Stefan Metzmacher [Mon, 9 Jul 2018 10:33:34 +0000 (12:33 +0200)]
s3:messages: make the loop in msg_dgm_ref_recv() more robust against stale pointers
The interaction between msg_dgm_ref_recv() and msg_dgm_ref_destructor()
doesn't allow two references from messaging_dgm_ref() to be free'd
during the loop in msg_dgm_ref_recv().
In addition to the global 'refs' list, we also need to
have a global 'next_ref' pointer, which can be adjusted in
msg_dgm_ref_destructor().
As AD DC we hit this when using irpc in auth_winbind,
which uses imessaging_client_init().
In addition to the main messaging_dgm_ref() in smbd,
source3/auth/auth_samba4.c: prepare_gensec() and
make_auth4_context_s4() also generate a temporary
imessaging_context for auth_context->msg_ctx from within
auth_generic_prepare().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13514
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 10 Jul 2018 14:21:55 +0000 (16:21 +0200)]
s4:messaging: add local.messaging.multi_ctx.multi_ctx test
This tests the usage of multiple imessaging_contexts in one process
and also freeing two of them during a message handler.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13514
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Thu, 21 Jun 2018 04:31:03 +0000 (06:31 +0200)]
python/tests: make the test_assoc_group_fail2() test more resilient against timing
On a busy system [e]poll() on the server will mark both the
old connection fd and also the listening fd as readable.
epoll() returns the events in order, so the server processes the
disconnect first.
With poll() we don't have an order of the events and the
server is likely to process the connect before the disconnect.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Tue, 19 Jun 2018 08:35:04 +0000 (10:35 +0200)]
ctdb: close the correct pipe fd in a test
This was discovered in an autobuild with a patched tevent that used the
"poll" backend by default. Test failure:
$ bin/sock_daemon_test /dev/shm/sock_daemon_test.pid /dev/shm/sock_daemon_test.sock 5
test5[28011]: daemon started, pid=28011
test5[28011]: listening on /dev/shm/sock_daemon_test.sock
sock_daemon_test: ../ctdb/tests/src/sock_daemon_test.c:980: test5: Assertion `ret == i+1' failed.
Abgebrochen (Speicherabzug geschrieben)
metze@SERNOX14:~/devel/samba/4.0/master4-test$ test5[28011]: PID 28010 gone away, exiting
test5[28011]: Shutting down
sock_daemon_test: ../ctdb/tests/src/sock_daemon_test.c:964: test5:
Assertion `ret == EINTR' failed.
After an epic debugging session we spotted the problem.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Gary Lockyer [Tue, 10 Jul 2018 01:57:18 +0000 (13:57 +1200)]
WHATSNEW add entries audit logging and lmdb.
Add WHATSNEW entries for dsdb, password and group change audit logging,
as well as the ldb lmdb backend
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 10 12:53:54 CEST 2018 on sn-devel-144
Christof Schmitt [Tue, 26 Jun 2018 20:32:28 +0000 (13:32 -0700)]
heimdal: Fix build with system provided heimdal library
Trying to compile with a system provided heimdal library
results in this compile error:
[ 876/3043] Compiling source4/auth/kerberos/srv_keytab.c
In file included from /usr/include/heimdal/krb5.h:949:0,
from ../lib/replace/system/kerberos.h:33,
from ../source4/auth/kerberos/srv_keytab.c:31:
/usr/include/heimdal/krb5-protos.h:3894:1: error: unknown type name ‘HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE’; did you mean ‘_WARN_UNUSED_RESULT_’?
HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_WARN_UNUSED_RESULT_
/usr/include/heimdal/krb5-protos.h:3895:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘krb5_generate_random’
krb5_generate_random (
The problem is that Samba provides a minimal krb5-types.h file
for the internal build that gets used during the build with
the system provided heimdal library. As the minimal file
does not provide all definitions, the build fails.
Fix this by having the krb-types.h file simply include the
include file from the system library, if the build is done
using the system provided heimdal library.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 10 07:30:26 CEST 2018 on sn-devel-144
Tim Beale [Sun, 8 Jul 2018 21:44:30 +0000 (09:44 +1200)]
netcmd: Add sanity-check for invalid domain rename args
We are suggesting to users that it's safe to run a renamed domain in
parallel with the old backed-up domain. However, this would not be the
case if the user (foolishly) "renames" their domain using the exact same
NetBIOS name or DNS realm.
