nivanova/samba-autobuild/.git
2 years agoselftest: Add a 'LABDC' testenv to mimic a preproduction test-bed
Tim Beale [Fri, 6 Jul 2018 03:59:31 +0000 (15:59 +1200)]
selftest: Add a 'LABDC' testenv to mimic a preproduction test-bed

One of the use-cases for the domain rename tool is to produce a lab
domain that can be used for pre-production testing of Samba.
Basically this involves taking a backup rename with --no-secrets (which
scrubs any sensitive info), and then restoring it.

This patch adds a testenv that mimics how a user would go about creating
a lab-domain. We run the same tests that we run against the restore and
rename testenvs.

Note that the rpc.echo tests for the testallowed and testdenied users
fail, because we don't backup the secrets for these users. So these
tests failing proves that the lab-DC testenv is correct.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agonetcmd: Add brief log file of what the backup actually contains
Tim Beale [Thu, 5 Jul 2018 22:35:03 +0000 (10:35 +1200)]
netcmd: Add brief log file of what the backup actually contains

There are now several different permutations of backup file that can be
created (i.e. online, rename, with/without secrets). Hopefully the admin
users would organize their backup files sensibly, but it can't hurt to
keep track of what the backup-file actually contains in a simple
human-readable file within the backup tar. E.g. We really don't want
backups with secrets-included and secrets-excluded getting mixed up.

Recording the DC used to make the domain backup may be useful in the
event of a catastrophic failure of the domain, e.g. DC replication may
have been broken for some time prior to the failure.

Recording the samba-tool version string may also be useful if there are
ever any backwards-compatibility issues introduced to the backup files.
The intention is to say we only support restoring a backup with the same
version of samba-tool that actually created the backup, however, it'd be
polite to users to actually record that version somewhere.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agonetcmd: Add no-secrets option to domain backups
Tim Beale [Thu, 5 Jul 2018 02:33:22 +0000 (14:33 +1200)]
netcmd: Add no-secrets option to domain backups

By default we include all the domain's secrets in the backup file. This
patch adds an extra option to exclude these secrets. In particular, this
is for the use case of creating a lab domain (where you might not feel
comfortable with the secrets for all your users being present).

Mostly this just involves passing the correct option to the join/clone.
I've also made sure that a password is also set for the Admin user
(samba does seem to start up without one set, but this behaviour is
closer to what happens during a provision).

The tests have been extended to use the new option, and to assert that
secrets are/aren't included as expected for some of the builtin testenv
users.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoREADME.Coding disable include sorting in clang format
Gary Lockyer [Wed, 4 Jul 2018 22:36:51 +0000 (10:36 +1200)]
README.Coding disable include sorting in clang format

Update the clang format configuration to disable include sorting. This
is enabled by default and breaks samba code.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Jul 10 04:40:51 CEST 2018 on sn-devel-144

2 years agoRevert "s3/service: convert lp_force_group() to const"
David Disseldorp [Sun, 8 Jul 2018 23:40:58 +0000 (01:40 +0200)]
Revert "s3/service: convert lp_force_group() to const"

This reverts commit c53646bccd87ef3b3133d3f7526ef85591909528.
As mentioned by Andrew, we shouldn't break environments where
"force group" has been configured to use substituted variables.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 10 00:12:19 CEST 2018 on sn-devel-144

2 years agoRevert "s3/service: convert lp_force_user() to const"
David Disseldorp [Sun, 8 Jul 2018 23:36:11 +0000 (01:36 +0200)]
Revert "s3/service: convert lp_force_user() to const"

This reverts commit c58194e3d296f4e14e7689bdf192c561635ae161.
As mentioned by Andrew, we shouldn't break environments where
"force user" has been configured to use substituted variables.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolibsmbclient: Initialize written in cli_splice_fallback()
Bailey Berro [Tue, 26 Jun 2018 20:13:39 +0000 (13:13 -0700)]
libsmbclient: Initialize written in cli_splice_fallback()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13511

Signed-off-by: Bailey Berro <baileyberro@chromium.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jul  9 21:29:48 CEST 2018 on sn-devel-144

2 years agolibsmbclient: Initialize written value before use.
Jeremy Allison [Fri, 6 Jul 2018 18:46:44 +0000 (11:46 -0700)]
libsmbclient: Initialize written value before use.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13511

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2 years agowinbind_krb5_localauth: Fix a compiler warning
Andreas Schneider [Thu, 5 Jul 2018 16:02:48 +0000 (18:02 +0200)]
winbind_krb5_localauth: Fix a compiler warning

This can't used uninitialized but some compiler complains about it.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jul  7 16:24:30 CEST 2018 on sn-devel-144

2 years agos3: smbd/durable: remove dev and inode check from vfs_default_durable_reconnect_check...
Ralph Boehme [Fri, 2 Mar 2018 14:50:29 +0000 (15:50 +0100)]
s3: smbd/durable: remove dev and inode check from vfs_default_durable_reconnect_check_stat()

On a cluster filesystem the device numbers may differ on the cluster
nodes. We already verify the file_id in vfs_default_durable_reconnect(),
so we can safely remove the dev/inode checks.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13318

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agolib:charset: Fix error messages from charset conversion
Christof Schmitt via samba-technical [Thu, 28 Jun 2018 18:50:13 +0000 (11:50 -0700)]
lib:charset: Fix error messages from charset conversion

When e.g. trying to access a filename through Samba that does not adhere
to the encoding configured in 'unix charset', the log will show the
encoding problem, followed by "strstr_m: src malloc fail". The problem
is that strstr_m assumes that any failure from push/pull_ucs2_talloc is
a memory allocation problem, which is not correct.

