Joe Guo [Tue, 5 Jun 2018 22:37:20 +0000 (10:37 +1200)]
netcmd/domain: fix a typo in message
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Swen Schillig [Fri, 25 May 2018 06:23:17 +0000 (08:23 +0200)]
ctdb-daemon: CID
1435732: Argument cannot be negative
Negative parameter passed to function which cannot take negative values.
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Jun 6 01:13:18 CEST 2018 on sn-devel-144
Amitay Isaacs [Thu, 17 May 2018 03:32:37 +0000 (13:32 +1000)]
ctdb-common: Add support to run events through failure
Usually run_event will stop executing event scripts on first failure.
Optionally it can continue to run events even on failure(s).
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 10 May 2018 08:49:06 +0000 (18:49 +1000)]
ctdb-common: Reset running state on failure
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 10 May 2018 06:50:35 +0000 (16:50 +1000)]
ctdb-common: Improve error handling in run_event
If event script directory does not exist, then return ENOTDIR. If a
directory gets removed at runtime, report error from scandir in
get_script_list().
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 10 May 2018 02:43:24 +0000 (12:43 +1000)]
ctdb-common: Return script_list for zero scripts
When an event script directory is empty, do not return script_list as
NULL. Instead return empty script_list with zero scripts.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 10 May 2018 03:50:01 +0000 (13:50 +1000)]
ctdb-common: Rename run_event_script_list to run_event_list
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 9 May 2018 06:42:40 +0000 (16:42 +1000)]
ctdb-common: Do not initialize run_proc inside run_event
Allowing run_event_init() to take run_proc_context as an argument allows
to create multiple run_event instances with a single run_proc_context.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 9 May 2018 04:07:35 +0000 (14:07 +1000)]
ctdb-common: Simplify process registration using linked list
The way run_proc abstraction is used in run_event, there can be maximum
of 2 processes active at any given time. So the memory requirements
can be reduced by using a linked list.
New eventd will have multiple run_event instances but will be limited to
3 or 4. Even then the total number of processes will be less than 10.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Fri, 18 May 2018 01:44:11 +0000 (11:44 +1000)]
ctdb-tests: Continue running if a testcase is not executable
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Jun 5 20:37:15 CEST 2018 on sn-devel-144
Martin Schwenke [Fri, 18 May 2018 01:39:49 +0000 (11:39 +1000)]
Revert "ctdb-tests: Continue running if a testcase is not executable"
This reverts commit
36e7043fb16ac996793545022147f696caedee9c.
An recent change broke this and I forgot to test before posting. :-(
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 16 May 2018 02:18:46 +0000 (12:18 +1000)]
ctdb-scripts: Change directory for notifications to events/notification
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 15 May 2018 08:36:29 +0000 (18:36 +1000)]
ctdb-scripts: Event scripts must end with ".script" suffix
Preparation for recommending configuration for each script next to the
actual script.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 15 May 2018 03:39:15 +0000 (13:39 +1000)]
ctdb-scripts: Move event scripts to events/legacy/ directory
This is the initial location that will be used by the new
multi-component aware event daemon.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Andrew Bartlett [Sun, 3 Jun 2018 06:36:47 +0000 (18:36 +1200)]
dsdb: Honour LDB_FLG_NOSYNC for metadata.tdb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13462
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 4 20:58:01 CEST 2018 on sn-devel-144
Andrew Bartlett [Sun, 3 Jun 2018 06:35:15 +0000 (18:35 +1200)]
pyldb-samba: Use the same smb.conf variable name as the C wrapper users for LDB_FLG_NOSYNC
This was never noticed as most wrappers on make test run with TDB_NO_FSYNC
However ldb_mdb has not been told to use this (naturally) and so we rely
on the smb.conf setting to not force an fsync().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13461
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Martin Schwenke [Mon, 4 Jun 2018 05:13:59 +0000 (15:13 +1000)]
ctdb-docs: Update reference to lmaster/recmaster capability options
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Jun 4 12:37:39 CEST 2018 on sn-devel-144
Jeremy Allison [Fri, 1 Jun 2018 22:08:36 +0000 (15:08 -0700)]
s3: VFS: Remove unused enum value.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jun 2 03:03:42 CEST 2018 on sn-devel-144
Jeremy Allison [Thu, 31 May 2018 17:35:48 +0000 (10:35 -0700)]
s3: smbd: printing: Re-implement delete-on-close semantics for print files missing since 3.5.x.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13457
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 1 20:32:03 CEST 2018 on sn-devel-144
