samba.git
3 years agos4:lib:registry: fix 'Conditional jump or move' valgrind error.
Noel Power [Fri, 15 Apr 2016 11:51:32 +0000 (12:51 +0100)]
s4:lib:registry: fix 'Conditional jump or move' valgrind error.

smbtorture local.registry.diff.dotreg.test_diff_apply produces the following
valgrind trace

==18367== Conditional jump or move depends on uninitialised value(s)
==18367==    at 0xA02ED96: reg_dotreg_diff_load (patchfile_dotreg.c:252)
==18367==    by 0xA031C6C: reg_diff_load (patchfile.c:375)
==18367==    by 0xA0323AB: reg_diff_apply (patchfile.c:542)
==18367==    by 0x15F116: test_diff_apply (diff.c:72)
==18367==    by 0x955460C: wrap_test_with_simple_test (torture.c:731)
==18367==    by 0x955366F: internal_torture_run_test (torture.c:442)
==18367==    by 0x9553A4B: torture_run_test_restricted (torture.c:542)
==18367==    by 0x260074: run_matching (smbtorture.c:110)
==18367==    by 0x25FF36: run_matching (smbtorture.c:95)
==18367==    by 0x25FF36: run_matching (smbtorture.c:95)
==18367==    by 0x25FF36: run_matching (smbtorture.c:95)
==18367==    by 0x260195: torture_run_named_tests (smbtorture.c:143)
==18367==

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agos4:torture:rpc: fix valgrind 'Syscall param writev(vector[...])' valgrind error
Noel Power [Fri, 15 Apr 2016 14:59:08 +0000 (15:59 +0100)]
s4:torture:rpc: fix valgrind 'Syscall param writev(vector[...])' valgrind error

when running smbtorture rpc.samba3.regconfig.regconfig

Note: to fix this particular error only the action_taken variable needed
to be initialised. ZERO-ing the structs for completeness.

==14958== Syscall param writev(vector[...]) points to uninitialised byte(s)
==14958==    at 0xFB9FC87: writev (in /lib64/libc-2.19.so)
==14958==    by 0x106C8003: writev_handler (async_sock.c:340)
==14958==    by 0xF67407E: epoll_event_loop (tevent_epoll.c:728)
==14958==    by 0xF67469C: epoll_event_loop_once (tevent_epoll.c:926)
==14958==    by 0xF671586: std_event_loop_once (tevent_standard.c:114)
==14958==    by 0xF66AD42: _tevent_loop_once (tevent.c:533)
==14958==    by 0xF66CB9D: tevent_req_poll (tevent_req.c:256)
==14958==    by 0x5D19305: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==14958==    by 0x88B2DED: dcerpc_binding_handle_call (binding_handle.c:556)
==14958==    by 0xBBCE851: dcerpc_winreg_CreateKey_r (ndr_winreg_c.c:1430)
==14958==    by 0x3D47C5: torture_samba3_createshare (samba3rpc.c:3192)
==14958==    by 0x3D50AC: torture_samba3_regconfig (samba3rpc.c:3299)
==14958==    by 0x9553F42: wrap_simple_test (torture.c:632)
==14958==    by 0x955366F: internal_torture_run_test (torture.c:442)
==14958==    by 0x9553A4B: torture_run_test_restricted (torture.c:542)
==14958==    by 0x260074: run_matching (smbtorture.c:110)
==14958==    by 0x25FF36: run_matching (smbtorture.c:95)
==14958==    by 0x25FF36: run_matching (smbtorture.c:95)
==14958==    by 0x260195: torture_run_named_tests (smbtorture.c:143)
==14958==    by 0x261E14: main (smbtorture.c:665)
==14958==  Address 0x18868ec6 is 598 bytes inside a block of size 1,325 alloc'd
==14958==    at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==14958==    by 0xF45EE38: __talloc_with_prefix (talloc.c:668)
==14958==    by 0xF45EFF5: _talloc_pool (talloc.c:721)
==14958==    by 0xF45F167: _talloc_pooled_object (talloc.c:790)
==14958==    by 0xF66C664: _tevent_req_create (tevent_req.c:66)
==14958==    by 0xB0D49CF: smb1cli_req_create (smbXcli_base.c:1322)
==14958==    by 0xB0E1E3D: smb1cli_trans_send (smb1cli_trans.c:512)
==14958==    by 0xB0ED44D: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==14958==    by 0xB0EC817: tstream_smbXcli_np_writev_write_next (tstream_smbXcli_np.c:578)
==14958==    by 0xB0EC4A7: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==14958==    by 0xC259DDA: tstream_writev_send (tsocket.c:695)
==14958==    by 0xC25AD44: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==14958==    by 0xF66BF73: tevent_queue_immediate_trigger (tevent_queue.c:149)
==14958==    by 0xF66BBFB: tevent_common_loop_immediate (tevent_immediate.c:135)
==14958==    by 0xF674602: epoll_event_loop_once (tevent_epoll.c:907)
==14958==    by 0xF671586: std_event_loop_once (tevent_standard.c:114)
==14958==    by 0xF66AD42: _tevent_loop_once (tevent.c:533)
==14958==    by 0xF66CB9D: tevent_req_poll (tevent_req.c:256)
==14958==    by 0x5D19305: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==14958==    by 0x88B2DED: dcerpc_binding_handle_call (binding_handle.c:556)
==14958==    by 0xBBCE851: dcerpc_winreg_CreateKey_r (ndr_winreg_c.c:1430)
==14958==    by 0x3D47C5: torture_samba3_createshare (samba3rpc.c:3192)
==14958==    by 0x3D50AC: torture_samba3_regconfig (samba3rpc.c:3299)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agos4:torture:rpc: fix valgrind 'Syscall param writev(vector[...])' error
Noel Power [Fri, 15 Apr 2016 15:15:54 +0000 (16:15 +0100)]
s4:torture:rpc: fix valgrind 'Syscall param writev(vector[...])' error

running smbtorture test rpc.samba3.winreg.winreg yields the following
valgrind trace

