Bob Campbell [Sun, 18 Dec 2016 23:27:31 +0000 (12:27 +1300)]
torture/drs: test link replication with hwm and utdv
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bob Campbell [Thu, 15 Dec 2016 01:23:58 +0000 (14:23 +1300)]
torture/drs: move ExopBaseTest into DrsBaseTest and extend
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Mon, 19 Sep 2016 12:40:42 +0000 (14:40 +0200)]
s3-rpc_client: Pass NULL as no password
GENSEC expects NULL as no password.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Dec 20 17:37:56 CET 2016 on sn-devel-144
Andreas Schneider [Sat, 1 Oct 2016 09:27:54 +0000 (11:27 +0200)]
auth/credentials: Add NULL check to free_dccache()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Sat, 1 Oct 2016 09:25:44 +0000 (11:25 +0200)]
auth/credentials: Add NULL check in free_mccache()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 6 Oct 2016 07:22:29 +0000 (09:22 +0200)]
auth/credentials: Move function to free ccaches to the top
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 6 Oct 2016 06:16:57 +0000 (08:16 +0200)]
auth/credentials: Add talloc NULL check in cli_credentials_set_principal()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 14 Dec 2016 10:23:10 +0000 (11:23 +0100)]
WHATSNEW: Add some information about ID mapping
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Dec 20 11:40:07 CET 2016 on sn-devel-144
Andreas Schneider [Wed, 14 Dec 2016 07:25:45 +0000 (08:25 +0100)]
WHATSNEW: Add Printing changes
Signed-off-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 14 Dec 2016 07:15:38 +0000 (08:15 +0100)]
WHATSNEW: Use capital K for Kerberos
Signed-off-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 18 Nov 2016 18:02:30 +0000 (18:02 +0000)]
HEIMDAL:lib/krb5: Harden _krb5_derive_key()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Fri, 18 Nov 2016 18:02:30 +0000 (18:02 +0000)]
HEIMDAL:lib/krb5: Harden ARCFOUR_sub{en,de}crypt()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 22 Nov 2016 12:53:53 +0000 (13:53 +0100)]
HEIMDAL:lib/krb5: use krb5_verify_checksum() in krb5_c_verify_checksum()
This allows the optimized checksum->verify() function to be used.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 22 Nov 2016 12:42:31 +0000 (13:42 +0100)]
HEIMDAL:lib/krb5: move checksum vs. enctype checks into get_checksum_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 22 Nov 2016 16:08:46 +0000 (17:08 +0100)]
CVE-2016-2126: auth/kerberos: only allow known checksum types in check_pac_checksum()
aes based checksums can only be checked with the
corresponding aes based keytype.
Otherwise we may trigger an undefined code path
deep in the kerberos libraries, which can leed to
segmentation faults.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12446
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 23 Nov 2016 10:44:22 +0000 (11:44 +0100)]
CVE-2016-2125: s4:gensec_gssapi: don't use GSS_C_DELEG_FLAG by default
This disabled the usage of GSS_C_DELEG_FLAG by default, as
GSS_C_DELEG_POLICY_FLAG is still used by default we let the
KDC decide if we should send delegated credentials to a remote server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Stefan Metzmacher [Wed, 23 Nov 2016 10:42:59 +0000 (11:42 +0100)]
CVE-2016-2125: s3:gse: avoid using GSS_C_DELEG_FLAG
We should only use GSS_C_DELEG_POLICY_FLAG in order to let
the KDC decide if we should send delegated credentials to
a remote server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Stefan Metzmacher [Wed, 23 Nov 2016 10:41:10 +0000 (11:41 +0100)]
CVE-2016-2125: s4:scripting: don't use GSS_C_DELEG_FLAG in nsupdate-gss
This is just an example script that's not directly used by samba,
but we should avoid sending delegated credentials to dns servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Volker Lendecke [Sat, 5 Nov 2016 20:22:46 +0000 (21:22 +0100)]
CVE-2016-2123: Fix DNS vuln ZDI-CAN-3995
Thanks to Trend Micro's Zero Day Initiative and Frederic Besler for finding
this vulnerability with a PoC and a good analysis.