Address this by removing the misleading messages and add a missing
message in convert_string_talloc_handle.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3: smbd: fix a check in stat_cache_add()
Ralph Boehme [Wed, 27 Jun 2018 11:07:00 +0000 (13:07 +0200)]
s3: smbd: fix a check in stat_cache_add()

As the comment above the if condition says:

        /*
         * If we are in case insentive mode, we don't need to
         * store names that need no translation - else, it
         * would be a waste.
         */

Ie if stat_cache_add() is called as

        stat_cache_add("foo/bar", "foo/bar", false)

There's no need to cache the path, as a simple stat() on the client
supplied name (full_orig_name) matches the name used in the
filesystem (passed to stat_cache_add() as translated_path).

So fix the if condition to match the comment.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agodocs/vfs_ceph: add CTDB_SAMBA_SKIP_SHARE_CHECK=yes caveat
David Disseldorp [Fri, 6 Jul 2018 11:31:43 +0000 (13:31 +0200)]
docs/vfs_ceph: add CTDB_SAMBA_SKIP_SHARE_CHECK=yes caveat

Mostly copied from the vfs_gluster manpage: the CephFS share path is not
locally mounted, which breaks the ctdb_check_directories_probe() check.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul  6 23:19:02 CEST 2018 on sn-devel-144

2 years agovfs_ceph: don't lie about flock support
David Disseldorp [Thu, 5 Jul 2018 15:18:15 +0000 (17:18 +0200)]
vfs_ceph: don't lie about flock support

Instead, match vfs_gluster behaviour and require that users explicitly
disable "kernel share modes".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13506

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/loadparm: fix a few talloc stackframe leaks
David Disseldorp [Mon, 25 Jun 2018 00:28:41 +0000 (02:28 +0200)]
s3/loadparm: fix a few talloc stackframe leaks

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/service: convert lp_force_user() to const
David Disseldorp [Mon, 25 Jun 2018 00:22:31 +0000 (02:22 +0200)]
s3/service: convert lp_force_user() to const

Avoid set_conn_force_user_group() talloc stackframe leaks in doing so.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/service: convert lp_force_group() to const
David Disseldorp [Mon, 25 Jun 2018 00:08:25 +0000 (02:08 +0200)]
s3/service: convert lp_force_group() to const

set_conn_force_user_group() and change_to_user_internal() leak onto
the callers' talloc stackframe. Drop the unnecessary heap allocations.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/uid: use lp_const_servicename() where possible
David Disseldorp [Mon, 25 Jun 2018 00:19:34 +0000 (02:19 +0200)]
s3/uid: use lp_const_servicename() where possible

The majority of these lp_servicename(talloc_tos(), ...) callers leak
onto the talloc stackframe. Drop the unnecessary heap allocations.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agos3/service: use lp_const_servicename() where possible
David Disseldorp [Sun, 24 Jun 2018 23:59:33 +0000 (01:59 +0200)]
s3/service: use lp_const_servicename() where possible

The majority of these lp_servicename(talloc_tos(), ...) callers leak
onto the talloc stackframe. Drop the unnecessary heap allocations.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2 years agonsswitch: Use a swtich in the wbinfo test to lookup users
Andreas Schneider [Fri, 6 Jul 2018 12:07:37 +0000 (14:07 +0200)]
nsswitch: Use a swtich in the wbinfo test to lookup users

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul  6 17:14:44 CEST 2018 on sn-devel-144

2 years agoctdb-tests: Avoid segfault by initializing logging
Amitay Isaacs [Thu, 5 Jul 2018 03:40:33 +0000 (13:40 +1000)]
ctdb-tests: Avoid segfault by initializing logging

This is in addition to af697008531.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Jul  5 15:22:16 CEST 2018 on sn-devel-144

2 years agoctdb-common: Fix CID 437606
Amitay Isaacs [Wed, 4 Jul 2018 07:45:45 +0000 (17:45 +1000)]
ctdb-common: Fix CID 437606

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoselftest: Use a longer self.account_lockout_duration and self.lockout_observation_window
Andrew Bartlett [Tue, 3 Jul 2018 00:28:27 +0000 (12:28 +1200)]
selftest: Use a longer self.account_lockout_duration and self.lockout_observation_window

This matches the changes made in the PSO tests and slows down the
whole testsuite but may make it more reliable on slower build hosts.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jul  5 12:29:31 CEST 2018 on sn-devel-144

2 years agoselftest: Use self.account_lockout_duration in self.update_lockout_settings for passw...
Andrew Bartlett [Tue, 3 Jul 2018 00:27:24 +0000 (12:27 +1200)]
selftest: Use self.account_lockout_duration in self.update_lockout_settings for password_lockout tests

This allows the account_lockout_duration and
lockout_observation_window to be updated with longer values to cope
with slower build servers.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2 years agoDocument that vfs_full_audit defaults are "none" for the successful and failed operat...
Timur I. Bakeyev [Fri, 22 Jun 2018 04:36:07 +0000 (12:36 +0800)]
Document that vfs_full_audit defaults are "none" for the successful and failed operations.

Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoMake "none" the default setting for the successful and failed operations in the vfs_f...
Timur I. Bakeyev [Fri, 22 Jun 2018 04:19:42 +0000 (12:19 +0800)]
Make "none" the default setting for the successful and failed operations in the vfs_full_audit, so you don't blow up your server by just adding this module to the configuration.

Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoMake sure that vfs*audit modules recognize and accept all the syslog facilities.
Timur I. Bakeyev [Sun, 1 Jul 2018 23:05:36 +0000 (01:05 +0200)]
Make sure that vfs*audit modules recognize and accept all the syslog facilities.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13436

Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoctdb-tests: Switch to using new event daemon
Amitay Isaacs [Thu, 21 Jun 2018 08:02:06 +0000 (18:02 +1000)]
ctdb-tests: Switch to using new event daemon

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Jul  5 09:39:33 CEST 2018 on sn-devel-144

2 years agoctdb-daemon: Add client code to talk to new event daemon
Amitay Isaacs [Thu, 21 Jun 2018 07:16:07 +0000 (17:16 +1000)]
ctdb-daemon: Add client code to talk to new event daemon

This fixes the build and now new eventd is integrated completely in CTDB.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-protocol: Remove protocol for old event daemon
Amitay Isaacs [Thu, 21 Jun 2018 06:44:02 +0000 (16:44 +1000)]
ctdb-protocol: Remove protocol for old event daemon

This breaks the build.  The new eventd protocol cannot be introduced without
removing the old eventd protocol.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-client: Remove client code for old event daemon
Amitay Isaacs [Thu, 21 Jun 2018 06:56:43 +0000 (16:56 +1000)]
ctdb-client: Remove client code for old event daemon

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-tools: Remove old event daemon tool
Amitay Isaacs [Thu, 21 Jun 2018 07:02:54 +0000 (17:02 +1000)]
ctdb-tools: Remove old event daemon tool

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-daemon: Remove old event daemon
Amitay Isaacs [Thu, 21 Jun 2018 06:41:16 +0000 (16:41 +1000)]
ctdb-daemon: Remove old event daemon

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-tests: Remove tests for old event daemon
Amitay Isaacs [Thu, 21 Jun 2018 06:42:47 +0000 (16:42 +1000)]
ctdb-tests: Remove tests for old event daemon

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-tools: Switch to using new event daemon tool
Amitay Isaacs [Thu, 21 Jun 2018 07:02:09 +0000 (17:02 +1000)]
ctdb-tools: Switch to using new event daemon tool

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-daemon: Switch to starting new event daemon
Amitay Isaacs [Thu, 21 Jun 2018 06:38:01 +0000 (16:38 +1000)]
ctdb-daemon: Switch to starting new event daemon

From this patch onwards, CTDB daemon is broken till the client code for
new eventd is integrated.  This requires getting rid of the old eventd
protocol and client code and then switching to the new eventd protocol
and client code.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-event: Add tests for event daemon
Amitay Isaacs [Fri, 4 May 2018 08:08:08 +0000 (18:08 +1000)]
ctdb-event: Add tests for event daemon

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-tests: Rename eventd testsuite to ctdb_eventd
Amitay Isaacs [Fri, 4 May 2018 07:18:39 +0000 (17:18 +1000)]
ctdb-tests: Rename eventd testsuite to ctdb_eventd

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-event: Add event daemon client tool
Amitay Isaacs [Thu, 26 Apr 2018 08:46:27 +0000 (18:46 +1000)]
ctdb-event: Add event daemon client tool

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-event: Add event daemon client code
Amitay Isaacs [Tue, 24 Apr 2018 07:22:42 +0000 (17:22 +1000)]
ctdb-event: Add event daemon client code

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-event: Add event daemon implementation
Amitay Isaacs [Sat, 3 Mar 2018 15:11:16 +0000 (02:11 +1100)]
ctdb-event: Add event daemon implementation

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-event: Add event daemon protocol
Amitay Isaacs [Thu, 15 Feb 2018 06:33:12 +0000 (17:33 +1100)]
ctdb-event: Add event daemon protocol

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-common: Add client pid to connect callback in sock_daemon
Amitay Isaacs [Tue, 6 Feb 2018 05:42:39 +0000 (16:42 +1100)]
ctdb-common: Add client pid to connect callback in sock_daemon

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-tests: Separate testing code for basic data types
Amitay Isaacs [Mon, 5 Mar 2018 05:45:42 +0000 (16:45 +1100)]
ctdb-tests: Separate testing code for basic data types