==18533== Syscall param writev(vector[...]) points to uninitialised byte(s)
==18533==    at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==18533==    by 0x106CB033: writev_handler (async_sock.c:340)
==18533==    by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18533==    by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18533==    by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==18533==    by 0xF673ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==18533==    by 0x5D19325: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==18533==    by 0x88B2E0D: dcerpc_binding_handle_call (binding_handle.c:556)
==18533==    by 0xBBD049F: dcerpc_winreg_EnumValue_r (ndr_winreg_c.c:2354)
==18533==    by 0x3D3E3E: enumvalues (samba3rpc.c:2982)
==18533==    by 0x3D40A5: enumkeys (samba3rpc.c:3042)
==18533==    by 0x3D4085: enumkeys (samba3rpc.c:3041)
==18533==  Address 0x1886edd6 is 598 bytes inside a block of size 1,325 alloc'd
==18533==    at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==18533==    by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==18533==    by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==18533==    by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==18533==    by 0xB0E1E6D: smb1cli_trans_send (smb1cli_trans.c:512)
==18533==    by 0xB0ED47D: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==18533==    by 0xB0EC847: tstream_smbXcli_np_writev_write_next (tstream_smbXcli_np.c:578)
==18533==    by 0xB0EC4D7: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==18533==    by 0xC259DFA: tstream_writev_send (tsocket.c:695)
==18533==    by 0xC25AD64: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==18533==    by 0xF673023: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.26)
==18533==    by 0xF677EED: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18533==

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agos4:torture:rpc: fix valgrind Syscall param writev(vector[...]) error
Noel Power [Fri, 15 Apr 2016 15:30:52 +0000 (16:30 +0100)]
s4:torture:rpc: fix valgrind Syscall param writev(vector[...]) error

running smbtorture rpc.srvsvc.srvsvc\ (admin\ access).NetDiskEnum results
in the following valgrind trace

==30237== Syscall param writev(vector[...]) points to uninitialised byte(s)
==30237==    at 0xDD01C67: writev (in /lib64/libc-2.19.so)
==30237==    by 0xE1D09D4: writev_handler (async_sock.c:340)
==30237==    by 0xD81A12A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30237==    by 0xD8185F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==30237==    by 0xD8147FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==30237==    by 0xD815ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==30237==    by 0x5AC726D: tevent_req_poll_ntstatus (in /usr/lib64/libtevent-util.so.0.0.1)
==30237==    by 0x8120CEA: dcerpc_binding_handle_call (in /usr/lib64/libdcerpc-binding.so.0.0.1)
==30237==    by 0xA9AC6EC: dcerpc_srvsvc_NetDiskEnum_r (ndr_srvsvc_c.c:5388)
==30237==    by 0x2ADDF8: ??? (in /usr/bin/smbtorture)
==30237==    by 0x898DF8C: ??? (in /usr/lib64/libtorture.so.0.0.1)
==30237==    by 0x1F0816: ??? (in /usr/bin/smbtorture)
==30237==  Address 0x15952676 is 598 bytes inside a block of size 1,325 alloc'd
==30237==    at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30237==    by 0xCCCAA73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==30237==    by 0xD81566D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==30237==    by 0xA2B7910: smb1cli_req_create (smbXcli_base.c:1322)
==30237==    by 0xA2BA4E3: smb1cli_trans_send (smb1cli_trans.c:512)
==30237==    by 0xA2C1F91: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==30237==    by 0xA2C23AE: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==30237==    by 0xAC8E43C: tstream_writev_send (tsocket.c:695)
==30237==    by 0xAC8E9BA: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==30237==    by 0xD815023: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.26)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agos4:libnet: fix 'Syscall param writev(vector[...])' valgrind error
Noel Power [Fri, 15 Apr 2016 15:22:02 +0000 (16:22 +0100)]
s4:libnet: fix 'Syscall param writev(vector[...])' valgrind error

running smbtorture rpc.dfs.netdfs.StdRoot yields the following valgrind trace

==18861== Syscall param writev(vector[...]) points to uninitialised byte(s)
==18861==    at 0xFBA2C87: writev (in /lib64/libc-2.19.so)
==18861==    by 0x106CB033: writev_handler (async_sock.c:340)
==18861==    by 0xF67812A: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18861==    by 0xF6765F6: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18861==    by 0xF6727FC: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.26)
==18861==    by 0xF673ACE: tevent_req_poll (in /usr/lib64/libtevent.so.0.9.26)
==18861==    by 0x5D19325: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==18861==    by 0x88B2E0D: dcerpc_binding_handle_call (binding_handle.c:556)
==18861==    by 0xBC6D0D2: dcerpc_srvsvc_NetShareDel_r (ndr_srvsvc_c.c:4272)
==18861==    by 0x9786C0C: libnet_DelShare (libnet_share.c:195)
==18861==    by 0x2E0174: test_NetShareDel (dfs.c:103)
==18861==    by 0x2E126F: test_cleanup_stdroot (dfs.c:488)
==18861==  Address 0x18869b46 is 598 bytes inside a block of size 1,325 alloc'd
==18861==    at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==18861==    by 0xF464A73: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.5)
==18861==    by 0xF67366D: _tevent_req_create (in /usr/lib64/libtevent.so.0.9.26)
==18861==    by 0xB0D49FF: smb1cli_req_create (smbXcli_base.c:1322)
==18861==    by 0xB0E1E6D: smb1cli_trans_send (smb1cli_trans.c:512)
==18861==    by 0xB0ED47D: tstream_smbXcli_np_readv_trans_start (tstream_smbXcli_np.c:901)
==18861==    by 0xB0EC847: tstream_smbXcli_np_writev_write_next (tstream_smbXcli_np.c:578)
==18861==    by 0xB0EC4D7: tstream_smbXcli_np_writev_send (tstream_smbXcli_np.c:505)
==18861==    by 0xC259DFA: tstream_writev_send (tsocket.c:695)
==18861==    by 0xC25AD64: tstream_writev_queue_trigger (tsocket_helpers.c:513)
==18861==    by 0xF673023: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.26)
==18861==    by 0xF677EED: ??? (in /usr/lib64/libtevent.so.0.9.26)
==18861==