Signed-off-by: Volker Lendecke <vl@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12409
Stefan Metzmacher [Fri, 28 Oct 2016 10:14:37 +0000 (12:14 +0200)]
s3:user_auth_info: let struct user_auth_info use struct cli_credentials internally
This way we can have a very simple get_cmdline_auth_info_creds() function,
which can be used pass cli_credentials down the stack instead of
constantly translating from user_auth_info to cli_credentials, while
loosing information.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 20 04:57:05 CET 2016 on sn-devel-144
Stefan Metzmacher [Fri, 9 Dec 2016 15:04:38 +0000 (16:04 +0100)]
s3:popt_common: let POPT_COMMON_CREDENTIALS imply logfile and conffile loading
All users of POPT_COMMON_CREDENTIALS basically need the same logic,
while some ignore a broken smb.conf and some complain about it.
This will allow the future usage of config options in the
credential post processing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 15 Dec 2016 14:30:28 +0000 (15:30 +0100)]
tests/credentials.py: demonstrate the last 'username' line of creds.parse_file() beats other lines
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 15 Dec 2016 11:41:58 +0000 (12:41 +0100)]
auth/credentials: change the parsing order of cli_credentials_parse_file()
We now first just remember the domain, realm, username, password values
(the last value wins).
At the end we call cli_credentials_set_{realm,domain,password}()
followed by cli_credentials_parse_string() for 'username'.
It means the last 'username' line beats the domain, realm or password lines, e.g.:
username=USERDOMAIN\username
domain=DOMAIN
will result in cli_credentials_get_domain() returning "USERDOMAIN" instead of
DOMAIN.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 15 Dec 2016 13:01:35 +0000 (14:01 +0100)]
tests/credentials.py: verify the new cli_credentials_parse_file() 'username' parsing
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sun, 11 Dec 2016 21:50:53 +0000 (22:50 +0100)]
auth/credentials: let cli_credentials_parse_file() handle 'username' with cli_credentials_parse_string()
Some existing source3 tests (test_smbclient_s3.sh test_auth_file()) use a credentials file
that looks like this:
username=DOMAIN/username
password=password
domain=DOMAIN
This change allows us to parse the same.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 15 Dec 2016 13:12:31 +0000 (14:12 +0100)]
tests/credentials.py: add tests to verify realm/principal behaviour of cli_credentials_parse_string()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 14 Dec 2016 15:47:57 +0000 (16:47 +0100)]
auth/credentials: let cli_credentials_parse_string() always reset principal and realm
If we reset username we need to reset principal if it was set at the same level.
If domain is reset we also need to use it as realm if realm
was set at the same level. Otherwise we'd build a principal
that belongs to a different user, which would not work
and only increment the wrong lockout counter and result
in wrong authorization tokens to be used.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 9 Dec 2016 11:20:19 +0000 (12:20 +0100)]
auth/credentials: let cli_credentials_parse_string() always reset username and domain
If cli_credentials_parse_string() is used we should no longer use
any guessed values and need to make sure username and domain
are reset if principal and realm are set.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 15 Dec 2016 13:49:18 +0000 (14:49 +0100)]
tests/credentials.py: add tests with a realm from smb.conf
As we don't want to create a new smb.conf file
we just simulate it with "creds.set_realm(realm, credentials.UNINITIALISED)".
That's basically the same as the cli_credentials_set_conf() behaviour
if a realm is specified in the configuration.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 15 Dec 2016 10:04:02 +0000 (11:04 +0100)]
auth/credentials: handle situations without a configured (default) realm
We should not have cli_credentials_get_realm() return "" without a
configured (default) realm in smb.conf.
Note that the existing tests with creds.get_realm() == lp.get("realm")
also work with "" as string.
At the same time we should never let cli_credentials_get_principal()
return "@REALM.EXAMPLE.COM" nor "username@".