This will be used for testing other daemons' protocol code.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-build: Add ctdb prefix to build target
Amitay Isaacs [Thu, 26 Apr 2018 07:37:03 +0000 (17:37 +1000)]
ctdb-build: Add ctdb prefix to build target

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-protocol: Separate protocol-basic subsystem
Amitay Isaacs [Thu, 1 Mar 2018 07:20:19 +0000 (18:20 +1100)]
ctdb-protocol: Separate protocol-basic subsystem

This includes marshalling code for basic data types.  This will be used
by other daemons.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoautobuild: Fix random-sleep.sh invocation in autobuild.py
Andrew Bartlett [Wed, 4 Jul 2018 23:09:50 +0000 (11:09 +1200)]
autobuild: Fix random-sleep.sh invocation in autobuild.py

The scripts were not running with the correct path and this causes sn-devel to hit
a very high load as many of the compile jobs start at once.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Jul  5 06:51:26 CEST 2018 on sn-devel-144

2 years agosamba_tool_showrepl_pull_summary_all_good is flapping
Douglas Bagnall [Thu, 5 Jul 2018 01:49:23 +0000 (13:49 +1200)]
samba_tool_showrepl_pull_summary_all_good is flapping

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agosamba-tool drs showrepl test: turn subprocess error into failure
Douglas Bagnall [Wed, 4 Jul 2018 23:01:58 +0000 (11:01 +1200)]
samba-tool drs showrepl test: turn subprocess error into failure

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agonetcmd: Use dbcheck to fix DB problems introduced by restore itself
Tim Beale [Wed, 4 Jul 2018 01:23:59 +0000 (13:23 +1200)]
netcmd: Use dbcheck to fix DB problems introduced by restore itself

As part of the restore process, we remove all the old DCs from the DB.
However, this introduces some dbcheck errors - there are some DN
attributes and one-way links that reference the deleted objects that
need fixing up. To resolve this, we can run dbcheck as part of the
restore process. This problem affects both renames and plain restores.

The dbcheck.sh test didn't spot this problem because it fixes this type
of DB error first, before it checks the DB.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agotests: Add new tests for backup-rename command
Tim Beale [Tue, 3 Jul 2018 01:55:53 +0000 (13:55 +1200)]
tests: Add new tests for backup-rename command

Extend the existing 'backup online' tests to also test the domain
rename case. This mostly involves some extra assertions that the
restored DB has been modified appropriatelt (i.e. domain NetBIOS
name is updated, etc).

I've also added an extra test case that creates a few objects and
links and specifically asserts that they get renamed appropriately.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoselftest: Add dedicated RENAMEDC testenv for 'backup rename'
Tim Beale [Sun, 10 Jun 2018 23:02:11 +0000 (11:02 +1200)]
selftest: Add dedicated RENAMEDC testenv for 'backup rename'

Add a new testenv that's similar to the existing restoredc, except we
use 'backup rename' to rename the domain as we back it up.

Restoring this backup then proves that a valid DC can be started from a
renamed backup.

Run the same sub-set of RESTOREDC tests to prove that the new testenv is
sound.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agonetcmd: Extend 'backup restore' command to handle renamed domains
Tim Beale [Sun, 10 Jun 2018 23:18:09 +0000 (11:18 +1200)]
netcmd: Extend 'backup restore' command to handle renamed domains

When restoring a renamed domain backup, we need to register the new
realm's DNS zone. We do this in the restore step because we don't know
the new server's IP/hostname in the backup step.

Because we may have removed the old realm's DNS entries in the rename
step, the remove_dc() code may fail to find the expected DNS entries for
the DC's domain (the DCs' dnsHostname still maps to the old DNS realm).
We just needed to adjust remove_dns_references() as it was getting a
slightly different error code.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agonetcmd: Add 'samba-tool domain backup rename' command
Tim Beale [Wed, 13 Jun 2018 00:22:19 +0000 (12:22 +1200)]
netcmd: Add 'samba-tool domain backup rename' command

Add a new command that takes a clone of the domain's DB, and renames the
domain as well. (We rename the domain during the clone because it's
easier to implement - the DRS code handles most of the renaming for us,
as it applies the received replication chunks).

The new option is similar to an online backup, except we also do the
following:
- use the new DCCloneAndRenameContext code to clone the DB
- run dbcheck to fix up any residual old DNs (mostly objectCategory
  references)
- rename the domain's netBIOSName
- add dnsRoot objects for the new DNS realm
- by default, remove the old realm's DNS objects (optional)
- add an extra backupRename marker to the backed-up DB. In the restore
  code, if the backup was renamed, then we need to register the new
  domain's DNS zone at that point (we only know the new DC's host IP
  at the restore stage).

Note that the backup will contain the old DC entries that still use the
old dnsHostname, but these DC entries will all be removed during the
restore, and a new DC will be added with the correct dnsHostname.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agotests: Tweak the backup online tests so they're generic
Tim Beale [Tue, 3 Jul 2018 01:43:29 +0000 (13:43 +1200)]
tests: Tweak the backup online tests so they're generic

Update backup-online tests to be more generic. We can then re-use the
common framework for other types of backups (offline, rename), and just
change what's specific to those particular cases.

