Martin Schwenke [Fri, 22 Jul 2016 05:13:27 +0000 (15:13 +1000)]
ctdb-tools: Simplify "ctdb getpid" output format
No preamble, just the PID.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 19 Jul 2016 06:22:52 +0000 (16:22 +1000)]
ctdb-tests: Add "ctdb process-exists" tool test
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Amitay Isaacs [Fri, 22 Jul 2016 07:31:07 +0000 (17:31 +1000)]
ctdb-tool: Simplify "ctdb process-exists"
Drop the PNN part of the argument, improve output.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Thu, 7 Jul 2016 06:11:06 +0000 (16:11 +1000)]
ctdb-tests: Add "ctdb uptime" tool test
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Amitay Isaacs [Fri, 22 Jul 2016 07:57:10 +0000 (17:57 +1000)]
ctdb-tool: Improve "ctdb uptime" output format
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Tue, 19 Jul 2016 05:59:30 +0000 (15:59 +1000)]
ctdb-tests: Add "ctdb recmaster" tool tests
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 7 Jul 2016 05:55:48 +0000 (15:55 +1000)]
ctdb-tests: Add "ctdb ping" tool test
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 15 Jul 2016 07:04:50 +0000 (17:04 +1000)]
ctdb-tests: Add "ctdb ifaces" tool test
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Amitay Isaacs [Fri, 22 Jul 2016 07:55:12 +0000 (17:55 +1000)]
ctdb-tests: Fix "ctdb status" test
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Mon, 25 Jul 2016 00:43:41 +0000 (10:43 +1000)]
ctdb-tests: Drop a "ctdb reloadnodes" tool test
Replacement for ctdb tool will not support multiple debug levels.
This test could be modified to use the default debug level but that
would make it identical to reloadnodes test #19.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Amitay Isaacs [Fri, 22 Jul 2016 07:38:56 +0000 (17:38 +1000)]
ctdb-tool: Fix a log message in "ctdb reloadnodes"
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 22 Jul 2016 07:08:25 +0000 (17:08 +1000)]
ctdb-tool: Exit with 1 on failure instead of -1
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 22 Jul 2016 06:58:38 +0000 (16:58 +1000)]
ctdb-tool: Drop arbitrary exit codes
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 22 Jul 2016 07:14:52 +0000 (17:14 +1000)]
ctdb-tests: Drop ctdb tool debug level to NOTICE
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 22 Jul 2016 06:54:27 +0000 (16:54 +1000)]
ctdb-tool: Log a message at INFO level
This message was useful when debugging during development but it isn't
generally useful.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Thu, 21 Jul 2016 01:52:18 +0000 (11:52 +1000)]
ctdb-tests: Error on invalid destnode in fake_ctdbd
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 20 Jul 2016 11:33:34 +0000 (21:33 +1000)]
ctdb-tests: Have fake_ctdbd log request IDs
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 15 Jul 2016 05:22:19 +0000 (15:22 +1000)]
ctdb-tests: Allow secondary tool commands to be tested
New function simple_test_other() allows other tool commands to be
tested along with the main command.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 19 Jul 2016 10:10:10 +0000 (20:10 +1000)]
ctdb-tests: Allow fake_ctdbd and tool to be run under valgrind in tool tests
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 19 Jul 2016 05:50:33 +0000 (15:50 +1000)]
ctdb-tests: Clean up temporary files in tool tests
If CTDB_TESTS_VAR isn't cleaned up between runs then this can result
in a lot of accumulated temporary files, so clean up the temporary
files.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 7 Jul 2016 06:22:59 +0000 (16:22 +1000)]
ctdb-tests: Require setup_ctdbd() call in tool tests
This makes the ctdbd setup explicit and allows multiple calls to
simple_test() in the same test without ugly re-initialisation.