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agoselftest/samba4.blackbox.export.keytab: check AS-REQ with SPN
Ralph Boehme [Sun, 24 Apr 2016 05:44:12 +0000 (07:44 +0200)]
selftest/samba4.blackbox.export.keytab: check AS-REQ with SPN

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agos4/heimdal: allow SPNs in AS-REQ
Ralph Boehme [Sun, 24 Apr 2016 05:39:25 +0000 (07:39 +0200)]
s4/heimdal: allow SPNs in AS-REQ

This allows testing keytabs with service tickets. Windows KDCs allow
this as well.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agoselftest/samba4.blackbox.export.keytab: check exported keytabs
Ralph Boehme [Fri, 22 Apr 2016 21:59:12 +0000 (23:59 +0200)]
selftest/samba4.blackbox.export.keytab: check exported keytabs

Now that we have a usable ktutil, actually verify that the exported
keytabs contains the keys we expect.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agoselftest/samba4.blackbox.export.keytab: use spn based on fqdn
Ralph Boehme [Fri, 22 Apr 2016 14:38:01 +0000 (16:38 +0200)]
selftest/samba4.blackbox.export.keytab: use spn based on fqdn

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agos4: add a minimal ktutil for selftest
Ralph Boehme [Fri, 22 Apr 2016 20:05:54 +0000 (22:05 +0200)]
s4: add a minimal ktutil for selftest

This minimalistic version of ktutil dumps all principal names and
encryption types from a keytab, eg:

./bin/samba4ktutil test.keytab
ktpassuser@HILLHOUSE.SITE (arcfour-hmac-md5)
ktpassuser@HILLHOUSE.SITE (aes256-cts-hmac-sha1-96)
ktpassuser@HILLHOUSE.SITE (aes128-cts-hmac-sha1-96)
ktpassuser@HILLHOUSE.SITE (des-cbc-md5)
ktpassuser@HILLHOUSE.SITE (des-cbc-crc)

This is all we need to run some tests against keytabs exported with
`samba-tool domain exportkeytab`.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agos4/libnet: fix exporting to keytab by SPN
Ralph Boehme [Sun, 17 Apr 2016 14:28:00 +0000 (16:28 +0200)]
s4/libnet: fix exporting to keytab by SPN

Fix a regression introduced by 5c5d586d3ebd40 that broke exporting
service principals by their spn with

  samba-tool exportkeytab --principal=<SPN>.

Iterating with samba_kdc_nextkey() only returns UPNs, so this can't work
with SPNs. If we want to search for a specific SPN, we have to use
samba_kdc_fetch().

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agokrb5_wrap: fix keep_old_entries logic in smb_krb5_kt_seek_and_delete_old_entries()
Ralph Boehme [Thu, 21 Apr 2016 18:55:36 +0000 (20:55 +0200)]
krb5_wrap: fix keep_old_entries logic in smb_krb5_kt_seek_and_delete_old_entries()

This fixes an regression introduced in 5c5d586d3ebd40 at a higher level
in the caller smb_krb5_kt_add_entry(): calling smb_krb5_kt_add_entry
with keep_old_entries=false resulted in only one enctype per principal
remaining in the exported keytab.

The function smb_krb5_kt_seek_and_delete_old_entries() is called from
smb_krb5_kt_add_entry() when adding keys to a keytab. When the keytab
contains keys with the same kvno as the key to be added and
keep_old_entries is false, the key is deleted without checking the
encryption type of the key. This means that when adding keys for a
principal only the last enctype will be in the exported keytab.

Fix this by checking the encryption type and only treat a key as "old"
if keytab_key_kvno <= new_key_kvno and keytab_key_enctype ==
new_key_enctype.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agokrb5_wrap: add enctype arg to smb_krb5_kt_seek_and_delete_old_entries()
Ralph Boehme [Thu, 21 Apr 2016 18:54:12 +0000 (20:54 +0200)]
krb5_wrap: add enctype arg to smb_krb5_kt_seek_and_delete_old_entries()

Unused in this commit, the next commit will use it to avoid deleting
keys with the same kvno but a different enctype.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agoctdb-tools: Drop onnode node specifications for recmaster/lvs/natgw
Martin Schwenke [Mon, 18 Apr 2016 06:59:53 +0000 (16:59 +1000)]
ctdb-tools: Drop onnode node specifications for recmaster/lvs/natgw

LVS and NAT gateway support had bit-rotted.  We don't use any of these
in scripts/tests and we very much doubt anyone else uses them.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Apr 25 10:34:47 CEST 2016 on sn-devel-144

3 years agoctdb-tools: Drop "ctdb natgwlist"
Martin Schwenke [Mon, 18 Apr 2016 07:13:38 +0000 (17:13 +1000)]
ctdb-tools: Drop "ctdb natgwlist"

The new individual status options are better.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tests: Make ctdb natgw tool tests cover all the desired outputs
Martin Schwenke [Mon, 18 Apr 2016 04:47:23 +0000 (14:47 +1000)]
ctdb-tests: Make ctdb natgw tool tests cover all the desired outputs

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tools: Add top-level "ctdb natgw" command
Martin Schwenke [Mon, 18 Apr 2016 04:26:58 +0000 (14:26 +1000)]
ctdb-tools: Add top-level "ctdb natgw" command

This can list the different aspects of status: master, list, status.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-scripts: Drop node count from "ctdb natgw status" output
Martin Schwenke [Mon, 18 Apr 2016 05:44:15 +0000 (15:44 +1000)]
ctdb-scripts: Drop node count from "ctdb natgw status" output

Tweak "ctdb natgw natgwlist" to keep output format the same.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-scripts: Tweak NAT gateway list output format
Martin Schwenke [Mon, 18 Apr 2016 04:48:10 +0000 (14:48 +1000)]
ctdb-scripts: Tweak NAT gateway list output format

Avoid gratuitous trailing whitespace.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-scripts: Fix incorrect comment
Martin Schwenke [Mon, 18 Apr 2016 04:19:10 +0000 (14:19 +1000)]
ctdb-scripts: Fix incorrect comment

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-ipalloc: Do ipreallocated even if no IP addresses can be allocated
Martin Schwenke [Wed, 20 Apr 2016 10:17:04 +0000 (20:17 +1000)]
ctdb-ipalloc: Do ipreallocated even if no IP addresses can be allocated

In particular, LVS won't work at all if there are no public IP
addresses.