If cli_credentials_parse_string() gets "OTHERDOMAIN\username"
we must not use cli_credentials_get_realm() to generate
a principal unless cli_credentials_get_domain() returns
also "OTHERDOMAIN". What we need to do is using
username@OTHERDOMAIN as principal, whild we still
use cli_credentials_get_realm to get a default kdc,
(which may route us to the correct kdc with WRONG_REALM
messages).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 15 Dec 2016 10:37:33 +0000 (11:37 +0100)]
auth/credentials: add python bindings for enum credentials_obtained
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 15 Dec 2016 09:30:29 +0000 (10:30 +0100)]
tests/credentials.py: add very simple test for py_creds_parse_file
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 15 Dec 2016 09:06:25 +0000 (10:06 +0100)]
auth/credentials: add py_creds_parse_file()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 15 Dec 2016 08:42:20 +0000 (09:42 +0100)]
tests/credentials.py: verify the difference of parse_string("someone") and parse_string("someone%")
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 15 Dec 2016 08:34:45 +0000 (09:34 +0100)]
tests/credentials.py: add test for cli_credentials_set_password_will_be_nt_hash()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 14 Dec 2016 09:02:10 +0000 (10:02 +0100)]
auth/credentials: add cli_credentials_set_password_will_be_nt_hash() and the related logic
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 14 Dec 2016 07:52:12 +0000 (08:52 +0100)]
auth/credentials: let cli_credentials_set_password() fail if talloc_strdup() fails
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 14 Dec 2016 07:50:51 +0000 (08:50 +0100)]
auth/credentials: make use of talloc_zero() in cli_credentials_init()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 13 Dec 2016 22:58:48 +0000 (11:58 +1300)]
s4-rpc_server: Add braces to better follow coding style
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 21 Nov 2016 00:31:39 +0000 (13:31 +1300)]
s4-netlogon: Push the netlogon server in the AD DC into multiple processes
This allows the NETLOGON server to scale better, as it is often a bottleneck
What we are doing here is keeping the forced single process only for
other servers that declare they use DCE/RPC handles.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 13 Nov 2016 21:15:39 +0000 (10:15 +1300)]
selftest: Use 'rpc server port:netlogon' and 'rpc server port' smb.conf option
We need this because once we make NETLOGON run in multiple processes,
it will need its own port, and socket_wrapper can not currently allocate
and ephemeral port. It also tests the option, which others have asked be
made available to firewall drsuapi.
Likewise the 'rpc server port' option is used to confirm it
functions for the default port'.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@samba.org>
Andrew Bartlett [Sun, 13 Nov 2016 21:11:05 +0000 (10:11 +1300)]
s4-rpc_server: Do not check association groups for NETLOGON
If this RPC server is not going to use handles (actually a generic
flag) then do not check the assocation group provided. This in turn
allows us to easily make NETLOGON run in multiple processes.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 17 Oct 2016 21:36:51 +0000 (10:36 +1300)]
s4-rpc_server: Allow listener for RPC servers to use multiple processes
To do this we must get the ncacn_ip_tcp listener to split out (for example)
netlogon onto a distinct port, so we change the registration code to split up each
ncacn_ip_tcp registration to create a new interface for indicated services.
The new option "rpc server port" allows control of the default port and
"rpc server port:netlogon" (also valid for any other pipe from the IDL name)
allows us to both work around limitations in socket_wrapper against
double-binding and allows specification of the port by the administrator.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 13 Nov 2016 22:24:03 +0000 (11:24 +1300)]
s4-rpc_server: Allow each interface to declare if it uses handles
This will allow the NETLOGON server in the AD DC to declare that it does not use
handles, and so allow some more flexibility with association groups
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 13 Dec 2016 20:38:28 +0000 (09:38 +1300)]
s4-rpc_server: Add comments explaining the control flow around dcesrv_bind()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 3 Nov 2016 14:11:29 +0000 (15:11 +0100)]
s3:utils: Use cli_cm_force_encryption() instead of cli_force_encryption()
This allows SMB3 encryption instead of returning NT_STATUS_NOT_SUPPORTED.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Dec 19 13:41:15 CET 2016 on sn-devel-144
Stefan Metzmacher [Thu, 3 Nov 2016 14:11:29 +0000 (15:11 +0100)]
s3:libsmb: Use cli_cm_force_encryption() instead of cli_force_encryption()
This allows SMB3 encryption instead of returning NT_STATUS_NOT_SUPPORTED.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 16 Dec 2016 00:26:29 +0000 (01:26 +0100)]
s3:libsmb: don't let cli_session_creds_init() overwrite the default domain with ""
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 8 Dec 2016 11:11:45 +0000 (12:11 +0100)]
s3:libsmb: split out a cli_session_creds_prepare_krb5() function
This can be used temporarily to do the required kinit if we use kerberos
and the password has been specified.