While here drop any unneeded ctdbd initialisation, such as VNNMAP and
IFACES. These have often been needlessly present, cluttering the
tests.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 4 Jul 2016 04:36:31 +0000 (14:36 +1000)]
ctdb-doc: Document limitation of "ctdb reloadips"
This limitation can be removed with a reasonable amount of effort. It
probably isn't worth doing until the public IP address configuration
is stored in a cluster-wide database. That seems like the right time
to change the API to handle the details that
CTDB_CONTROL_GET_PUBLIC_IPS doesn't currently retrieve.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 22 Jul 2016 20:36:32 +0000 (06:36 +1000)]
ctdb-doc: Update allowed debug levels to include "ERROR"
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 22 Jul 2016 10:24:12 +0000 (20:24 +1000)]
ctdb-doc: Drop documentation for "ctdb xpnn"
This command was deleted some time ago.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 22 Jul 2016 05:32:39 +0000 (15:32 +1000)]
ctdb-doc: Drop documentation for "ctdb setmonmode"
The actual command was removed nearly 10 years ago.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Amitay Isaacs [Fri, 22 Apr 2016 07:30:31 +0000 (17:30 +1000)]
ctdb-build: Add missing dependency on samba-util
reqid.c uses idr, which requires samba-util.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 06:53:34 +0000 (16:53 +1000)]
ctdb-locking: Remove ctdb_db_prio_iterator function
It is not used anymore.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 06:56:15 +0000 (16:56 +1000)]
ctdb-freeze: Remove ctdb_db_prio_frozen() function
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 06:47:57 +0000 (16:47 +1000)]
ctdb-locking: Remove API for locking databases with priority
This is not used anymore.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 06:42:13 +0000 (16:42 +1000)]
ctdb-locking: Remove API for locking all databases
This has never been used.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 07:49:14 +0000 (17:49 +1000)]
ctdb-daemon: Remove priority field from ctdb_db_context
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 21 Jul 2016 03:35:12 +0000 (13:35 +1000)]
ctdb-protocol: Deprecate controls SET/GET_DB_PRIORITY
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 21 Jul 2016 03:34:44 +0000 (13:34 +1000)]
ctdb-protocol: Drop marshalling code for set/get_db_priority
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 07:37:40 +0000 (17:37 +1000)]
ctdb-client: Remove code to set/get_db_priority from new client code
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 07:36:18 +0000 (17:36 +1000)]
ctdb-client: Remove client code for set/get_db_priority
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 07:34:03 +0000 (17:34 +1000)]
ctdb-daemon: Remove implementation of SET/GET_DB_PRIORITY
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 07:25:15 +0000 (17:25 +1000)]
ctdb-tool: Remove setdbprio and getdbprio commands
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 07:31:21 +0000 (17:31 +1000)]
dbwrap_ctdb: Remove setting of database priority from samba
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 07:28:19 +0000 (17:28 +1000)]
ctdb-recoverd: Remove code that updates database priorities during recovery
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 22 Jul 2016 04:44:44 +0000 (14:44 +1000)]
ctdb-protocol: Remove CTDB_NUM_DB_PRIORITIES
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 22 Jul 2016 05:00:14 +0000 (15:00 +1000)]
ctdb-client: Remove ctdb_ctrl_freeze_priority() function
ctdb_ctrl_freeze() now only needs to send a single control since there
are no database priorities any more.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 21 Jul 2016 03:16:53 +0000 (13:16 +1000)]
ctdb-freeze: Drop function thaw_priority()
There are no database priorities anymore, so the function name does
not make any sense. Call the code in thaw_priority() directly from
ctdb_control_thaw().
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 06:32:16 +0000 (16:32 +1000)]
ctdb-daemon: Drop priorites from freeze/thaw code
Parallel database recovery freezes databases in parallel and irrespective
of database priority. So drop priority from freeze/thaw code.
Database priority will be dropped completely soon.