This is a temporary solution until a generic reconfiguration hook is
implemented.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-daemon: Move port filtering to server side when getting tickles
Martin Schwenke [Mon, 23 Mar 2015 09:18:25 +0000 (20:18 +1100)]
ctdb-daemon: Move port filtering to server side when getting tickles

Why allocate all that memory and transfer all that data across the
socket?

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-scripts: Improve error messages when using NFS service_check_cmd
Martin Schwenke [Wed, 20 Apr 2016 05:19:45 +0000 (15:19 +1000)]
ctdb-scripts: Improve error messages when using NFS service_check_cmd

When external monitoring is enabled for an NFS service using
service_check_cmd then $ctdb_check_rpc_out is empty because the
internal RPC checking isn't used.  This results in empty log messages
like:

  60.nfs: ERROR:

or:

  60.nfs: WARNING:

Improve this so it at least says:

  60.nfs: ERROR: monitoring service "statd" failed

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tools: Fix a dangling reference to the LVS capability
Martin Schwenke [Mon, 18 Apr 2016 04:21:35 +0000 (14:21 +1000)]
ctdb-tools: Fix a dangling reference to the LVS capability

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-client: Use correct TDB flags for opening database
Amitay Isaacs [Fri, 8 Apr 2016 04:29:13 +0000 (14:29 +1000)]
ctdb-client: Use correct TDB flags for opening database

Persistent: TDB_DEFAULT
Volatile: TDB_NOSYNC | TDB_INCOMPATIBLE_HASH | TDB_CLEAR_IF_FIRST
          | TDB_MUTEX_LOCKING (if TDBMutexEnabled is set)

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sun Apr 24 03:25:27 CEST 2016 on sn-devel-144

3 years agoctdb-protocol: Consistency check for opcode in the reply structure
Amitay Isaacs [Thu, 21 Apr 2016 04:19:44 +0000 (14:19 +1000)]
ctdb-protocol: Consistency check for opcode in the reply structure

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-client: Set control opcode in reply for one-way controls
Amitay Isaacs [Fri, 22 Apr 2016 03:53:50 +0000 (13:53 +1000)]
ctdb-client: Set control opcode in reply for one-way controls

Some controls are fire-and-forget (CTDB_CTRL_FLAG_NOREPLY).  Since there
is no reply received, the opcode in the ctdb_reply_control structure
never gets set.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-protocol: Remove data structures for obsolete server_id controls
Amitay Isaacs [Thu, 21 Apr 2016 05:24:24 +0000 (15:24 +1000)]
ctdb-protocol: Remove data structures for obsolete server_id controls

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-client: Remove client functions related to server_id
Amitay Isaacs [Thu, 21 Apr 2016 05:22:47 +0000 (15:22 +1000)]
ctdb-client: Remove client functions related to server_id

These functions were used in the transaction code.  These controls did
not use server_id structure defined in samba, so samba would not use them.
Instead check if the process exists for conflicting g_lock entry.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-tool: Remove commands related to server_id
Amitay Isaacs [Thu, 21 Apr 2016 05:20:05 +0000 (15:20 +1000)]
ctdb-tool: Remove commands related to server_id

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-daemon: Remove unused controls related to server_id
Amitay Isaacs [Thu, 21 Apr 2016 05:18:33 +0000 (15:18 +1000)]
ctdb-daemon: Remove unused controls related to server_id

These controls have never been used and also they do not use the server_id
structure defined in samba.  In future, similar controls can be added to
register/unregister using proper server_id structure.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-tests: Improve code coverage in tests
Amitay Isaacs [Tue, 12 Apr 2016 06:02:53 +0000 (16:02 +1000)]
ctdb-tests: Improve code coverage in tests

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-tests: Fix flakey test complex/18_ctdb_reloadips.sh
Amitay Isaacs [Mon, 11 Apr 2016 04:01:42 +0000 (14:01 +1000)]
ctdb-tests: Fix flakey test complex/18_ctdb_reloadips.sh

This test sets TakeoverTimeout=90 to avoid banning during takeover.
However, the setting is done on the test node instead of the recovery
master node.  During "ctdb reloadips", the recovery master will used
the default value of TakeoverTimeout.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-tests: Update tests to include new controls
Amitay Isaacs [Thu, 21 Apr 2016 12:43:54 +0000 (22:43 +1000)]
ctdb-tests: Update tests to include new controls

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-daemon: Avoid memory leak
Amitay Isaacs [Tue, 5 Apr 2016 07:11:17 +0000 (17:11 +1000)]
ctdb-daemon: Avoid memory leak

ctdb->idr and ctdb->srv get initialized as part of ctdb_init() called
from ctdb_cmdline_init().

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-protocol: Define a range of SRVIDs used by the ctdb tool
Amitay Isaacs [Fri, 1 Apr 2016 06:05:05 +0000 (17:05 +1100)]
ctdb-protocol: Define a range of SRVIDs used by the ctdb tool

Get rid of the range reserved for traversals since it's not used.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-protocol: Remove unused CTDB_SRVID_PREFIX
Amitay Isaacs [Fri, 1 Apr 2016 06:00:59 +0000 (17:00 +1100)]
ctdb-protocol: Remove unused CTDB_SRVID_PREFIX

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-system: Fix typo in ctdb_get_peer_pid
Amitay Isaacs [Thu, 21 Apr 2016 01:31:13 +0000 (11:31 +1000)]
ctdb-system: Fix typo in ctdb_get_peer_pid

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-scripts: Avoid dividing by zero in memory calculation
Jose A. Rivera [Thu, 21 Apr 2016 18:09:21 +0000 (13:09 -0500)]
ctdb-scripts: Avoid dividing by zero in memory calculation

Don't do a percentage calculation for either memtotal or swaptotal if they
are zero.