Jeremy Allison [Thu, 31 May 2018 17:18:21 +0000 (10:18 -0700)]
s3: torture: Add DELETE-PRINT test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13457
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Thu, 31 May 2018 19:16:21 +0000 (21:16 +0200)]
dns: Check for talloc_memdup failure
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 1 14:05:56 CEST 2018 on sn-devel-144
Volker Lendecke [Thu, 31 May 2018 19:11:16 +0000 (21:11 +0200)]
dns: TALLOC_FREE already checks for !=NULL
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Thu, 31 May 2018 18:57:36 +0000 (20:57 +0200)]
dns: Simplify logic a bit
We don't need a separate boolean variable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Thu, 31 May 2018 18:56:31 +0000 (20:56 +0200)]
dns: Simplify logic a bit
We've done an early return if (!found_tsig) a few lines before.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Wed, 30 May 2018 15:24:35 +0000 (17:24 +0200)]
dnsupdate: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Lukas Slebodnik [Sat, 21 Oct 2017 13:09:01 +0000 (15:09 +0200)]
ldb: Fix memory leak on module context
Introduced in
e8cdacc509016d9273d63faf334d9f827585c3eb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13459
Signed-off-by: Lukas Slebodnik <lslebodn@fedoraproject.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 1 11:10:24 CEST 2018 on sn-devel-144
Andrew Bartlett [Thu, 31 May 2018 18:42:24 +0000 (06:42 +1200)]
lib/audit_logging: Remove #ifdef HAVE_JANSSON from audit_logging_test binary
Instead, we either build or do not build the entire binary.
This is much more likely to raise an error in make test if the build system
changes. The concern is that HAVE_JANSSON can go away and the tests just vanish.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Andrew Bartlett [Thu, 31 May 2018 20:56:53 +0000 (08:56 +1200)]
lib/audit_logging: Make function prototypes look like the rest of Samba
The previous style is needed sometimes to avoid an 80-col limit, but
is not how most of Samba looks.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Gary Lockyer [Wed, 16 May 2018 20:03:00 +0000 (08:03 +1200)]
lib audit_logging: re-factor and add functions.
Re-factor the common calls to json_dumps DEBUGC and audit_message_send
into a separate function.
Add functions to retrieve json object and json array elements
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Sachin Prabhu [Fri, 20 Apr 2018 12:51:10 +0000 (13:51 +0100)]
s4-torture: add test for lease break after file unlink
When deleting a file, all leases granting handle caching lease to the
file should be recalled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13458
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 1 02:57:46 CEST 2018 on sn-devel-144
Gary Lockyer [Wed, 30 May 2018 02:45:03 +0000 (14:45 +1200)]
rpc_server backupkey: pass remote connection data
Ensure that the requesting session data is passed to the audit logging
module for BackupKey requests.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 31 12:35:15 CEST 2018 on sn-devel-144
Gary Lockyer [Wed, 30 May 2018 02:44:19 +0000 (14:44 +1200)]
rpc_server lsa: pass remote connection data
Ensure that the session details of the requesting user are available to
the audit logging module for the CreateSecret and OpenSecret operations.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 30 May 2018 02:43:25 +0000 (14:43 +1200)]
rpc_server: common routine to open ldb in system session
Add a function to open an ldb connection under the system session and
save the remote users session details in a ldb_opaque. This will allow
the audit logging to log the original session for operations performed
in the system session.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Thu, 24 May 2018 21:53:29 +0000 (09:53 +1200)]
dsdb acl: Copy dsdb_control_password_acl_validation into reply
Copy the dsdb_control_password_acl_validation into the reply so that it
is available to the audit_logging module. The audit logging module
uses it to differentiate between password change and reset operations.
We include it in the result for failed request to allow the logging of
failed attempts.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 4 Apr 2018 00:38:25 +0000 (12:38 +1200)]
cldap: clear remote address after cldap_dse_fill
Need to clear the remote address as the ldb handle is shared, and
changes made by internal processes would be logged as coming from the
last cldap requester
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Fri, 25 May 2018 03:21:33 +0000 (15:21 +1200)]
auth tests: irpc remove "auth_event" name on completion
Remove the "auth_event" name on completion of tests to prevent issues
with tests using messaging.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 19 Apr 2018 02:15:25 +0000 (14:15 +1200)]
sambatool: heuristics to decided whether colour is wanted
The easy cases are --color=yes and --color=no.