Now FREEZE and THAW controls operate on all the databases.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 06:06:37 +0000 (16:06 +1000)]
ctdb-recovery: Remove serial database recovery code
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 06:30:26 +0000 (16:30 +1000)]
ctdb-vacuum: Do not use freeze_mode outside freeze code
If the database is not frozen and recovery mode is not active, then
vacuuming can continue.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 07:07:18 +0000 (17:07 +1000)]
ctdb-client: Mark ctdb_ctrl_freeze_priority static
It is not used outside ctdb_client.c
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 21 Jul 2016 02:53:56 +0000 (12:53 +1000)]
ctdb-client: Drop unused functions ctdb_ctrl_freeze_send/recv
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 21 Jul 2016 02:47:16 +0000 (12:47 +1000)]
ctdb-client: Reimplement ctdb_ctrl_freeze_priority() using ctdb_control()
This makes it easier to drop unused async implementation of the same.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 21 Jul 2016 04:20:48 +0000 (14:20 +1000)]
ctdb-protocol: Drop marshalling code for THAW control
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 20 Jul 2016 07:44:46 +0000 (17:44 +1000)]
ctdb-client: Remove function ctdb_ctrl_thaw() from new client API
This function is not used anywhere.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 07:18:31 +0000 (17:18 +1000)]
ctdb-client: Remove functions ctdb_ctrl_thaw_priority() and ctdb_ctrl_thaw()
These functions are not used anywhere.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 07:17:04 +0000 (17:17 +1000)]
ctdb-tool: Remove ctdb thaw command
Databases should never be thawed manually. A database recovery will
correctly thaw all databases. Otherwise there is a bug in the database
recovery.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Jul 2016 06:50:43 +0000 (16:50 +1000)]
ctdb-locking: Drop code for Samba 3.x compatibility
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 13 Jul 2016 06:22:53 +0000 (16:22 +1000)]
ctdb-web: Remove ctdb webpages from source
CTDB web pages are now tracked in a separate repo. Most of the pages
are outdated and will be removed soon with links to the wiki.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Alexander Bokovoy [Sun, 24 Jul 2016 12:47:33 +0000 (15:47 +0300)]
Wrap krb5_cc_copy_creds and krb5_cc_copy_cache
Heimdal and MIT Kerberos have different API to copy credentials from a
ccache. Wrap it via lib/krb5_wrap/.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jul 25 21:27:58 CEST 2016 on sn-devel-144
Garming Sam [Mon, 25 Jul 2016 00:51:29 +0000 (12:51 +1200)]
kcc: fix a typo
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jul 25 17:42:33 CEST 2016 on sn-devel-144
Garming Sam [Fri, 22 Jul 2016 04:38:40 +0000 (16:38 +1200)]
kcc: typo fix tupple => tuple
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Garming Sam [Thu, 16 Jun 2016 01:01:23 +0000 (13:01 +1200)]
AddressSanitizer: Initialize for vfs_fruit.c
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Garming Sam [Thu, 16 Jun 2016 01:00:20 +0000 (13:00 +1200)]
AddressSanitizer: Initialize for smbd/oplock.c
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Garming Sam [Thu, 21 Jul 2016 22:56:07 +0000 (10:56 +1200)]
AddressSanitizer: Initialize for kcc_topology.c
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Thu, 26 May 2016 05:56:49 +0000 (22:56 -0700)]
vfs_gpfs: Retry getacl with DAC capability if necessary
Samba always tries to read the ACL of a file and checks it internally.
If the READ_ACL permission is missing in GPFS, then then reading the ACL
for Samba internal evaluation will be denied and opening the file or
directory fails. Change this by retrying reading the ACL with the DAC
capability if access was denied.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Mon Jul 25 10:30:02 CEST 2016 on sn-devel-144
Yan, Zheng [Mon, 21 Mar 2016 02:42:21 +0000 (10:42 +0800)]
s3: vfs: ceph: Add posix acl support
Signed-off-by: Yan, Zheng <zyan@redhat.com>
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Sun Jul 24 04:08:23 CEST 2016 on sn-devel-144
Yan, Zheng [Mon, 21 Mar 2016 02:42:20 +0000 (10:42 +0800)]
s3: vfs: generalize functions that set/get posix acl through xattr
Move posix acl related code in vfs_glusterfs.c to a seperate module.