Using the same DNS realm fails later on (updating the dnsRoot values),
but using the same NetBIOS name actually succeeds. While we can't make
samba tools completely idiot-proof, we can protect users from the most
basic of (potentially unintended) errors with some simple sanity-checks.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Fri, 6 Jul 2018 03:59:31 +0000 (15:59 +1200)]
selftest: Add a 'LABDC' testenv to mimic a preproduction test-bed
One of the use-cases for the domain rename tool is to produce a lab
domain that can be used for pre-production testing of Samba.
Basically this involves taking a backup rename with --no-secrets (which
scrubs any sensitive info), and then restoring it.
This patch adds a testenv that mimics how a user would go about creating
a lab-domain. We run the same tests that we run against the restore and
rename testenvs.
Note that the rpc.echo tests for the testallowed and testdenied users
fail, because we don't backup the secrets for these users. So these
tests failing proves that the lab-DC testenv is correct.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Thu, 5 Jul 2018 22:35:03 +0000 (10:35 +1200)]
netcmd: Add brief log file of what the backup actually contains
There are now several different permutations of backup file that can be
created (i.e. online, rename, with/without secrets). Hopefully the admin
users would organize their backup files sensibly, but it can't hurt to
keep track of what the backup-file actually contains in a simple
human-readable file within the backup tar. E.g. We really don't want
backups with secrets-included and secrets-excluded getting mixed up.
Recording the DC used to make the domain backup may be useful in the
event of a catastrophic failure of the domain, e.g. DC replication may
have been broken for some time prior to the failure.
Recording the samba-tool version string may also be useful if there are
ever any backwards-compatibility issues introduced to the backup files.
The intention is to say we only support restoring a backup with the same
version of samba-tool that actually created the backup, however, it'd be
polite to users to actually record that version somewhere.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Thu, 5 Jul 2018 02:33:22 +0000 (14:33 +1200)]
netcmd: Add no-secrets option to domain backups
By default we include all the domain's secrets in the backup file. This
patch adds an extra option to exclude these secrets. In particular, this
is for the use case of creating a lab domain (where you might not feel
comfortable with the secrets for all your users being present).
Mostly this just involves passing the correct option to the join/clone.
I've also made sure that a password is also set for the Admin user
(samba does seem to start up without one set, but this behaviour is
closer to what happens during a provision).
The tests have been extended to use the new option, and to assert that
secrets are/aren't included as expected for some of the builtin testenv
users.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 4 Jul 2018 22:36:51 +0000 (10:36 +1200)]
README.Coding disable include sorting in clang format
Update the clang format configuration to disable include sorting. This
is enabled by default and breaks samba code.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Jul 10 04:40:51 CEST 2018 on sn-devel-144
David Disseldorp [Sun, 8 Jul 2018 23:40:58 +0000 (01:40 +0200)]
Revert "s3/service: convert lp_force_group() to const"
This reverts commit
c53646bccd87ef3b3133d3f7526ef85591909528.
As mentioned by Andrew, we shouldn't break environments where
"force group" has been configured to use substituted variables.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 10 00:12:19 CEST 2018 on sn-devel-144
David Disseldorp [Sun, 8 Jul 2018 23:36:11 +0000 (01:36 +0200)]
Revert "s3/service: convert lp_force_user() to const"
This reverts commit
c58194e3d296f4e14e7689bdf192c561635ae161.
As mentioned by Andrew, we shouldn't break environments where
"force user" has been configured to use substituted variables.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Bailey Berro [Tue, 26 Jun 2018 20:13:39 +0000 (13:13 -0700)]
libsmbclient: Initialize written in cli_splice_fallback()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13511
Signed-off-by: Bailey Berro <baileyberro@chromium.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jul 9 21:29:48 CEST 2018 on sn-devel-144
Jeremy Allison [Fri, 6 Jul 2018 18:46:44 +0000 (11:46 -0700)]
libsmbclient: Initialize written value before use.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13511
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Andreas Schneider [Thu, 5 Jul 2018 16:02:48 +0000 (18:02 +0200)]
winbind_krb5_localauth: Fix a compiler warning
This can't used uninitialized but some compiler complains about it.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jul 7 16:24:30 CEST 2018 on sn-devel-144
Ralph Boehme [Fri, 2 Mar 2018 14:50:29 +0000 (15:50 +0100)]
s3: smbd/durable: remove dev and inode check from vfs_default_durable_reconnect_check_stat()
On a cluster filesystem the device numbers may differ on the cluster
nodes. We already verify the file_id in vfs_default_durable_reconnect(),
so we can safely remove the dev/inode checks.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13318
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt via samba-technical [Thu, 28 Jun 2018 18:50:13 +0000 (11:50 -0700)]
lib:charset: Fix error messages from charset conversion
When e.g. trying to access a filename through Samba that does not adhere
to the encoding configured in 'unix charset', the log will show the
encoding problem, followed by "strstr_m: src malloc fail". The problem
is that strstr_m assumes that any failure from push/pull_ucs2_talloc is
a memory allocation problem, which is not correct.