This change includes asserting the restored backup's domain/realm are
correct, which we weren't doing previously but makes sense.

The new 'return samdb' is for convenience, so that child classes can
easily extend the checks we run over the restored DB.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agodrs_utils: Always set the GET_TGT flag for clone renames
Tim Beale [Wed, 13 Jun 2018 02:09:06 +0000 (14:09 +1200)]
drs_utils: Always set the GET_TGT flag for clone renames

The DCCloneAndRenameContext replication was a little inefficient, in
that it would essentially replicate the entire DB twice. This was due to
resolving the link targets - it finds a target object it doesn't know
about, so retries the entire replication again with the GET_TGT flag set
this time.

Normally, the repl_meta_data code will use the target object's GUID,
however, it can't do this for cross-partition links (if it hasn't
replicated the target partition yet). The repl_md code can normally
detect that the link is a cross-parition link by checking the base-DN,
however, this doesn't work in the DCCloneAndRenameContext case because
we have renamed the base-DN.

This is not a big deal - it just means extra work. However, because the
domains being backed up could potentially be quite large, it probably
makes sense to just always set the GET_TGT in the rename case and skip
this extra work.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agojoin: Add more framework for renaming a domain
Tim Beale [Mon, 11 Jun 2018 04:50:28 +0000 (16:50 +1200)]
join: Add more framework for renaming a domain

Add a DCCloneContext subclass which will rename the DB objects as they
get cloned. This uses the drs_ReplicateRenamer class added to drs_utils
in an earlier patch. Where the drs_Replicate object currently gets
created has been split out into a simple new function, which we can then
override in the rename case.

The other important difference is overriding the provision step, so that
we use the new domain-DN/realm when setting up the initial SAM DB (and
smb.conf, secrets.ldb, etc).

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agouid_wrapper: Be strict when checking __attribute__ features
Amitay Isaacs [Tue, 3 Jul 2018 04:45:39 +0000 (14:45 +1000)]
uid_wrapper: Be strict when checking __attribute__ features

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Jul  5 03:01:33 CEST 2018 on sn-devel-144

2 years agoresolv_wrapper: Be strict when checking __attribute__ features
Amitay Isaacs [Tue, 3 Jul 2018 04:45:24 +0000 (14:45 +1000)]
resolv_wrapper: Be strict when checking __attribute__ features

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agopam_wrapper: Be strict when checking __attribute__ features
Amitay Isaacs [Tue, 3 Jul 2018 04:45:04 +0000 (14:45 +1000)]
pam_wrapper: Be strict when checking __attribute__ features

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agonss_wrapper: Be strict when checking __attribute__ features
Amitay Isaacs [Tue, 3 Jul 2018 04:44:48 +0000 (14:44 +1000)]
nss_wrapper: Be strict when checking __attribute__ features

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoreplace: Be strict when checking __attribute__ features
Amitay Isaacs [Tue, 3 Jul 2018 04:36:33 +0000 (14:36 +1000)]
replace: Be strict when checking __attribute__ features

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agosocket_wrapper: Be strict when checking __attribute__ features
Amitay Isaacs [Tue, 3 Jul 2018 04:36:16 +0000 (14:36 +1000)]
socket_wrapper: Be strict when checking __attribute__ features

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agowafsamba: Be strict when checking __attribute__ features
Amitay Isaacs [Tue, 3 Jul 2018 04:34:29 +0000 (14:34 +1000)]
wafsamba: Be strict when checking __attribute__ features

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agowafsamba: Add strict option to CHECK_CODE
Amitay Isaacs [Tue, 3 Jul 2018 03:56:13 +0000 (13:56 +1000)]
wafsamba: Add strict option to CHECK_CODE

Some compilers (e.g. xlc) ignores unsupported features, generates a
warning, but does not fail compilation.

This ensures that any compiler warnings are treated as errors and the
feature support is correctly identified.  This adds equivalent compiler
option to -Werror for xlc.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agoctdb-daemon: Set environment variable if running in interactive mode
Amitay Isaacs [Tue, 26 Jun 2018 08:39:09 +0000 (18:39 +1000)]
ctdb-daemon: Set environment variable if running in interactive mode

CTDB_INTERACTIVE will be used to tell the other daemons if the ctdb daemon
is started in interactive mode.  This is primarily used only for testing.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-daemon: Avoid closing stdin when running in interactive mode
Amitay Isaacs [Thu, 21 Jun 2018 07:57:02 +0000 (17:57 +1000)]
ctdb-daemon: Avoid closing stdin when running in interactive mode

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-tests: Avoid segfault by initializing logging
Amitay Isaacs [Thu, 21 Jun 2018 10:00:41 +0000 (20:00 +1000)]
ctdb-tests: Avoid segfault by initializing logging

Setting DEBUGLEVEL before calling debug_init() causes segmentation
violation with gcc8.  DEBUGLEVEL_CLASS is statically initialized to
debug_class_list_initial which is defined as const.  Only after
debug_init() is called, DEBUGLEVEL_CLASS becomes a talloc'd array.