Signed-off-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoFixes an obvious copy-paste error in source3/utils/net_dns.c
Richard Sharpe [Thu, 21 Apr 2016 03:56:05 +0000 (20:56 -0700)]
Fixes an obvious copy-paste error in source3/utils/net_dns.c

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Apr 22 10:45:30 CEST 2016 on sn-devel-144

3 years agolib: dns: Clean up allocated structure on error exit.
Jeremy Allison [Fri, 22 Apr 2016 00:35:37 +0000 (17:35 -0700)]
lib: dns: Clean up allocated structure on error exit.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
3 years agopdb_ldap: Don't use autofree if "mods" still changes
Volker Lendecke [Fri, 4 Mar 2016 09:51:33 +0000 (10:51 +0100)]
pdb_ldap: Don't use autofree if "mods" still changes

This will prevent some use-after-free's, potentially it might for example fix
bugzilla 11851. Not directly related, but it's a crash related to ldap-backed
user creation.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agonss_wins: Fix the hostent setup
Tom Mortensen [Sat, 16 Apr 2016 08:57:12 +0000 (10:57 +0200)]
nss_wins: Fix the hostent setup

This can never have been tested....

Signed-off-by: Tom Mortensen <tomm@lime-technology.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agonss_wins: ip_pton expects the raw IP address
Tom Mortensen [Sat, 16 Apr 2016 08:57:12 +0000 (10:57 +0200)]
nss_wins: ip_pton expects the raw IP address

Signed-off-by: Tom Mortensen <tomm@lime-technology.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agodbcheck: Avoid pathological behaviour in operational module
Garming Sam [Wed, 20 Apr 2016 03:25:45 +0000 (15:25 +1200)]
dbcheck: Avoid pathological behaviour in operational module

Because replPropertyMetadata was repeated for every object in the
database, the attrs list became very long.

This single line saves 20% of the time for make test TESTS=dbcheck.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Apr 20 09:12:47 CEST 2016 on sn-devel-144

3 years agocleanupd: restart as needed
Ralph Boehme [Tue, 19 Apr 2016 10:55:19 +0000 (12:55 +0200)]
cleanupd: restart as needed

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11855

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 19 20:35:33 CEST 2016 on sn-devel-144

3 years agolibads: record session expiry for spnego sasl binds
Uri Simchoni [Mon, 18 Apr 2016 20:08:38 +0000 (23:08 +0300)]
libads: record session expiry for spnego sasl binds

With the move to gensec-based spnego, record the session expiry
in tgs_expire, so that libads users such as winbindd can use this info
to determine how long to keep the connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11852

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Apr 19 16:53:57 CEST 2016 on sn-devel-144

3 years agoprinting: handle "printcap cache time" change on HUP
David Disseldorp [Mon, 18 Apr 2016 16:48:43 +0000 (18:48 +0200)]
printing: handle "printcap cache time" change on HUP

Reschedule the housekeeping event on SIGHUP and conf reload.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 19 13:14:20 CEST 2016 on sn-devel-144

3 years agoprinting: use housekeeping period that matches cache time
David Disseldorp [Mon, 18 Apr 2016 16:48:42 +0000 (18:48 +0200)]
printing: use housekeeping period that matches cache time

The printcap housekeeping callback is scheduled to run every 60 seconds,
and invokes pcap_cache_reload() to reload of the printcap cache *if* the
"printcap cache time" period has expired.

Given that pcap_cache_reload() invocation is the only job of the
housekeeping callback, it makes much more sense to schedule it every
"printcap cache time" seconds, rather than every 60 seconds.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agos4:libcli:smb2: Use constant time memcmp() to verify the signature
Andreas Schneider [Fri, 1 Apr 2016 08:16:25 +0000 (10:16 +0200)]
s4:libcli:smb2: Use constant time memcmp() to verify the signature

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agolibcli:smb2: Use constant time memcmp() to verify the signature
Andreas Schneider [Fri, 1 Apr 2016 08:15:39 +0000 (10:15 +0200)]
libcli:smb2: Use constant time memcmp() to verify the signature

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agoutil: Add memcmp_const_time()
Andreas Schneider [Fri, 1 Apr 2016 08:09:45 +0000 (10:09 +0200)]
util: Add memcmp_const_time()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agotests/passwords: fix a typo
Garming Sam [Wed, 13 Apr 2016 04:35:53 +0000 (16:35 +1200)]
tests/passwords: fix a typo

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Apr 19 07:54:35 CEST 2016 on sn-devel-144

3 years agotests/dsdb: Verify that only a new ldb affects reads of userPassword
Garming Sam [Mon, 22 Feb 2016 00:33:01 +0000 (13:33 +1300)]
tests/dsdb: Verify that only a new ldb affects reads of userPassword

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11853

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agodsdb: Only re-query dSHeuristics for userPassword support on modifies
Andrew Bartlett [Fri, 12 Feb 2016 02:53:37 +0000 (15:53 +1300)]
dsdb: Only re-query dSHeuristics for userPassword support on modifies

We keep the database startup value for search behaviour, as to re-check
is too expensive.  It caused every search to have an additional
search to the database.

We do not need to check as_system when setting ac->userPassword
as this is checked when all password attributes are stripped

As userPassword is not written to after fUserPwdSupport is set
we do not expose any data that was not already visible.