Address this by removing the misleading messages and add a missing
message in convert_string_talloc_handle.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 27 Jun 2018 11:07:00 +0000 (13:07 +0200)]
s3: smbd: fix a check in stat_cache_add()
As the comment above the if condition says:
/*
* If we are in case insentive mode, we don't need to
* store names that need no translation - else, it
* would be a waste.
*/
Ie if stat_cache_add() is called as
stat_cache_add("foo/bar", "foo/bar", false)
There's no need to cache the path, as a simple stat() on the client
supplied name (full_orig_name) matches the name used in the
filesystem (passed to stat_cache_add() as translated_path).
So fix the if condition to match the comment.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Fri, 6 Jul 2018 11:31:43 +0000 (13:31 +0200)]
docs/vfs_ceph: add CTDB_SAMBA_SKIP_SHARE_CHECK=yes caveat
Mostly copied from the vfs_gluster manpage: the CephFS share path is not
locally mounted, which breaks the ctdb_check_directories_probe() check.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 6 23:19:02 CEST 2018 on sn-devel-144
David Disseldorp [Thu, 5 Jul 2018 15:18:15 +0000 (17:18 +0200)]
vfs_ceph: don't lie about flock support
Instead, match vfs_gluster behaviour and require that users explicitly
disable "kernel share modes".
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13506
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Mon, 25 Jun 2018 00:28:41 +0000 (02:28 +0200)]
s3/loadparm: fix a few talloc stackframe leaks
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Mon, 25 Jun 2018 00:22:31 +0000 (02:22 +0200)]
s3/service: convert lp_force_user() to const
Avoid set_conn_force_user_group() talloc stackframe leaks in doing so.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Mon, 25 Jun 2018 00:08:25 +0000 (02:08 +0200)]
s3/service: convert lp_force_group() to const
set_conn_force_user_group() and change_to_user_internal() leak onto
the callers' talloc stackframe. Drop the unnecessary heap allocations.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Mon, 25 Jun 2018 00:19:34 +0000 (02:19 +0200)]
s3/uid: use lp_const_servicename() where possible
The majority of these lp_servicename(talloc_tos(), ...) callers leak
onto the talloc stackframe. Drop the unnecessary heap allocations.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Sun, 24 Jun 2018 23:59:33 +0000 (01:59 +0200)]
s3/service: use lp_const_servicename() where possible
The majority of these lp_servicename(talloc_tos(), ...) callers leak
onto the talloc stackframe. Drop the unnecessary heap allocations.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 6 Jul 2018 12:07:37 +0000 (14:07 +0200)]
nsswitch: Use a swtich in the wbinfo test to lookup users
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul 6 17:14:44 CEST 2018 on sn-devel-144
Amitay Isaacs [Thu, 5 Jul 2018 03:40:33 +0000 (13:40 +1000)]
ctdb-tests: Avoid segfault by initializing logging
This is in addition to
af697008531.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Jul 5 15:22:16 CEST 2018 on sn-devel-144
Amitay Isaacs [Wed, 4 Jul 2018 07:45:45 +0000 (17:45 +1000)]
ctdb-common: Fix CID 437606
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Andrew Bartlett [Tue, 3 Jul 2018 00:28:27 +0000 (12:28 +1200)]
selftest: Use a longer self.account_lockout_duration and self.lockout_observation_window
This matches the changes made in the PSO tests and slows down the
whole testsuite but may make it more reliable on slower build hosts.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jul 5 12:29:31 CEST 2018 on sn-devel-144
Andrew Bartlett [Tue, 3 Jul 2018 00:27:24 +0000 (12:27 +1200)]
selftest: Use self.account_lockout_duration in self.update_lockout_settings for password_lockout tests
This allows the account_lockout_duration and
lockout_observation_window to be updated with longer values to cope
with slower build servers.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Timur I. Bakeyev [Fri, 22 Jun 2018 04:36:07 +0000 (12:36 +0800)]
Document that vfs_full_audit defaults are "none" for the successful and failed operations.
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Timur I. Bakeyev [Fri, 22 Jun 2018 04:19:42 +0000 (12:19 +0800)]
Make "none" the default setting for the successful and failed operations in the vfs_full_audit, so you don't blow up your server by just adding this module to the configuration.