In future this should be done in the gensec layer on demand, but there's
more work attached to doing it in the gensec_gse module.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 9 Dec 2016 08:49:17 +0000 (09:49 +0100)]
s3:torture/masktest: masktest only works with SMB1 currently
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 9 Dec 2016 08:49:17 +0000 (09:49 +0100)]
s3:torture/masktest: Use cli_tree_connect_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 9 Dec 2016 08:06:21 +0000 (09:06 +0100)]
s3:torture: Use cli_tree_connect_creds() where we may use share level auth
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 9 Dec 2016 08:48:06 +0000 (09:48 +0100)]
s3:lib/netapi: Use lp_client_ipc_max_protocol() in libnetapi_open_ipc_connection()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Martin Schwenke [Sat, 10 Dec 2016 22:09:44 +0000 (09:09 +1100)]
ctdb-tests: Remove the python LCP2 simulation
It isn't used anywhere and doesn't contain some of the optimisations
that have since gone into the C code.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Dec 19 07:58:45 CET 2016 on sn-devel-144
Martin Schwenke [Fri, 9 Dec 2016 08:19:49 +0000 (19:19 +1100)]
ctdb-takeover: Drop unused ctdb_takeover_run() and related code
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 9 Dec 2016 05:21:39 +0000 (16:21 +1100)]
ctdb-recoverd: Integrate takeover helper
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 9 Dec 2016 04:04:03 +0000 (15:04 +1100)]
ctdb-recoverd: Generalise helper state, handler and launching
These can also be used for takeover handler.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 6 Dec 2016 22:42:46 +0000 (09:42 +1100)]
ctdb-tests: Add tests for takeover helper
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 13 Dec 2016 20:18:57 +0000 (07:18 +1100)]
ctdb-tests: New function unit_test_notrace()
Avoids valgrind and such, so a function can be passed.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 10 Nov 2016 05:47:38 +0000 (16:47 +1100)]
ctdb-takeover: Add takeover helper
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 15 Dec 2016 03:09:16 +0000 (14:09 +1100)]
ctdb-takeover: IPAllocAlgorithm replaces LCP2PublicIPs, DeterministicIPs
Introduce a single new tunable IPAllocAlgorithm to set the IP
allocation algorithm. This defaults to 2 for LCP2 IP address
allocation.
Tunables LCP2PublicIPs and DeterministicIPs are obsolete.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sat, 10 Dec 2016 09:03:38 +0000 (20:03 +1100)]
ctdb-takeover: NoIPHostOnAllDisabled is global across cluster
Instead of gathering the value from all nodes, just use the value on
the recovery master and have it affect all nodes.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sat, 10 Dec 2016 08:39:11 +0000 (19:39 +1100)]
ctdb-takeover: NoIPTakeover is global across cluster
Instead of gathering the value from all nodes, just use the value on
the recovery master and have it affect all nodes.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sat, 10 Dec 2016 03:50:21 +0000 (14:50 +1100)]
ctdb-docs: Document that tunables should be set the same on all nodes
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 7 Dec 2016 00:52:30 +0000 (11:52 +1100)]
ctdb-tests: Add faking of control failures/timeouts to fake_ctdbd
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 5 Dec 2016 08:11:13 +0000 (19:11 +1100)]
ctdb-tests: Add IPREALLOCATED control to fake_ctdbd
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 5 Dec 2016 01:58:08 +0000 (12:58 +1100)]
ctdb-tests: Add TAKEOVER_IP control to fake_ctdbd
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 5 Dec 2016 01:53:53 +0000 (12:53 +1100)]
ctdb-tests: Add RELEASE_IP control to fake_ctdbd
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sat, 3 Dec 2016 14:04:39 +0000 (01:04 +1100)]
ctdb-tests: Add tool tests for "ctdb ip"
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sat, 3 Dec 2016 14:01:48 +0000 (01:01 +1100)]
ctdb-tests: Implement GET_PUBLIC_IPS control in fake_ctdbd
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 5 Dec 2016 00:08:39 +0000 (11:08 +1100)]
ctdb-tests: Add tool tests for "ctdb ipinfo"
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sat, 3 Dec 2016 14:02:24 +0000 (01:02 +1100)]
ctdb-tests: Implement GET_PUBLIC_IP_INFO control in fake_ctdbd
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sat, 3 Dec 2016 13:59:29 +0000 (00:59 +1100)]
ctdb-tests: Factor out get_ctdb_iface_list()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sat, 3 Dec 2016 06:11:25 +0000 (17:11 +1100)]
ctdb-tests: Add public IP state to fake_ctdbd
Read it via a PUBLICIPS section.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sat, 3 Dec 2016 05:20:01 +0000 (16:20 +1100)]
ctdb-tests: Factor out reading of known public IP addresses
One change in behaviour is to actually copy the known IPs per node
instead of just assigning the pointer. When this is used by
fake_ctdbd the resulting structure will be used to keep state for
individual nodes, so data for nodes needs to be independent.
