain backup may be useful in the
event of a catastrophic failure of the domain, e.g. DC replication may
have been broken for some time prior to the failure.

Recording the samba-tool version string may also be useful if there are
ever any backwards-compatibility issues introduced to the backup files.
The intention is to say we only support restoring a backup with the same
version of samba-tool that actually created the backup, however, it'd be
polite to users to actually record that version somewhere.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agonetcmd: Add no-secrets option to domain backups
Tim Beale [Thu, 5 Jul 2018 02:33:22 +0000 (14:33 +1200)]
netcmd: Add no-secrets option to domain backups

By default we include all the domain's secrets in the backup file. This
patch adds an extra option to exclude these secrets. In particular, this
is for the use case of creating a lab domain (where you might not feel
comfortable with the secrets for all your users being present).

Mostly this just involves passing the correct option to the join/clone.
I've also made sure that a password is also set for the Admin user
(samba does seem to start up without one set, but this behaviour is
closer to what happens during a provision).

The tests have been extended to use the new option, and to assert that
secrets are/aren't included as expected for some of the builtin testenv
users.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
15 months agoREADME.Coding disable include sorting in clang format
Gary Lockyer [Wed, 4 Jul 2018 22:36:51 +0000 (10:36 +1200)]
README.Coding disable include sorting in clang format

Update the clang format configuration to disable include sorting. This
is enabled by default and breaks samba code.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Jul 10 04:40:51 CEST 2018 on sn-devel-144