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Timur I. Bakeyev [Sun, 1 Jul 2018 23:05:36 +0000 (01:05 +0200)]
Make sure that vfs*audit modules recognize and accept all the syslog facilities.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13436
Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Amitay Isaacs [Thu, 21 Jun 2018 08:02:06 +0000 (18:02 +1000)]
ctdb-tests: Switch to using new event daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Jul 5 09:39:33 CEST 2018 on sn-devel-144
Amitay Isaacs [Thu, 21 Jun 2018 07:16:07 +0000 (17:16 +1000)]
ctdb-daemon: Add client code to talk to new event daemon
This fixes the build and now new eventd is integrated completely in CTDB.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 21 Jun 2018 06:44:02 +0000 (16:44 +1000)]
ctdb-protocol: Remove protocol for old event daemon
This breaks the build. The new eventd protocol cannot be introduced without
removing the old eventd protocol.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 21 Jun 2018 06:56:43 +0000 (16:56 +1000)]
ctdb-client: Remove client code for old event daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 21 Jun 2018 07:02:54 +0000 (17:02 +1000)]
ctdb-tools: Remove old event daemon tool
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 21 Jun 2018 06:41:16 +0000 (16:41 +1000)]
ctdb-daemon: Remove old event daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 21 Jun 2018 06:42:47 +0000 (16:42 +1000)]
ctdb-tests: Remove tests for old event daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 21 Jun 2018 07:02:09 +0000 (17:02 +1000)]
ctdb-tools: Switch to using new event daemon tool
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 21 Jun 2018 06:38:01 +0000 (16:38 +1000)]
ctdb-daemon: Switch to starting new event daemon
From this patch onwards, CTDB daemon is broken till the client code for
new eventd is integrated. This requires getting rid of the old eventd
protocol and client code and then switching to the new eventd protocol
and client code.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 4 May 2018 08:08:08 +0000 (18:08 +1000)]
ctdb-event: Add tests for event daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 4 May 2018 07:18:39 +0000 (17:18 +1000)]
ctdb-tests: Rename eventd testsuite to ctdb_eventd
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 26 Apr 2018 08:46:27 +0000 (18:46 +1000)]
ctdb-event: Add event daemon client tool
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 24 Apr 2018 07:22:42 +0000 (17:22 +1000)]
ctdb-event: Add event daemon client code
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Sat, 3 Mar 2018 15:11:16 +0000 (02:11 +1100)]
ctdb-event: Add event daemon implementation
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 15 Feb 2018 06:33:12 +0000 (17:33 +1100)]
ctdb-event: Add event daemon protocol
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 6 Feb 2018 05:42:39 +0000 (16:42 +1100)]
ctdb-common: Add client pid to connect callback in sock_daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 5 Mar 2018 05:45:42 +0000 (16:45 +1100)]
ctdb-tests: Separate testing code for basic data types
This will be used for testing other daemons' protocol code.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 26 Apr 2018 07:37:03 +0000 (17:37 +1000)]
ctdb-build: Add ctdb prefix to build target
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 1 Mar 2018 07:20:19 +0000 (18:20 +1100)]
ctdb-protocol: Separate protocol-basic subsystem
This includes marshalling code for basic data types. This will be used
by other daemons.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Andrew Bartlett [Wed, 4 Jul 2018 23:09:50 +0000 (11:09 +1200)]
autobuild: Fix random-sleep.sh invocation in autobuild.py
The scripts were not running with the correct path and this causes sn-devel to hit
a very high load as many of the compile jobs start at once.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Jul 5 06:51:26 CEST 2018 on sn-devel-144
Douglas Bagnall [Thu, 5 Jul 2018 01:49:23 +0000 (13:49 +1200)]
samba_tool_showrepl_pull_summary_all_good is flapping
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 4 Jul 2018 23:01:58 +0000 (11:01 +1200)]
samba-tool drs showrepl test: turn subprocess error into failure
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Wed, 4 Jul 2018 01:23:59 +0000 (13:23 +1200)]
netcmd: Use dbcheck to fix DB problems introduced by restore itself
As part of the restore process, we remove all the old DCs from the DB.
However, this introduces some dbcheck errors - there are some DN
attributes and one-way links that reference the deleted objects that
need fixing up. To resolve this, we can run dbcheck as part of the
restore process. This problem affects both renames and plain restores.