With --color=auto, we use color if it seems we're writing to a TTY.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 31 04:34:52 CEST 2018 on sn-devel-144
Douglas Bagnall [Thu, 19 Apr 2018 02:12:57 +0000 (14:12 +1200)]
python/colour: add colourizing and switch functions
When samba.colour is first imported, the function
colour.c_BLUE("samba")
will give you the string "\033[1;34msamba\033[0m", which will show up
as blue on an ANSI terminal. If you then go:
colour.switch_colour_off()
colour.c_BLUE("samba")
the c_BLUE call will return the uncoloured string "samba".
This is so things like samba-tool can do this sort of thing:
if not os.isatty(self.outf):
switch_colour_off()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 11 Mar 2018 23:45:25 +0000 (12:45 +1300)]
samba-tool drs: remove 'server' arg from commands without --server
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 11 Mar 2018 22:50:41 +0000 (11:50 +1300)]
samba-tool drs showrepl: remove unused search
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 19 Apr 2018 05:17:28 +0000 (17:17 +1200)]
samba-tool: be consistent in accepting -q for --quiet
Not all commands accept --quiet, and not all of those that do use it.
Some already accept -q, and it is not used anywhere for anything else.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 24 May 2018 05:03:22 +0000 (17:03 +1200)]
samba-tool: add -v to drs --verbose
Sometimes we accept -v for --verbose, sometimes we don't. Let's be a
bit more consistent.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 19 Apr 2018 04:56:28 +0000 (16:56 +1200)]
samba-tool: add -v to domain --verbose
Sometimes we accept -v for --verbose, sometimes we don't. Let's be a
bit more consistent.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 19 Apr 2018 04:43:50 +0000 (16:43 +1200)]
samba-tool dns cleanup_record: add missing verbose/quiet options
The code for using them is already there
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 19 Apr 2018 04:39:06 +0000 (16:39 +1200)]
python kcc/graph_utils: don't debug in colour
this was somewhat useful during the initial development, but is wrong for a library
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 16 May 2018 03:53:35 +0000 (15:53 +1200)]
kcc graph verifiers: improve messages
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 15 May 2018 02:40:36 +0000 (14:40 +1200)]
kcc graph verifier: use __doc__ description for error explanation
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 7 Jan 2018 09:17:43 +0000 (22:17 +1300)]
kcc graphs: site edges in colour, labeled with DNs
This makes it easy to see where the site edges objects are, and
what sites they refer too.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 22 Mar 2018 04:12:49 +0000 (17:12 +1300)]
ndr_misc: read syntax_id using strict util_str_hex functions
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 22 Mar 2018 04:57:05 +0000 (17:57 +1300)]
util_str_hex: use array syntax in guid functions to document usage
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 22 Mar 2018 04:54:55 +0000 (17:54 +1300)]
util/charset/iconv: use read_hex_bytes rather than sscanf
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 22 Mar 2018 03:49:29 +0000 (16:49 +1300)]
dsdb/util: use parse_guid_string, not sscanf()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 14 Mar 2018 23:01:10 +0000 (12:01 +1300)]
kcc.graph_utils: shift debug noise out of verify()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 11 Mar 2018 23:33:01 +0000 (12:33 +1300)]
samba-tool drs replicate: reformat drs_local_replicate method
line length.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 11 Mar 2018 23:29:28 +0000 (12:29 +1300)]
samba-tool drs replicate: make pseudo-method a real method
This function can't function without a cmd_drs_replicate class, so it might as well be inside
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 8 Mar 2018 04:42:18 +0000 (17:42 +1300)]
samba-tool visualise: --xdot option for instant graphviz visualisation
This is a convenience for people who have xdot (and X11).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 8 Mar 2018 01:29:40 +0000 (14:29 +1300)]
samba-tool viusalize: mark RODCs in distance matrix
RODCs should not be replicating out, which means they look alarming
when they are working properly. We label them as RODCs to reminds users
that no outbound replication is expected.
This results in slightly rejigged output formatting.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 7 Mar 2018 00:55:08 +0000 (13:55 +1300)]
samba-tool visualize ntdsconn: add --importldif option
This visualizes the NTDSConnections in an LDIF file exported via
`samba_kcc --exportldif`. This functionality is already available in a
roundabout way -- you can use `samba_kcc --import_ldif`, and use the
DB that generates. This just shortens the process.