The database overhead was an oversight when this was
originally added with 7f171a9e0f9b5945bd16a1330ba0908090659030
in 2010.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11853

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
3 years agotests/rodc: Check that preload will skip broken users
Garming Sam [Thu, 14 Apr 2016 22:45:05 +0000 (10:45 +1200)]
tests/rodc: Check that preload will skip broken users

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Apr 18 07:40:07 CEST 2016 on sn-devel-144

3 years agorodc: Allow RODC preload to continue with invalid users
Garming Sam [Thu, 14 Apr 2016 21:59:11 +0000 (09:59 +1200)]
rodc: Allow RODC preload to continue with invalid users

Either the user may be missing from the database, or the user is not
included in the RODC password replication group.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
3 years agoctdb-tools: Remove simple uses of strcpy(3)
Martin Schwenke [Fri, 15 Apr 2016 04:52:45 +0000 (14:52 +1000)]
ctdb-tools: Remove simple uses of strcpy(3)

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sun Apr 17 17:37:06 CEST 2016 on sn-devel-144

3 years agoctdb-scripts: Use ss instead of netstat for finding TCP connections
Martin Schwenke [Thu, 27 Aug 2015 03:22:49 +0000 (13:22 +1000)]
ctdb-scripts: Use ss instead of netstat for finding TCP connections

ss with a filter is much faster than post-processing output from
netstat.  CTDB already has a hard dependency on iproute2 for IP
address handling, so depending on ss is no big deal.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-scripts: Missing NFS thread count file should just produce warning
Martin Schwenke [Wed, 9 Mar 2016 22:12:33 +0000 (09:12 +1100)]
ctdb-scripts: Missing NFS thread count file should just produce warning

This currently causes monitor failure.

Log a warning instead.  If there is a transient issue, such as NFS
being restarted in the background, then the thread count file should
be there the next time around so the count can be adjusted if
necessary.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-daemon: Log a message when fork(2) fails
Martin Schwenke [Fri, 1 Apr 2016 09:01:51 +0000 (20:01 +1100)]
ctdb-daemon: Log a message when fork(2) fails

It is useful to know what error occurred.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agowinbind: Base idmap_ad on tldap
Volker Lendecke [Sun, 27 Dec 2015 15:22:22 +0000 (16:22 +0100)]
winbind: Base idmap_ad on tldap

The main reason for this is to do proper connection management. I tried hard,
but I failed trying to slowly migrate the ads_struct based code to something
saner. So I polished tldap, which thanks to metze does proper sasl.

This patch is pretty much a complete rewrite, so looking at it in diff -u
format does not really make sense. Look at the final output.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Apr 15 19:13:39 CEST 2016 on sn-devel-144

3 years agowinbind: handle DC_NOT_FOUND in wb_xids2sids
Volker Lendecke [Tue, 12 Jan 2016 20:21:17 +0000 (21:21 +0100)]
winbind: handle DC_NOT_FOUND in wb_xids2sids

The idmap_ad child is designed to connect to domain controllers on
its own.  Finding a DC is a nontrivial task that the child should not
do on its own, in particular it should not have to connect to "our"
DC's NETLOGON pipe separately. So when idmap_ad finds that it needs to
connect to a DC, it returns NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND. The
parent then asynchronously does the lookup and stores the DC info in
gencache. After that the parent re-does the idmap child call, during
which the child will find the DC-info in gencache.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agowinbind: handle DC_NOT_FOUND in wb_sids2xids
Volker Lendecke [Tue, 12 Jan 2016 20:21:17 +0000 (21:21 +0100)]
winbind: handle DC_NOT_FOUND in wb_sids2xids

The idmap_ad child is designed to connect to domain controllers on
its own.  Finding a DC is a nontrivial task that the child should not
do on its own, in particular it should not have to connect to "our"
DC's NETLOGON pipe separately. So when idmap_ad finds that it needs to
connect to a DC, it returns NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND. The
parent then asynchronously does the lookup and stores the DC info in
gencache. After that the parent re-does the idmap child call, during
which the child will find the DC-info in gencache.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agowinbind: Add wb_dsgetdcname_gencache_[gs]et
Volker Lendecke [Thu, 17 Mar 2016 13:27:32 +0000 (14:27 +0100)]
winbind: Add wb_dsgetdcname_gencache_[gs]et

This is a sneaky way to pass the DC info from the parent winbind to children
and other users.

Not sure where exactly to put these routines. For now, put them into the parent
code to find the dcinfo from "our" dc.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agotldap: Add tldap_gensec_bind
Volker Lendecke [Fri, 18 Dec 2015 15:41:41 +0000 (16:41 +0100)]
tldap: Add tldap_gensec_bind

This enables sasl sign/sealed connections via tldap

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agotldap: Add tldap_get/set_stream
Volker Lendecke [Sun, 27 Dec 2015 11:37:25 +0000 (12:37 +0100)]
tldap: Add tldap_get/set_stream

This will be used to replace a nonencrypted socket with a sasl sealed one.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agoidmap_ad: Separate out the nss functions
Volker Lendecke [Tue, 29 Mar 2016 14:03:04 +0000 (16:03 +0200)]
idmap_ad: Separate out the nss functions

The nss functions technically right now are part of the idmap modules. However,
there is no intrinsic reason for this mixture of concerns. I would like to
heavily modify the idmap_ad idmapping functions without modifying the nss
functions (yet!!). So as a first step this patch moves the nss functions
textually out of the way.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
3 years agoMask general purpose signals for notifyd.
Hemanth Thummala [Thu, 14 Apr 2016 20:09:37 +0000 (13:09 -0700)]
Mask general purpose signals for notifyd.