The dbcheck.sh test didn't spot this problem because it fixes this type
of DB error first, before it checks the DB.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Tue, 3 Jul 2018 01:55:53 +0000 (13:55 +1200)]
tests: Add new tests for backup-rename command
Extend the existing 'backup online' tests to also test the domain
rename case. This mostly involves some extra assertions that the
restored DB has been modified appropriatelt (i.e. domain NetBIOS
name is updated, etc).
I've also added an extra test case that creates a few objects and
links and specifically asserts that they get renamed appropriately.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Sun, 10 Jun 2018 23:02:11 +0000 (11:02 +1200)]
selftest: Add dedicated RENAMEDC testenv for 'backup rename'
Add a new testenv that's similar to the existing restoredc, except we
use 'backup rename' to rename the domain as we back it up.
Restoring this backup then proves that a valid DC can be started from a
renamed backup.
Run the same sub-set of RESTOREDC tests to prove that the new testenv is
sound.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Sun, 10 Jun 2018 23:18:09 +0000 (11:18 +1200)]
netcmd: Extend 'backup restore' command to handle renamed domains
When restoring a renamed domain backup, we need to register the new
realm's DNS zone. We do this in the restore step because we don't know
the new server's IP/hostname in the backup step.
Because we may have removed the old realm's DNS entries in the rename
step, the remove_dc() code may fail to find the expected DNS entries for
the DC's domain (the DCs' dnsHostname still maps to the old DNS realm).
We just needed to adjust remove_dns_references() as it was getting a
slightly different error code.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Wed, 13 Jun 2018 00:22:19 +0000 (12:22 +1200)]
netcmd: Add 'samba-tool domain backup rename' command
Add a new command that takes a clone of the domain's DB, and renames the
domain as well. (We rename the domain during the clone because it's
easier to implement - the DRS code handles most of the renaming for us,
as it applies the received replication chunks).
The new option is similar to an online backup, except we also do the
following:
- use the new DCCloneAndRenameContext code to clone the DB
- run dbcheck to fix up any residual old DNs (mostly objectCategory
references)
- rename the domain's netBIOSName
- add dnsRoot objects for the new DNS realm
- by default, remove the old realm's DNS objects (optional)
- add an extra backupRename marker to the backed-up DB. In the restore
code, if the backup was renamed, then we need to register the new
domain's DNS zone at that point (we only know the new DC's host IP
at the restore stage).
Note that the backup will contain the old DC entries that still use the
old dnsHostname, but these DC entries will all be removed during the
restore, and a new DC will be added with the correct dnsHostname.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Tue, 3 Jul 2018 01:43:29 +0000 (13:43 +1200)]
tests: Tweak the backup online tests so they're generic
Update backup-online tests to be more generic. We can then re-use the
common framework for other types of backups (offline, rename), and just
change what's specific to those particular cases.
This change includes asserting the restored backup's domain/realm are
correct, which we weren't doing previously but makes sense.
The new 'return samdb' is for convenience, so that child classes can
easily extend the checks we run over the restored DB.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Wed, 13 Jun 2018 02:09:06 +0000 (14:09 +1200)]
drs_utils: Always set the GET_TGT flag for clone renames
The DCCloneAndRenameContext replication was a little inefficient, in
that it would essentially replicate the entire DB twice. This was due to
resolving the link targets - it finds a target object it doesn't know
about, so retries the entire replication again with the GET_TGT flag set
this time.
Normally, the repl_meta_data code will use the target object's GUID,
however, it can't do this for cross-partition links (if it hasn't
replicated the target partition yet). The repl_md code can normally
detect that the link is a cross-parition link by checking the base-DN,
however, this doesn't work in the DCCloneAndRenameContext case because
we have renamed the base-DN.
This is not a big deal - it just means extra work. However, because the
domains being backed up could potentially be quite large, it probably
makes sense to just always set the GET_TGT in the rename case and skip
this extra work.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Mon, 11 Jun 2018 04:50:28 +0000 (16:50 +1200)]
join: Add more framework for renaming a domain
Add a DCCloneContext subclass which will rename the DB objects as they
get cloned. This uses the drs_ReplicateRenamer class added to drs_utils
in an earlier patch. Where the drs_Replicate object currently gets
created has been split out into a simple new function, which we can then
override in the rename case.