The ldif import/export feature is useful for analysing AD networks
offsite without exposing too much sensitive data.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 22 Feb 2018 22:12:53 +0000 (11:12 +1300)]
samba-tool visualize tests: reduce noise on stdout
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 22 Feb 2018 22:11:27 +0000 (11:11 +1300)]
samba-tool visualize: group (and colour) DCs by site
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Wed, 30 May 2018 15:03:55 +0000 (17:03 +0200)]
selftest: Fix resolv_wrapper config variables
It can't really matter in this case, but it removes confusion
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 30 21:46:53 CEST 2018 on sn-devel-144
Ralph Boehme [Sat, 26 May 2018 16:32:21 +0000 (18:32 +0200)]
s3:smbd: don't allow renaming basefile if streams are open
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sun, 27 May 2018 11:03:25 +0000 (13:03 +0200)]
s3:locking: add file_has_open_streams()
This can be used to check if a file opened by fsp also has stream opens.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sun, 27 May 2018 11:01:50 +0000 (13:01 +0200)]
s3:smbd: add private option NTCREATEX_OPTIONS_PRIVATE_STREAM_BASEOPEN
This will be used to mark basefile opens of streams opens. This is
needed to later implement a function that can determine if a file has
stream opens.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 26 May 2018 16:33:00 +0000 (18:33 +0200)]
s4:torture/vfs/fruit: adjust test testing basefile rename to expect failure
Renaming a basefile that has open streams must fail with
NT_STATUS_ACCESS_DENIED.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 26 May 2018 14:07:14 +0000 (16:07 +0200)]
s4:torture/smb2/streams: try to rename basefile while is has open streams
This tests the following:
- create a file with a stream
- open the the stream and keep it open
- on a second connection, try to rename the basefile, this should fail
with NT_STATUS_ACCESS_DENIED
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 26 May 2018 14:30:47 +0000 (16:30 +0200)]
selftest: run smb2.streams tests against a share with vfs_streams_xattr
The tests are currently only run against streams_depot, where stream IO
is handle based, compared to streams_xattr which is path
based. vfs_streams_xattr is also used much more in real world setups, so
we should run our tests against it.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Tim Beale [Thu, 24 May 2018 03:27:45 +0000 (15:27 +1200)]
dsdb: Add log when ignoring a replicated object outside of partition
This is probably a note-worthy event for debugging purposes.
(Found while developing the domain rename functionality)
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 30 07:03:51 CEST 2018 on sn-devel-144
Andrew Bartlett [Thu, 24 May 2018 02:35:15 +0000 (14:35 +1200)]
selftest: Use samba.tests.create_test_ou() in replica_sync tests
This may avoid some flapping tests by ensuring that each part of this
test runs in a unique namespace, no matter what may be left behind
or revived via replication.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 28 May 2018 21:37:27 +0000 (09:37 +1200)]
selftest: Use samba.tests.create_test_ou() in repl_move tests
This may avoid some flapping tests by ensuring that each part of this
test runs in a unique namespace, no matter what may be left behind
or revived via replication.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 24 May 2018 08:28:13 +0000 (20:28 +1200)]
selftest: Make create_test_ou() return a ldb.Dn
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Gary Lockyer [Mon, 21 May 2018 02:31:57 +0000 (14:31 +1200)]
dsdb partition.c: Make partition_copy_all aysnc.
partition_copy_all uses ldb_wait to wait for the update to the primary
partition to complete, when updating a special dn. If a module higher
up the chain inserts a callback, the code blocks in ldb_wait and does
not complete. This change replaces the ldb_wait logic with a callback.
Currently there is no code that triggers this bug, however the up coming
audit logging changes do trigger this bug.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 19 Mar 2018 23:58:02 +0000 (12:58 +1300)]
ldb: Release ldb 1.4.0
* New LMDB backend (experimental)
* Comprehensive tests for index behaviour
* Enforce transactions for writes
* Enforce read lock use for all reads
* Fix memory leak in paged_results module.