Also, drop some asserts in the factored code and do (slightly) better
error handling.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 8 Dec 2016 00:41:31 +0000 (11:41 +1100)]
ctdb-tests: Allow FAKE_CTDBD_DEBUGLEVEL to be specified
This is useful for debugging when doing developer testing.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 12 Dec 2016 05:43:43 +0000 (16:43 +1100)]
ctdb-tests: Make fake_ctdbd use logging_init()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 10 Nov 2016 05:11:12 +0000 (16:11 +1100)]
ctdb-client: Add available-only option public IP fetching
Update tool accordingly.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 10 Nov 2016 05:09:24 +0000 (16:09 +1100)]
ctdb-protocol: Move CTDB_PUBLIC_IP_FLAGS_ONLY_AVAILABLE to protocol.h
The protocol code needs it.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Amitay Isaacs [Sat, 17 Sep 2016 14:24:47 +0000 (00:24 +1000)]
ctdb-daemon: Remove ctdb_event_helper
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sun Dec 18 18:10:50 CET 2016 on sn-devel-144
Amitay Isaacs [Fri, 16 Sep 2016 10:06:07 +0000 (20:06 +1000)]
ctdb-daemon: Switch to using event daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Sat, 27 Aug 2016 07:26:28 +0000 (17:26 +1000)]
ctdb-daemon: Add functions to talk to event daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 16 Sep 2016 08:44:37 +0000 (18:44 +1000)]
ctdb-daemon: Refactor check for valid events during recovery
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 12 Sep 2016 01:33:02 +0000 (11:33 +1000)]
ctdb-protocol: Deprecate eventscript controls
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 23 Nov 2016 01:28:24 +0000 (12:28 +1100)]
ctdb-protocol: Drop marshaling for eventscript controls
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 12 Sep 2016 01:32:20 +0000 (11:32 +1000)]
ctdb-client: Drop client code for eventscript controls
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 12 Sep 2016 01:25:11 +0000 (11:25 +1000)]
ctdb-daemon: Drop implementation of eventscript controls
Following controls are now implemented by event daemon
- RUN_EVENTSCRIPTS
- GET_EVENT_SCRIPT_STATUS
- ENABLE_SCRIPT
- DISABLE_SCRIPT
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 12 Sep 2016 01:31:35 +0000 (11:31 +1000)]
ctdb-tool: Drop disablescript, enablescript and eventscript commands
These commands are now replaced with ctdb event ...
ctdb scriptstatus is maintained for backward compatibility.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 21 Nov 2016 03:52:41 +0000 (14:52 +1100)]
ctdb-tool: Add new command "event" to ctdb tool
This command covers all the commands to event daemon.
ctdb event run <event>
ctdb event status [<event>] [lastrun|lastfail|lastpass]
ctdb event script list
ctdb event script enable <script>
ctdb event script disable <script>
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 6 Sep 2016 08:53:02 +0000 (18:53 +1000)]
ctdb-tests: Add tests for event daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 21 Nov 2016 06:39:02 +0000 (17:39 +1100)]
ctdb-tool: Add helper for talking to event daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 31 Aug 2016 15:07:47 +0000 (01:07 +1000)]
ctdb-client: Add client api for eventd communication
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Sat, 27 Aug 2016 07:26:52 +0000 (17:26 +1000)]
ctdb-eventd: Add event script handling daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 31 Aug 2016 07:02:55 +0000 (17:02 +1000)]
ctdb-protocol: Add marshalling for eventd protocol
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 31 Aug 2016 05:49:27 +0000 (15:49 +1000)]
ctdb-protocol: Add data types for eventd communication
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Sat, 3 Sep 2016 13:27:23 +0000 (23:27 +1000)]
ctdb-common: Add sock_daemon abstraction
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 16 Sep 2016 06:13:18 +0000 (16:13 +1000)]
ctdb-common: Add generic socket I/O
This is a generic socket read/write to be used in the ctdb daemon.
It is based on ctdb_io.c and comm.c.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 30 Aug 2016 07:33:42 +0000 (17:33 +1000)]
ctdb-common: Add run_proc abstraction
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 31 Aug 2016 05:46:45 +0000 (15:46 +1000)]
ctdb-protocol: Add marshalling for int32_t
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 30 Aug 2016 15:33:38 +0000 (01:33 +1000)]
ctdb-protocol: Fix marshalling of string with length
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>