The other important difference is overriding the provision step, so that
we use the new domain-DN/realm when setting up the initial SAM DB (and
smb.conf, secrets.ldb, etc).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Amitay Isaacs [Tue, 3 Jul 2018 04:45:39 +0000 (14:45 +1000)]
uid_wrapper: Be strict when checking __attribute__ features
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Jul 5 03:01:33 CEST 2018 on sn-devel-144
Amitay Isaacs [Tue, 3 Jul 2018 04:45:24 +0000 (14:45 +1000)]
resolv_wrapper: Be strict when checking __attribute__ features
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Amitay Isaacs [Tue, 3 Jul 2018 04:45:04 +0000 (14:45 +1000)]
pam_wrapper: Be strict when checking __attribute__ features
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Amitay Isaacs [Tue, 3 Jul 2018 04:44:48 +0000 (14:44 +1000)]
nss_wrapper: Be strict when checking __attribute__ features
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Amitay Isaacs [Tue, 3 Jul 2018 04:36:33 +0000 (14:36 +1000)]
replace: Be strict when checking __attribute__ features
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Amitay Isaacs [Tue, 3 Jul 2018 04:36:16 +0000 (14:36 +1000)]
socket_wrapper: Be strict when checking __attribute__ features
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Amitay Isaacs [Tue, 3 Jul 2018 04:34:29 +0000 (14:34 +1000)]
wafsamba: Be strict when checking __attribute__ features
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Amitay Isaacs [Tue, 3 Jul 2018 03:56:13 +0000 (13:56 +1000)]
wafsamba: Add strict option to CHECK_CODE
Some compilers (e.g. xlc) ignores unsupported features, generates a
warning, but does not fail compilation.
This ensures that any compiler warnings are treated as errors and the
feature support is correctly identified. This adds equivalent compiler
option to -Werror for xlc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Amitay Isaacs [Tue, 26 Jun 2018 08:39:09 +0000 (18:39 +1000)]
ctdb-daemon: Set environment variable if running in interactive mode
CTDB_INTERACTIVE will be used to tell the other daemons if the ctdb daemon
is started in interactive mode. This is primarily used only for testing.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 21 Jun 2018 07:57:02 +0000 (17:57 +1000)]
ctdb-daemon: Avoid closing stdin when running in interactive mode
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 21 Jun 2018 10:00:41 +0000 (20:00 +1000)]
ctdb-tests: Avoid segfault by initializing logging
Setting DEBUGLEVEL before calling debug_init() causes segmentation
violation with gcc8. DEBUGLEVEL_CLASS is statically initialized to
debug_class_list_initial which is defined as const. Only after
debug_init() is called, DEBUGLEVEL_CLASS becomes a talloc'd array.
So before modifying DEBUGLEVEL, ensure debug_init() is called via
setup_logging(). (debug_init is a static function.)
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 3 Jul 2018 04:08:22 +0000 (14:08 +1000)]
ctdb-common: Use correct return type for tevent_queue_add_entry
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Andreas Schneider [Mon, 2 Jul 2018 14:38:01 +0000 (16:38 +0200)]
s3:winbind: Do not lookup local system accounts in AD
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul 4 23:55:56 CEST 2018 on sn-devel-144
Andreas Schneider [Mon, 2 Jul 2018 14:18:52 +0000 (16:18 +0200)]
nsswitch: Add tests to lookup user via getpwnam
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Tue, 3 Jul 2018 13:30:33 +0000 (15:30 +0200)]
lib: smb_threads: fix access before init bug
talloc_stackframe_internal() calls SMB_THREAD_GET_TLS(global_ts) which
calls smb_get_tls_pthread() in the POSIX pthread wrapper implementation.
If SMB_THREAD_SET_TLS() hasn't been called before, global_ts is NULL and
smb_get_tls_pthread dereferences it so it crashes.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13505
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Mulder [Mon, 7 May 2018 15:48:32 +0000 (09:48 -0600)]
samba-gpupdate: Change machine option to target
On a Windows client, you designate machine/user
apply with a 'target' parameter. This change
makes gpupdate work more like that command.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 4 13:23:09 CEST 2018 on sn-devel-144
David Mulder [Mon, 7 May 2018 15:45:32 +0000 (09:45 -0600)]
samba_gpoupdate: Rename the command to samba-gpupdate
On a Windows client, this command is called 'gpupdate'
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Amit Kumar [Mon, 25 Jun 2018 13:00:39 +0000 (18:30 +0530)]
MAN: Adding entry for net ads lookup
There is no man page description for net ads lookup.
This PR adds entry for the same.