We hold at most 10 outstanding paged result cookies
(bug #13362)
* Fix compiler warnings
* Python3 improvements
* Restore --disable-python build
* Fix for performance regression on one-level searches
(bug #13448)
* Samba's subtree_rename could fail to rename some entries
(bug #13452)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 23 May 2018 05:31:03 +0000 (17:31 +1200)]
selftest: Add test to show that sam.ldb does not do a full scan in startup
We should add some other more complex operations here.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13448
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Wed, 23 May 2018 05:15:38 +0000 (17:15 +1200)]
ldb: Add tests for when we should expect a full scan
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13448
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 28 May 2018 22:04:29 +0000 (10:04 +1200)]
ldb: One-level search was incorrectly falling back to full DB scan
When no search filter is specified, the code falls back to using
'(|(objectClass=*)(distinguishedName=*)'. ltdb_index_dn() then failed
because matching against '*' is not indexed. The error return then
caused the code to fallback to a full-scan of the DB, which could have a
considerable performance hit.
Instead, we want to continue on and do the ltdb_index_filter() over the
indexed results that were returned.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13448
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 28 May 2018 02:12:52 +0000 (14:12 +1200)]
ldb: Explain why an entry can vanish from the index
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 28 May 2018 01:02:16 +0000 (13:02 +1200)]
ldb: Indicate that the ltdb_dn_list_sort() in list_union is a bit subtle.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 28 May 2018 01:01:18 +0000 (13:01 +1200)]
ldb: Save a copy of the index result before calling the callbacks.
Otherwise Samba modules like subtree_rename can fail as they modify the
index during the callback.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13452
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Sun, 27 May 2018 23:17:34 +0000 (11:17 +1200)]
subtree_rename: Correct comments
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Sun, 27 May 2018 22:56:21 +0000 (10:56 +1200)]
dsdb: Remove sort from subtree_delete and add comments.
The sort was written back when the module did not operate recursivly
over the tree. Now it is just confusing, so replace with useful
comments.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Sun, 27 May 2018 21:28:36 +0000 (09:28 +1200)]
selftest: Lock down the expected parents in BasicTreeDeleteTests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13448
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Sun, 27 May 2018 20:44:51 +0000 (08:44 +1200)]
selftest: Rework BasicDeleteTests.test_all() into setUp() and a test
This will allow running multiple tests against the same tree. This tree
is very similar to the tree produced by the KCC test that simply does a
tree_delete, and I want to lock down the tree_delete behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13448
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 28 May 2018 22:40:56 +0000 (10:40 +1200)]
samldb: Explain why the odd error code is expected.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 28 May 2018 22:39:39 +0000 (10:39 +1200)]
samldb: Add useful error string to explain why a group may not be deleted.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Tim Beale [Mon, 28 May 2018 22:46:50 +0000 (10:46 +1200)]
tests: Fix intermittent error in PSO test
Deleting a group fails if the primaryGroupID of a user is set to that of
the group. This can happen in the PSO tests, as we don't clear the
primaryGroupID before cleaning up. Normally it seems to work OK, but
this is relying purely on the subtree delete order.
Update the test to clear the primaryGroupID before the tearDown is
called, to make things more robust.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13448
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 29 May 2018 22:06:54 +0000 (10:06 +1200)]
repl_meta_data: Cope with the strange but unusual case of isDeleted: FALSE in replmd_process_linked_attribute()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13448
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 29 May 2018 04:52:14 +0000 (16:52 +1200)]
repl_meta_data: Remove el_count from replmd_delete_internals()
Instead, use the actual found attribute (less error prone).
This is an attempt to fix:
./source4/dsdb/repl/replicated_objects.c:945 Failed to prepare commit of transaction:
attribute isDeleted: invalid modify flags on CN=g1_1527558311141,CN=Users,DC=samba,DC=example,DC=com: 0x0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 29 May 2018 04:50:16 +0000 (16:50 +1200)]
s4-repl: Try to give more information in the error codes for prepare_commit failure.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Tue, 29 May 2018 04:14:45 +0000 (16:14 +1200)]
ldb: Reset error string before running prepare_commit() hook
This ensures that the error string returned to the caller reflects a failure in this call.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Ralph Boehme [Thu, 17 May 2018 14:48:09 +0000 (16:48 +0200)]
vfs_fruit: delete 0 byte size streams if AAPL is enabled
macOS SMB server uses xattrs as storage backend for streams, directly
exposing xattr get/set characteristics. Setting EOF on a stream to 0
just deletes the xattr as macOS doesn't support 0-byte sized xattrs.
Note that this does not apply to the AFP_AfpInfo and AFP_Resource
streams, they have even stranger semantics and we have other tests
for those.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 30 02:34:29 CEST 2018 on sn-devel-144
Ralph Boehme [Thu, 17 May 2018 14:43:49 +0000 (16:43 +0200)]
s4:torture: test setting EOF of a stream to 0 with enabled AAPL extensions
macOS SMB server uses xattrs as storage backend for streams, directly
exposing xattr get/set characteristics. Setting EOF on a stream to 0
just deletes the xattr as macOS doesn't support 0-byte sized xattrs.