Currently there is no signal handling available for notify daemon.
Signals like SIGHUP and SIGUSR1 can lead to terminate the notify
daemon. Masking these signals for notifyd as we are not handling them.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11840

Signed-off-by: Hemanth Thummala <hemanth.thummala@nutanix.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Apr 15 15:31:19 CEST 2016 on sn-devel-144

3 years agoctdb-daemon: Drop --lvs option and support for CTDB_CAP_LVS
Martin Schwenke [Sun, 10 Apr 2016 22:10:23 +0000 (08:10 +1000)]
ctdb-daemon: Drop --lvs option and support for CTDB_CAP_LVS

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Apr 15 09:35:51 CEST 2016 on sn-devel-144

3 years agoctdb-daemon: Drop --single-public-ip option and related code
Martin Schwenke [Sun, 10 Apr 2016 22:02:36 +0000 (08:02 +1000)]
ctdb-daemon: Drop --single-public-ip option and related code

This has been replaced by scripts.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-scripts: Simplify "ctdb lvs ..." output
Martin Schwenke [Wed, 13 Apr 2016 07:47:45 +0000 (17:47 +1000)]
ctdb-scripts: Simplify "ctdb lvs ..." output

For "master", if there is a master then print the PNN, otherwise print
nothing.

For "list", print the PNN and IP addresses without a colon in between.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tools: Change ctdb CLI to have a single "lvs" command
Martin Schwenke [Tue, 12 Apr 2016 01:31:41 +0000 (11:31 +1000)]
ctdb-tools: Change ctdb CLI to have a single "lvs" command

This simply calls out to the wrapper, so that commands are changed as
follows:

  ctdb lvsmaster -> ctdb lvs master
  ctdb lvs       -> ctdb lvs list

This provides a simple, extensible interface and means that "ctdb lvs
status" is also available.

Unit tests are streamlined so that there is a single test for each
CTDB state.  Each test does "master", "list" and "status" sub-tests.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tool: Change ctdb lvs/lvsmaster CLI commands to use ctdb_lvs helper
Martin Schwenke [Fri, 8 Apr 2016 07:14:44 +0000 (17:14 +1000)]
ctdb-tool: Change ctdb lvs/lvsmaster CLI commands to use ctdb_lvs helper

Update tests accordingly.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-scripts: Add monitoring of CTDB_LVS_PUBLIC_IFACE
Martin Schwenke [Thu, 14 Apr 2016 03:35:07 +0000 (13:35 +1000)]
ctdb-scripts: Add monitoring of CTDB_LVS_PUBLIC_IFACE

... and unit tests.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-doc: Add sample LVS configuration
Amitay Isaacs [Thu, 14 Apr 2016 06:30:38 +0000 (16:30 +1000)]
ctdb-doc: Add sample LVS configuration

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
3 years agoctdb-scripts: Call out to ctdb_lvs helper from 91.lvs
Martin Schwenke [Fri, 8 Apr 2016 06:21:08 +0000 (16:21 +1000)]
ctdb-scripts: Call out to ctdb_lvs helper from 91.lvs

To keep this commit comprehensible, 91.lvs and the CTDB CLI tool are
temporarily inconsistent.  The tool will be made consistent in a
subsequent commit.

LVS now uses a configuration file specified by CTDB_LVS_NODES and
supports the same slave-only syntax as CTDB_NATGW_NODES.  LVS also
uses new variable CTDB_LVS_PUBLIC_IFACE instead of
CTDB_PUBLIC_INTERFACE.

Update unit tests and documentation.

Note that the --lvs and --single-public-ip daemon options are no
longer used.  These will be removed and relevant documentation
updated in a subsequent commit.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-scripts: Move ctdb_get_ip_address() to functions file
Martin Schwenke [Fri, 8 Apr 2016 05:53:47 +0000 (15:53 +1000)]
ctdb-scripts: Move ctdb_get_ip_address() to functions file

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tools: Add new ctdb_lvs helper
Martin Schwenke [Thu, 7 Apr 2016 07:30:28 +0000 (17:30 +1000)]
ctdb-tools: Add new ctdb_lvs helper

This will replace the ctdb CLI tool "lvs" and "lvsmaster" options.  It
also makes LVS daemon support unnecessary.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-scripts: LVS eventscript cleanups
Martin Schwenke [Wed, 6 Apr 2016 20:11:49 +0000 (06:11 +1000)]
ctdb-scripts: LVS eventscript cleanups

Stylistic changes and cleaner code.  No functional changes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tests: Add unit tests for LVS eventscript
Martin Schwenke [Wed, 6 Apr 2016 20:18:21 +0000 (06:18 +1000)]
ctdb-tests: Add unit tests for LVS eventscript

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tests: LVS support for ctdb tool stub
Martin Schwenke [Thu, 7 Apr 2016 03:54:37 +0000 (13:54 +1000)]
ctdb-tests: LVS support for ctdb tool stub

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tests: Add ipvsadm test stub
Martin Schwenke [Wed, 6 Apr 2016 11:19:37 +0000 (21:19 +1000)]
ctdb-tests: Add ipvsadm test stub

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tests: Add 32-bit netmask support to "ip addr show" stub
Martin Schwenke [Thu, 7 Apr 2016 02:06:52 +0000 (12:06 +1000)]
ctdb-tests: Add 32-bit netmask support to "ip addr show" stub

In this case do not show broadcast address.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tests: Add loopback support for "ip link show" stub
Martin Schwenke [Thu, 7 Apr 2016 02:05:33 +0000 (12:05 +1000)]
ctdb-tests: Add loopback support for "ip link show" stub

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tests: Allow scope to be specified in "ip addr add" stub
Martin Schwenke [Thu, 7 Apr 2016 00:02:09 +0000 (10:02 +1000)]
ctdb-tests: Allow scope to be specified in "ip addr add" stub

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-scripts: Drop "recovered" event from 91.lvs
Martin Schwenke [Thu, 14 Apr 2016 06:26:39 +0000 (16:26 +1000)]
ctdb-scripts: Drop "recovered" event from 91.lvs

Having both "recovered" and "ipreallocated" means that everything
happens twice when there is a recovery.  No need for that.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-scripts: LVS eventscript error redirection improvements
Martin Schwenke [Thu, 7 Apr 2016 03:55:08 +0000 (13:55 +1000)]
ctdb-scripts: LVS eventscript error redirection improvements

Basic error redirection improvements before writing tests.

Deleting the service during "startup" will usually fail because the
service has never been setup, so redirect output to avoid logging an
error.