Signed-off-by: Amit Kumar amitkuma@redhat.com
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 4 07:38:04 CEST 2018 on sn-devel-144
Andrew Bartlett [Tue, 3 Jul 2018 23:45:14 +0000 (11:45 +1200)]
samba-tool drs showrepl: correctly report failing repsFrom
Hopefully this fixes the flapping test.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 4 04:43:39 CEST 2018 on sn-devel-144
Ralph Boehme [Fri, 29 Jun 2018 06:00:10 +0000 (08:00 +0200)]
s3: lib/ctdbd_conn: include .h, not .c
Probably a copy/paste mistake. Detected by a failing autobuild on
sn-devel and a local make test:
Build failed: default/examples/libsmbclient/testbrowse2: Symbol
tevent_req_is_unix_error linked in multiple libraries
['samba-cluster-support', 'tevent-util']
UNEXPECTED(failure): wafsamba.duplicate_symbols.duplicate_symbols(none)
Wonder why this didn't fail before in autobuild.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul 4 01:19:50 CEST 2018 on sn-devel-144
Björn Jacke [Mon, 12 Mar 2018 17:44:38 +0000 (18:44 +0100)]
build: bundle and reduce huge number of EA function tests
It's sufficient to check for one basic function of an EA implementation and a
use a single ifdef for each group of EA functions. This makes more sense than
checking for each EA function on each platform.
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 3 13:24:51 CEST 2018 on sn-devel-144
Tim Beale [Tue, 5 Jun 2018 22:04:29 +0000 (10:04 +1200)]
drs_utils: Add infrastructure to support 'clone with rename'
Our end goal is to create a backup clone of a DB, but rename the
domain/realm so we can startup the backup DC without interferring with
the existing Samba network. The basic strategy to do this is to leverage
DRS replication - by renaming the first object in the partition, all
subsequent objects will automatically be renamed.
This patch adds the infrastructure to do this. I've used object
inheritance to handle the special case of renaming the partition
objects. This means the domain-rename special case doesn't really
pollute the existing DRS replication code. All it needs is a small
refactor to create a new 'process_chunk()' function that the new
sub-class can then override.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Tim Beale [Thu, 21 Jun 2018 03:04:00 +0000 (15:04 +1200)]
tests: Add a sub-set of tests to show the restored DC is sound
+ Add a new ldapcmp_restoredc.sh test that asserts that the original DC
backed up (backupfromdc) matches the new restored DC.
+ Add a new join_ldapcmp.sh test that asserts we can join a given DC,
and that the resulting DB matches the joined DC
+ Add a new login_basics.py test that sanity-checks Kerberos and NTLM
user login works. (This reuses the password_lockout base code, without
taking as long as the password_lockout tests do). Basic LDAP and SAMR
connections are also tested as a side-effect.
+ run the netlogonsvc test against the restored DC to prove we can
establish a netlogon connection.
+ run the same subset of rpc.echo tests that we do for RODC
+ run dbcheck over the new testenvs at the end of the test run
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Tim Beale [Tue, 29 May 2018 04:05:02 +0000 (16:05 +1200)]
selftest: Add testenv for testing backup/restore
This adds a new testenv for testing that a DC created using the
samba-tool backup/restore can actually be started up. This actually
requires 2 new testenvs:
1. A 'backupfromdc' that solely exists to make a online backup of.
2. A 'restoredc' which takes the backup, and then uses the backup file
to do a restore, which we then start the DC based on.
The backupfromdc is just a plain vanilla AD DC. We use a separate test
env purely for this purpose, because the restoredc will use the same
domain (and so using an existing testenv would potentially interfere
with existing test cases).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Aaron Haslett [Mon, 11 Jun 2018 07:13:35 +0000 (19:13 +1200)]
tests: Add tests for the domain backup online/restore commands
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Aaron Haslett [Mon, 30 Apr 2018 23:11:01 +0000 (11:11 +1200)]
netcmd: domain backup restore command
Add a command option that restores a backup file. This is only intended
for recovering from a catastrophic failure of the domain. The old domain
DCs are removed from the DB and a new DC is added.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Aaron Haslett [Mon, 30 Apr 2018 23:10:11 +0000 (11:10 +1200)]
netcmd: domain backup online command
This adds a samba-tool command that can be run against a remote DC to
produce a backup-file for the current domain. The backup stores similar
info to what a new DC would get if it joined the network.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Tim Beale [Thu, 28 Jun 2018 22:40:58 +0000 (10:40 +1200)]
join: Remove unnecessary clone_only flag
For the clone-only case, we have been avoiding a block of code in the
DCJoinContext's __init__(). The main reason we do this is because the
netbios_name is None for clones, and this block of code tries to derive
a bunch of values based on the netbios_name (otherwise, a few lines into
this block, it tries to do NoneType.lower(), which Python doesn't like
very much).