Note that this does not apply to the AFP_AfpInfo and AFP_Resource
streams, they have even stranger semantics and we have other tests
for those.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13441
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Fri, 18 May 2018 23:36:21 +0000 (01:36 +0200)]
s4:torture/vfs/fruit: decrease large resource fork size in test from 1 GB to 64 MB
64 MB is a more realistic value and lets the test pass on FreeBSD with
fruit:resource=stream and vfs_streams_xattr.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
William Brown [Sat, 19 May 2018 02:19:58 +0000 (12:19 +1000)]
python/samba/netcmd/schema.py: samdb schema update now
When we change schema values, we should trigger a schema update to refresh
the changes applied. This is called after a change is made. A helper to
samdb is added so that it's easier for other locations to call additionally.
Signed-off-by: William Brown <william@blackhats.net.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 29 08:30:52 CEST 2018 on sn-devel-144
William Brown [Mon, 28 May 2018 00:30:39 +0000 (10:30 +1000)]
python/samba/tests/samba_tool/schema.py: Improve schema command testing
Assert the correct stdout content of the schema test commands.
Signed-off-by: William Brown <william@blackhats.net.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
William Brown [Sun, 29 Apr 2018 01:28:42 +0000 (13:28 +1200)]
python/samba/netcmd/schema.py: add schema show_oc for attribute
Often administrators need to add a specific attribute to an object, but
it may not be possible with the objectClasses present. This tool allows
searching "what objectclasses must or may?" take an attribute to help hint
to an administrator what objectclasses can be added to objects to achieve
the changes they want.
Signed-off-by: William Brown <william@blackhats.net.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
William Brown [Sat, 28 Apr 2018 05:22:29 +0000 (15:22 +1000)]
python/samba/netcmd/schema.py: add schema query and management.
Schema management in active directory is complex and dangerous. Having
a tool that safely wraps administrative tasks as well as allowing query
of the schema will make this complex topic more accessible to administrators.
Signed-off-by: William Brown <william@blackhats.net.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
William Brown [Thu, 26 Apr 2018 03:59:06 +0000 (13:59 +1000)]
python/samba/netcmd/group.py: add group show
The samba-tool user command can show the ldif of a user. This is
useful for groups also, especially to determine the objectSID and
objectGUID. Add support for group show to samba-tool.
Signed-off-by: William Brown <william@blackhats.net.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
William Brown [Wed, 25 Apr 2018 07:36:17 +0000 (17:36 +1000)]
python/samba/netcmd/{forest.py,main.py}: add configuration controls
With samba-tool we should expose ways to easily administer and control
common configuration options. This adds the base framework for modifying
forest settings, generally stored in cn=configuration partition.
An example is:
samba-tool forest directory_service show
samba-tool forest directory_service dsheuristics X
Signed-off-by: William Brown <william@blackhats.net.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 28 May 2018 10:35:20 +0000 (22:35 +1200)]
torture: Cope with WINBINDD_SHOW_SEQUENCE failure for fake trusts
This test has been flapping and we should not be checking the
sequence number of remote trusts in a loop like this. We can write
a test against the trusts we specifically set up if we want to check
remote sequence numbers (and connectivity) against actually working
domains.
When flapping the previous version of the test gave:
WARNING!: ../source4/torture/winbind/struct_based.c:812: WINBINDD_SHOW_SEQUENCE returned 0, expected 1: WINBINDD_SHOW_SEQUENCE
WARNING!: WINBINDD_SHOW_SEQUENCE on domain torturedom failed
Trust list for WINBINDD_SHOW_SEQUENCE was:
BUILTIN
S4MEMBER
SAMBADOMAIN
torturedom
WARNING!: ../source4/torture/winbind/struct_based.c:812: WINBINDD_SHOW_SEQUENCE returned 0, expected 1: WINBINDD_SHOW_SEQUENCE
WARNING!: WINBINDD_SHOW_SEQUENCE on domain TORTURE302 failed
Trust list for WINBINDD_SHOW_SEQUENCE was:
BUILTIN
S4MEMBER
SAMBADOMAIN
TORTURE302
TORTURE306
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 29 02:31:40 CEST 2018 on sn-devel-144