Signed-off-by: Yan, Zheng <zyan@redhat.com>
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Günther Deschner [Thu, 21 Jul 2016 12:25:56 +0000 (14:25 +0200)]
s4-torture: fix compile of new NDR PAC tests with MIT Kerberos.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jul 23 09:50:46 CEST 2016 on sn-devel-144
Günther Deschner [Thu, 21 Jul 2016 12:26:45 +0000 (14:26 +0200)]
s4-torture: add new torture_assert_krb5_error_equal macro.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Fri, 22 Jul 2016 18:17:24 +0000 (11:17 -0700)]
s4: messaging: Remove bool auto_remove parameter from imessaging_init().
With modern messaging this doesn't do anything (it's an
empty destructor). Clean up so we can add a proper destructor
in future.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Wed, 20 Jul 2016 23:40:53 +0000 (16:40 -0700)]
s3: smbd: vfs: Remove any stale xattr values during file/directory create in vfs_xattr_tdb()
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 13 Jul 2016 06:17:15 +0000 (08:17 +0200)]
s4:dsdb/replicated_objects: don't skip notifications on resolved conflicts
We should propagate resolved conflicts immediately.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jul 23 03:18:58 CEST 2016 on sn-devel-144
Stefan Metzmacher [Wed, 13 Jul 2016 06:15:20 +0000 (08:15 +0200)]
s4:dsdb/repl_meta_data: remember originating updates when applying replicated changes
The caller needs to know about them in order to decide about possible
notifications.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 May 2016 22:13:33 +0000 (00:13 +0200)]
s4:kdc: provide a PAC_UPN_DNS_INFO element for logons
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 7 Jan 2016 13:55:07 +0000 (14:55 +0100)]
auth/auth_sam_reply: fill user_principal_* and dns_domain_name in make_user_info_dc_pac()
This is required in order to support netr_SamInfo6 and PAC_UPN_DNS_INFO
correctly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 22 Jul 2016 10:58:00 +0000 (12:58 +0200)]
WHATSNEW: add SmartCard/PKINIT improvements
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 16 Jan 2016 13:25:18 +0000 (14:25 +0100)]
s4:selftest: run the pkinit test in the ad_dc and ad_dc_ntvfs environment
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 21 Jul 2016 13:35:40 +0000 (15:35 +0200)]
s4:selftest: run test_pkinit_pac_heimdal.sh test
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 21 Jul 2016 13:34:50 +0000 (15:34 +0200)]
testprogs/blackbox: add test_pkinit_pac_heimdal.sh
This verifies that we have a PAC_CREDENTIAL_INFO element in the PAC
when using pkinit.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 2 Jun 2016 16:24:18 +0000 (18:24 +0200)]
test_pkinit_heimdal.sh: add some more tests regarding the UF_SMARTCARD_REQUIRED behavior
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 3 Jun 2016 19:46:13 +0000 (21:46 +0200)]
selftest/Samba: copy pkinit@$DOMAIN certificates to the environment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 3 Jun 2016 19:32:04 +0000 (21:32 +0200)]
selftest/manage-ca: update manage-CA-samba.example.com.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 3 Jun 2016 19:32:04 +0000 (21:32 +0200)]
selftest/manage-ca: add certificates for pkinit@[addom.]samba.example.com
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 3 Jun 2016 19:46:13 +0000 (21:46 +0200)]
selftest/Samba: remove compat admincert* files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 24 May 2016 00:40:00 +0000 (02:40 +0200)]
s4:dsdb/tests: add UF_SMARTCARD_REQUIRED tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 31 May 2016 14:39:06 +0000 (16:39 +0200)]
s4:dsdb/password_hash: add the UF_SMARTCARD_REQUIRED password reset magic
When UF_SMARTCARD_REQUIRED is set to an account we need to remove
the current password and add random NT and LM hashes (without updating
the pwdLastSet field.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 May 2016 21:20:39 +0000 (23:20 +0200)]
s4:kdc: provide a PAC_CREDENTIAL_INFO element for PKINIT logons