Similarly, deleting the service in "ipreallocated" will always fail
the first time, which would cause an error to be logged.  Given the
simplicity of the script, there's no sane way to avoid the error
sometimes and log it if it actually matters.  This could potentially
be tidied up in the future by making 91.lvs stateful, in a similar way
to 11.natgw.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-scripts: Drop hardcoded /sbin and /proc paths in LVS eventscript
Martin Schwenke [Wed, 6 Apr 2016 19:50:27 +0000 (05:50 +1000)]
ctdb-scripts: Drop hardcoded /sbin and /proc paths in LVS eventscript

It can now be unit tested.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-scripts: die() should output to stderr
Martin Schwenke [Fri, 8 Apr 2016 07:14:23 +0000 (17:14 +1000)]
ctdb-scripts: die() should output to stderr

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agos3:libsmb: Fix illegal memory access after memory has been deleted.
Noel Power [Wed, 13 Apr 2016 16:57:31 +0000 (17:57 +0100)]
s3:libsmb: Fix illegal memory access after memory has been deleted.

smbtorture with the libsmbclient test suite produces the following valgrind
trace

==31432== Invalid read of size 8
==31432==    at 0x99B8858: smbc_free_context (libsmb_context.c:260)
==31432==    by 0x5E6401: torture_libsmbclient_opendir (libsmbclient.c:136)
==31432==    by 0x9553F42: wrap_simple_test (torture.c:632)
==31432==    by 0x955366F: internal_torture_run_test (torture.c:442)
==31432==    by 0x95538C3: torture_run_tcase_restricted (torture.c:506)
==31432==    by 0x9553278: torture_run_suite_restricted (torture.c:357)
==31432==    by 0x95531D7: torture_run_suite (torture.c:339)
==31432==    by 0x25FEFF: run_matching (smbtorture.c:93)
==31432==    by 0x260195: torture_run_named_tests (smbtorture.c:143)
==31432==    by 0x261E14: main (smbtorture.c:665)
==31432==  Address 0x18864a70 is 80 bytes inside a block of size 96 free'd
==31432==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31432==    by 0x99BCC46: SMBC_closedir_ctx (libsmb_dir.c:922)
==31432==    by 0x99C06CA: SMBC_close_ctx (libsmb_file.c:370)
==31432==    by 0x99B8853: smbc_free_context (libsmb_context.c:259)
==31432==    by 0x5E6401: torture_libsmbclient_opendir (libsmbclient.c:136)
==31432==    by 0x9553F42: wrap_simple_test (torture.c:632)
==31432==    by 0x955366F: internal_torture_run_test (torture.c:442)
==31432==    by 0x95538C3: torture_run_tcase_restricted (torture.c:506)
==31432==    by 0x9553278: torture_run_suite_restricted (torture.c:357)
==31432==    by 0x95531D7: torture_run_suite (torture.c:339)
==31432==    by 0x25FEFF: run_matching (smbtorture.c:93)
==31432==    by 0x260195: torture_run_named_tests (smbtorture.c:143)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11836

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 14 13:24:10 CEST 2016 on sn-devel-144

3 years agos3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5
Stefan Metzmacher [Fri, 8 Apr 2016 08:05:38 +0000 (10:05 +0200)]
s3:libads: sasl wrapped LDAP connections against with kerberos and arcfour-hmac-md5

This fixes a regression in commit 2cb07ba50decdfd6d08271cd2b3d893ff95f5af9
(s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos)
that prevents things like 'net ads join' from working against a Windows 2003 domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11804

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Apr 12 23:02:56 CEST 2016 on sn-devel-144

3 years agoCVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against ad_dc
Stefan Metzmacher [Fri, 26 Jun 2015 19:05:53 +0000 (21:05 +0200)]
CVE-2015-5370: s4:selftest: run samba.tests.dcerpc.raw_protocol against ad_dc

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agoCVE-2015-5370: python/samba/tests: add some dcerpc raw_protocol tests
Stefan Metzmacher [Wed, 26 Mar 2014 21:42:19 +0000 (22:42 +0100)]
CVE-2015-5370: python/samba/tests: add some dcerpc raw_protocol tests

These are independent from our client library and allow
testing of invalid pdus.

It can be used like this in standalone mode:

SMB_CONF_PATH=/dev/null SERVER=172.31.9.188 python/samba/tests/dcerpc/raw_protocol.py
or
SMB_CONF_PATH=/dev/null SERVER=172.31.9.188 python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND.test_invalid_auth_noctx

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agoCVE-2015-5370: python/samba/tests: add infrastructure to do raw protocol tests for...
Stefan Metzmacher [Wed, 26 Mar 2014 21:42:19 +0000 (22:42 +0100)]
CVE-2015-5370: python/samba/tests: add infrastructure to do raw protocol tests for DCERPC

These are independent from our client library and allow
testing of invalid pdus.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
3 years agoCVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors
Stefan Metzmacher [Tue, 22 Dec 2015 20:13:41 +0000 (21:13 +0100)]
CVE-2015-5370: s4:librpc/rpc: call dcerpc_connection_dead() on protocol errors

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agoCVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors
Stefan Metzmacher [Tue, 22 Dec 2015 20:23:14 +0000 (21:23 +0100)]
CVE-2015-5370: s3:rpc_client: disconnect connection on protocol errors

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agoCVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destru...
Stefan Metzmacher [Wed, 23 Dec 2015 10:05:45 +0000 (11:05 +0100)]
CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agoCVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_co...
Stefan Metzmacher [Tue, 7 Jul 2015 22:01:37 +0000 (00:01 +0200)]
CVE-2015-5370: s3:rpc_server: verify auth_context_id in api_pipe_{bind_auth3,alter_context}

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agoCVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()
Stefan Metzmacher [Tue, 7 Jul 2015 20:51:18 +0000 (22:51 +0200)]
CVE-2015-5370: s3:rpc_client: verify auth_context_id in rpc_pipe_bind_step_one_done()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>