So before modifying DEBUGLEVEL, ensure debug_init() is called via
setup_logging().  (debug_init is a static function.)

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agoctdb-common: Use correct return type for tevent_queue_add_entry
Amitay Isaacs [Tue, 3 Jul 2018 04:08:22 +0000 (14:08 +1000)]
ctdb-common: Use correct return type for tevent_queue_add_entry

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13493

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2 years agos3:winbind: Do not lookup local system accounts in AD
Andreas Schneider [Mon, 2 Jul 2018 14:38:01 +0000 (16:38 +0200)]
s3:winbind: Do not lookup local system accounts in AD

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul  4 23:55:56 CEST 2018 on sn-devel-144

2 years agonsswitch: Add tests to lookup user via getpwnam
Andreas Schneider [Mon, 2 Jul 2018 14:18:52 +0000 (16:18 +0200)]
nsswitch: Add tests to lookup user via getpwnam

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2 years agolib: smb_threads: fix access before init bug
Ralph Boehme [Tue, 3 Jul 2018 13:30:33 +0000 (15:30 +0200)]
lib: smb_threads: fix access before init bug

talloc_stackframe_internal() calls SMB_THREAD_GET_TLS(global_ts)  which
calls smb_get_tls_pthread() in the POSIX pthread wrapper implementation.

If SMB_THREAD_SET_TLS() hasn't been called before, global_ts is NULL and
smb_get_tls_pthread dereferences it so it crashes.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13505

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2 years agosamba-gpupdate: Change machine option to target
David Mulder [Mon, 7 May 2018 15:48:32 +0000 (09:48 -0600)]
samba-gpupdate: Change machine option to target

On a Windows client, you designate machine/user
apply with a 'target' parameter. This change
makes gpupdate work more like that command.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul  4 13:23:09 CEST 2018 on sn-devel-144

2 years agosamba_gpoupdate: Rename the command to samba-gpupdate
David Mulder [Mon, 7 May 2018 15:45:32 +0000 (09:45 -0600)]
samba_gpoupdate: Rename the command to samba-gpupdate

On a Windows client, this command is called 'gpupdate'

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2 years agoMAN: Adding entry for net ads lookup
Amit Kumar [Mon, 25 Jun 2018 13:00:39 +0000 (18:30 +0530)]
MAN: Adding entry for net ads lookup

There is no man page description for net ads lookup.
This PR adds entry for the same.

Signed-off-by: Amit Kumar amitkuma@redhat.com
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul  4 07:38:04 CEST 2018 on sn-devel-144

2 years agosamba-tool drs showrepl: correctly report failing repsFrom
Andrew Bartlett [Tue, 3 Jul 2018 23:45:14 +0000 (11:45 +1200)]
samba-tool drs showrepl: correctly report failing repsFrom

Hopefully this fixes the flapping test.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul  4 04:43:39 CEST 2018 on sn-devel-144

2 years agos3: lib/ctdbd_conn: include .h, not .c
Ralph Boehme [Fri, 29 Jun 2018 06:00:10 +0000 (08:00 +0200)]
s3: lib/ctdbd_conn: include .h, not .c

Probably a copy/paste mistake. Detected by a failing autobuild on
sn-devel and a local make test:

Build failed: default/examples/libsmbclient/testbrowse2: Symbol
tevent_req_is_unix_error linked in multiple libraries
['samba-cluster-support', 'tevent-util']
UNEXPECTED(failure): wafsamba.duplicate_symbols.duplicate_symbols(none)

Wonder why this didn't fail before in autobuild.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jul  4 01:19:50 CEST 2018 on sn-devel-144

2 years agobuild: bundle and reduce huge number of EA function tests
Björn Jacke [Mon, 12 Mar 2018 17:44:38 +0000 (18:44 +0100)]
build: bundle and reduce huge number of EA function tests

It's sufficient to check for one basic function of an EA implementation and a
use a single ifdef for each group of EA functions. This makes more sense than
checking for each EA function on each platform.

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul  3 13:24:51 CEST 2018 on sn-devel-144

2 years agodrs_utils: Add infrastructure to support 'clone with rename'
Tim Beale [Tue, 5 Jun 2018 22:04:29 +0000 (10:04 +1200)]
drs_utils: Add infrastructure to support 'clone with rename'

Our end goal is to create a backup clone of a DB, but rename the
domain/realm so we can startup the backup DC without interferring with
the existing Samba network. The basic strategy to do this is to leverage
DRS replication - by renaming the first object in the partition, all
subsequent objects will automatically be renamed.