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 7 Jan 2016 16:25:26 +0000 (17:25 +0100)]
s4:kdc: correctly update the PAC in samba_wdc_reget_pac()
We need to keep unknown PAC elements and just copy them.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 20 May 2016 07:48:41 +0000 (09:48 +0200)]
s4:kdc: hook into heimdal's windc.pac_pk_generate hook
This allows PAC_CRENDENTIAL_INFO to be added to the PAC
when using PKINIT. In that case PAC_CRENDENTIAL_INFO contains
an encrypted PAC_CRENDENTIAL_DATA.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 20 May 2016 06:29:30 +0000 (08:29 +0200)]
HEIMDAL:kdc: add krb5plugin_windc_pac_pk_generate() hook
This allows PAC_CRENDENTIAL_INFO to be added to the PAC
when using PKINIT. In that case PAC_CRENDENTIAL_INFO contains
an encrypted PAC_CRENDENTIAL_DATA.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 20 May 2016 12:57:57 +0000 (14:57 +0200)]
HEIMDAL:kdc: reset e_text after successful pre-auth verification
This is already fixed in upstream heimdal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 7 Jan 2016 13:12:14 +0000 (14:12 +0100)]
HEIMDAL:lib/krb5: allow predefined PAC_{LOGON_NAME,PRIVSVR_CHECKSUM,SERVER_CHECKSUM} elements in _krb5_pac_sign()
A caller may want to specify an explicit order of PAC elements,
e.g. the PAC_UPN_DNS_INFO element should be placed after the PAC_LOGON_NAME
element.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is commit
7cd40a610569d5e54ebe323672794fb6415b5dac in heimdal master.
Stefan Metzmacher [Wed, 20 Jul 2016 08:12:45 +0000 (10:12 +0200)]
s4:torture/remote_pac: verify the order of PAC elements
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 21 Jul 2016 13:08:32 +0000 (15:08 +0200)]
auth/credentials: also do a shallow copy of the krb5_ccache.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Fri, 22 Jul 2016 14:12:25 +0000 (16:12 +0200)]
tevent: Add overflow protection to tevent_req_create
This adds 40 bytes, but they are needed for correctness :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jul 22 23:33:57 CEST 2016 on sn-devel-144
Volker Lendecke [Fri, 22 Jul 2016 14:06:45 +0000 (16:06 +0200)]
tevent: Save 140 bytes of .text in tevent_req_create
This is one of or hottest code paths, I think every bit counts here.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Fri, 22 Jul 2016 14:06:45 +0000 (16:06 +0200)]
tevent: Save 32 bytes of .text in tevent_req_create
This is one of or hottest code paths, I think every bit counts here.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 28 Jun 2016 22:35:16 +0000 (10:35 +1200)]
build: Add hints on what libraries to install for gpgme support on failure
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jul 22 19:51:09 CEST 2016 on sn-devel-144
Stefan Metzmacher [Mon, 27 Jun 2016 06:25:30 +0000 (08:25 +0200)]
WHATSNEW: recomment python-crypto and python-m2crypto
They're used for some samba-tool commands.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Wed, 17 Feb 2016 09:07:27 +0000 (10:07 +0100)]
WHATSNEW: add 'Password sync as active directory domain controller'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andrew Bartlett [Wed, 20 Jul 2016 04:45:34 +0000 (16:45 +1200)]
s4:torture/ndr: Add supplementalCredentials blob from Samba with the new SambaGPG blob
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 16 Feb 2016 02:19:58 +0000 (03:19 +0100)]
python:samba/tests: use 'samba-tool user {getpassword,syncpasswords}' with --decrypt-samba-gpg
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Tue, 12 Jan 2016 12:51:00 +0000 (13:51 +0100)]
selftest:Samba4: configure "password hash gpg key ids" for ad_dc (if available)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Tue, 16 Feb 2016 09:04:40 +0000 (10:04 +0100)]
s4:selftest: run samba.tests.samba_tool.user also against ad_dc:local
In future ad_dc_ntvfs and ad_dc will differ regarding the Primary:SambaGPG
password feature. So we should test both.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>