This code is not particularly clone-specific - it is just never going to
work if the netbios_name is None. So we can change the conditional
check, which allows us to get rid of the clone_only flag.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Jul 3 08:12:10 CEST 2018 on sn-devel-144
Tim Beale [Mon, 11 Jun 2018 04:33:19 +0000 (16:33 +1200)]
join: Refactor clone_only case to simplify code
Currently for DC clones, we create a regular DCJoinContext, se a
'clone_only' flag, and then make lots of special checks for this flag
throughout the code. Instead, we can use inheritance to create a
DCCloneContext sub-class, and put the specialization there.
This means we can remove all the 'clone_only' checks from the code. The
only 2 methods that really differ are do_join() and join_finalize(), and
these don't share much code at all. (To avoid duplication, I split the
first part of do_join() into a new build_nc_lists() function, but this
is a pretty trivial code move).
We still pass the clone_only flag into the __init__() as there's still
one case where we want to avoid doing work in the case of the clone.
For clarity, I'll refactor this in a subsequent patch.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Tim Beale [Mon, 25 Jun 2018 05:21:00 +0000 (17:21 +1200)]
join: Rename dc_join() so it looks like an object
dc_join() is creating an object, but it currently looks like it's
just a function call. Rename it to look more object-like.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Aaron Haslett [Mon, 30 Apr 2018 23:10:11 +0000 (11:10 +1200)]
join: Pipe through dns_backend option for clones
Allow join_clone() calls to specify a dns_backend parameter for the new
cloned DB.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Tim Beale [Sun, 10 Jun 2018 21:14:06 +0000 (09:14 +1200)]
provision: Small refactor to host-IP logic
Split out the code that determines the host-IP of the new server into
separate functions. This will allow us to re-use the same logic in the
backup/restore case.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Tim Beale [Fri, 25 May 2018 02:05:27 +0000 (14:05 +1200)]
dbchecker: Fixing up incorrect DNs wasn't working
dbcheck would fail to fix up attributes where the extended DN's GUID is
correct, but the DN itself is incorrect. The code failed attempting to
remove the old/incorrect DN, e.g.
NOTE: old (due to rename or delete) DN string component for
objectCategory in object CN=alice,CN=Users,DC=samba,DC=example,DC=com -
<GUID=
7bfdf9d8-62f9-420c-8a71-
e3d3e931c91e>;
CN=Person,CN=Schema,CN=Configuration,DC=samba,DC=bad,DC=com
Change DN to <GUID=
7bfdf9d8-62f9-420c-8a71-
e3d3e931c91e>;
CN=Person,CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com?
[y/N/all/none] y
Failed to fix old DN string on attribute objectCategory : (16,
"attribute 'objectCategory': no matching attribute value while deleting
attribute on 'CN=alice,CN=Users,DC=samba,DC=example,DC=com'")
The problem was the LDB message specified the value to delete with its
full DN, including the GUID. The LDB code then helpfully corrected this
value on the way through, so that the DN got updated to reflect the
correct DN (i.e. 'DC=example,DC=com') of the object matching that GUID,
rather than the incorrect DN (i.e. 'DC=bad,DC=com') that we were trying
to remove. Because the requested value and the existing DB value didn't
match, the operation failed.
We can avoid this problem by passing down just the DN (not the extended
DN) of the value we want to delete. Without the GUID portion of the DN,
the LDB code will no longer try to correct it on the way through, and
the dbcheck operation will succeed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13495
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 29 Jun 2018 02:53:19 +0000 (14:53 +1200)]
dbcheck: Use symbolic control name for DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS
While we do not wish to encourage use of this control, manually typed OIDs are
even more trouble, so pass out via pydsdb.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Martin Schwenke [Tue, 26 Jun 2018 09:51:00 +0000 (19:51 +1000)]
ctdb-tests: Teach strace packet parser about non-octal escapes
strace output also encodes characters 7 to 13 as \a, \b, \t, \n, \v,
\f, \r.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Jul 2 11:30:29 CEST 2018 on sn-devel-144
Martin Schwenke [Tue, 26 Jun 2018 10:12:23 +0000 (20:12 +1000)]
ctdb-daemon: Only consider client ID for local database attach
The comment immediately above this code says "don't allow local
clients to attach" and then looks up the client ID regardless of
whether the request is local or remote.
This means that an intentional remote attach from a client will not
work correctly. No real client should ever do that since clients
attach so they an access databases locally. Perhaps some sanity
checks should be added.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13500
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>