This patch adds the infrastructure to do this. I've used object
inheritance to handle the special case of renaming the partition
objects. This means the domain-rename special case doesn't really
pollute the existing DRS replication code. All it needs is a small
refactor to create a new 'process_chunk()' function that the new
sub-class can then override.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agotests: Add a sub-set of tests to show the restored DC is sound
Tim Beale [Thu, 21 Jun 2018 03:04:00 +0000 (15:04 +1200)]
tests: Add a sub-set of tests to show the restored DC is sound

+ Add a new ldapcmp_restoredc.sh test that asserts that the original DC
backed up (backupfromdc) matches the new restored DC.
+ Add a new join_ldapcmp.sh test that asserts we can join a given DC,
and that the resulting DB matches the joined DC
+ Add a new login_basics.py test that sanity-checks Kerberos and NTLM
user login works. (This reuses the password_lockout base code, without
taking as long as the password_lockout tests do). Basic LDAP and SAMR
connections are also tested as a side-effect.
+ run the netlogonsvc test against the restored DC to prove we can
establish a netlogon connection.
+ run the same subset of rpc.echo tests that we do for RODC
+ run dbcheck over the new testenvs at the end of the test run

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agoselftest: Add testenv for testing backup/restore
Tim Beale [Tue, 29 May 2018 04:05:02 +0000 (16:05 +1200)]
selftest: Add testenv for testing backup/restore

This adds a new testenv for testing that a DC created using the
samba-tool backup/restore can actually be started up. This actually
requires 2 new testenvs:

1. A 'backupfromdc' that solely exists to make a online backup of.
2. A 'restoredc' which takes the backup, and then uses the backup file
to do a restore, which we then start the DC based on.

The backupfromdc is just a plain vanilla AD DC. We use a separate test
env purely for this purpose, because the restoredc will use the same
domain (and so using an existing testenv would potentially interfere
with existing test cases).

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agotests: Add tests for the domain backup online/restore commands
Aaron Haslett [Mon, 11 Jun 2018 07:13:35 +0000 (19:13 +1200)]
tests: Add tests for the domain backup online/restore commands

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agonetcmd: domain backup restore command
Aaron Haslett [Mon, 30 Apr 2018 23:11:01 +0000 (11:11 +1200)]
netcmd: domain backup restore command

Add a command option that restores a backup file. This is only intended
for recovering from a catastrophic failure of the domain. The old domain
DCs are removed from the DB and a new DC is added.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agonetcmd: domain backup online command
Aaron Haslett [Mon, 30 Apr 2018 23:10:11 +0000 (11:10 +1200)]
netcmd: domain backup online command

This adds a samba-tool command that can be run against a remote DC to
produce a backup-file for the current domain. The backup stores similar
info to what a new DC would get if it joined the network.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agojoin: Remove unnecessary clone_only flag
Tim Beale [Thu, 28 Jun 2018 22:40:58 +0000 (10:40 +1200)]
join: Remove unnecessary clone_only flag

For the clone-only case, we have been avoiding a block of code in the
DCJoinContext's __init__(). The main reason we do this is because the
netbios_name is None for clones, and this block of code tries to derive
a bunch of values based on the netbios_name (otherwise, a few lines into
this block, it tries to do NoneType.lower(), which Python doesn't like
very much).

This code is not particularly clone-specific - it is just never going to
work if the netbios_name is None. So we can change the conditional
check, which allows us to get rid of the clone_only flag.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Jul  3 08:12:10 CEST 2018 on sn-devel-144

2 years agojoin: Refactor clone_only case to simplify code
Tim Beale [Mon, 11 Jun 2018 04:33:19 +0000 (16:33 +1200)]
join: Refactor clone_only case to simplify code

Currently for DC clones, we create a regular DCJoinContext, se a
'clone_only' flag, and then make lots of special checks for this flag
throughout the code. Instead, we can use inheritance to create a
DCCloneContext sub-class, and put the specialization there.

This means we can remove all the 'clone_only' checks from the code. The
only 2 methods that really differ are do_join() and join_finalize(), and
these don't share much code at all. (To avoid duplication, I split the
first part of do_join() into a new build_nc_lists() function, but this
is a pretty trivial code move).

We still pass the clone_only flag into the __init__() as there's still
one case where we want to avoid doing work in the case of the clone.
For clarity, I'll refactor this in a subsequent patch.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agojoin: Rename dc_join() so it looks like an object
Tim Beale [Mon, 25 Jun 2018 05:21:00 +0000 (17:21 +1200)]
join: Rename dc_join() so it looks like an object

dc_join() is creating an object, but it currently looks like it's
just a function call. Rename it to look more object-like.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agojoin: Pipe through dns_backend option for clones
Aaron Haslett [Mon, 30 Apr 2018 23:10:11 +0000 (11:10 +1200)]
join: Pipe through dns_backend option for clones

Allow join_clone() calls to specify a dns_backend parameter for the new
cloned DB.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agoprovision: Small refactor to host-IP logic
Tim Beale [Sun, 10 Jun 2018 21:14:06 +0000 (09:14 +1200)]
provision: Small refactor to host-IP logic

Split out the code that determines the host-IP of the new server into
separate functions. This will allow us to re-use the same logic in the
backup/restore case.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agodbchecker: Fixing up incorrect DNs wasn't working
Tim Beale [Fri, 25 May 2018 02:05:27 +0000 (14:05 +1200)]
dbchecker: Fixing up incorrect DNs wasn't working

dbcheck would fail to fix up attributes where the extended DN's GUID is
correct, but the DN itself is incorrect. The code failed attempting to
remove the old/incorrect DN, e.g.

 NOTE: old (due to rename or delete) DN string component for
 objectCategory in object CN=alice,CN=Users,DC=samba,DC=example,DC=com -
 <GUID=7bfdf9d8-62f9-420c-8a71-e3d3e931c91e>;
   CN=Person,CN=Schema,CN=Configuration,DC=samba,DC=bad,DC=com
 Change DN to <GUID=7bfdf9d8-62f9-420c-8a71-e3d3e931c91e>;
   CN=Person,CN=Schema,CN=Configuration,DC=samba,DC=example,DC=com?
 [y/N/all/none] y
 Failed to fix old DN string on attribute objectCategory : (16,
 "attribute 'objectCategory': no matching attribute value while deleting
 attribute on 'CN=alice,CN=Users,DC=samba,DC=example,DC=com'")

The problem was the LDB message specified the value to delete with its
full DN, including the GUID. The LDB code then helpfully corrected this
value on the way through, so that the DN got updated to reflect the
correct DN (i.e. 'DC=example,DC=com') of the object matching that GUID,
rather than the incorrect DN (i.e. 'DC=bad,DC=com') that we were trying
to remove. Because the requested value and the existing DB value didn't
match, the operation failed.

We can avoid this problem by passing down just the DN (not the extended
DN) of the value we want to delete. Without the GUID portion of the DN,
the LDB code will no longer try to correct it on the way through, and
the dbcheck operation will succeed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13495

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>

2 years agodbcheck: Use symbolic control name for DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS
Andrew Bartlett [Fri, 29 Jun 2018 02:53:19 +0000 (14:53 +1200)]
dbcheck: Use symbolic control name for DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS

While we do not wish to encourage use of this control, manually typed OIDs are
even more trouble, so pass out via pydsdb.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2 years agoctdb-tests: Teach strace packet parser about non-octal escapes
Martin Schwenke [Tue, 26 Jun 2018 09:51:00 +0000 (19:51 +1000)]
ctdb-tests: Teach strace packet parser about non-octal escapes

strace output also encodes characters 7 to 13 as \a, \b, \t, \n, \v,
\f, \r.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Jul  2 11:30:29 CEST 2018 on sn-devel-144

2 years agoctdb-daemon: Only consider client ID for local database attach
Martin Schwenke [Tue, 26 Jun 2018 10:12:23 +0000 (20:12 +1000)]
ctdb-daemon: Only consider client ID for local database attach

The comment immediately above this code says "don't allow local
clients to attach" and then looks up the client ID regardless of
whether the request is local or remote.

This means that an intentional remote attach from a client will not
work correctly.  No real client should ever do that since clients
attach so they an access databases locally.  Perhaps some sanity
checks should be added.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13500

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-docs: Fix the documentation for VNN map
Martin Schwenke [Thu, 14 Jun 2018 20:07:54 +0000 (06:07 +1000)]
ctdb-docs: Fix the documentation for VNN map

It is incorrectly says that nodes not in the VNN map can not be
DMASTER.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13499

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-server: Rename CTDB_BROADCAST_VNNMAP -> CTDB_BROADCAST_ACTIVE
Martin Schwenke [Thu, 14 Jun 2018 20:01:52 +0000 (06:01 +1000)]
ctdb-server: Rename CTDB_BROADCAST_VNNMAP -> CTDB_BROADCAST_ACTIVE

This broadcast is misnamed.  Both places where this type of broadcast
is used expect the broadcast to go to all active nodes.

Make the corresponding change to the semantics in the daemon by
sending to all active nodes.

There is a mismatch between the ideas of VNN map and active nodes.  A
node that is not in the VNN map but is active can still host database
records.  These were the same until the LMASTER capability was
introduced and then the logic was not updated.

The only place where the VNN map is relevant is when finding the
location master of a record in the migration code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13499

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Add a simple test for database traverses
Martin Schwenke [Thu, 14 Jun 2018 19:51:45 +0000 (05:51 +1000)]
ctdb-tests: Add a simple test for database traverses

This tests that volatile databases traverse correctly, including the
case where a record was updated on a non-lmaster node.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13499

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-tests: Add check for non-lmaster node status in integration tests
Martin Schwenke [Thu, 14 Jun 2018 19:51:17 +0000 (05:51 +1000)]
ctdb-tests: Add check for non-lmaster node status in integration tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13499

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-client: Fix typo where CTDB_BROADCAST_ALL is repeated
Martin Schwenke [Thu, 14 Jun 2018 06:17:09 +0000 (16:17 +1000)]
ctdb-client: Fix typo where CTDB_BROADCAST_ALL is repeated

Surely this is meant to be CTDB_BROADCAST_CONNECTED?

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13499

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-recoverd: Set the process name correctly
Martin Schwenke [Tue, 19 Jun 2018 06:50:41 +0000 (16:50 +1000)]
ctdb-recoverd: Set the process name correctly

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2 years agoctdb-scripts: Drop 99.timeout event script
Martin Schwenke [Mon, 11 Jun 2018 19:30:46 +0000 (05:30 +1000)]
ctdb-scripts: Drop 99.timeout event script

This is now implemented in local daemon testing.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>