Stefan Metzmacher [Fri, 20 May 2016 12:57:57 +0000 (14:57 +0200)]
HEIMDAL:kdc: reset e_text after successful pre-auth verification
This is already fixed in upstream heimdal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 7 Jan 2016 13:12:14 +0000 (14:12 +0100)]
HEIMDAL:lib/krb5: allow predefined PAC_{LOGON_NAME,PRIVSVR_CHECKSUM,SERVER_CHECKSUM} elements in _krb5_pac_sign()
A caller may want to specify an explicit order of PAC elements,
e.g. the PAC_UPN_DNS_INFO element should be placed after the PAC_LOGON_NAME
element.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is commit
7cd40a610569d5e54ebe323672794fb6415b5dac in heimdal master.
Stefan Metzmacher [Wed, 20 Jul 2016 08:12:45 +0000 (10:12 +0200)]
s4:torture/remote_pac: verify the order of PAC elements
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 21 Jul 2016 13:08:32 +0000 (15:08 +0200)]
auth/credentials: also do a shallow copy of the krb5_ccache.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Fri, 22 Jul 2016 14:12:25 +0000 (16:12 +0200)]
tevent: Add overflow protection to tevent_req_create
This adds 40 bytes, but they are needed for correctness :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jul 22 23:33:57 CEST 2016 on sn-devel-144
Volker Lendecke [Fri, 22 Jul 2016 14:06:45 +0000 (16:06 +0200)]
tevent: Save 140 bytes of .text in tevent_req_create
This is one of or hottest code paths, I think every bit counts here.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Volker Lendecke [Fri, 22 Jul 2016 14:06:45 +0000 (16:06 +0200)]
tevent: Save 32 bytes of .text in tevent_req_create
This is one of or hottest code paths, I think every bit counts here.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 28 Jun 2016 22:35:16 +0000 (10:35 +1200)]
build: Add hints on what libraries to install for gpgme support on failure
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jul 22 19:51:09 CEST 2016 on sn-devel-144
Stefan Metzmacher [Mon, 27 Jun 2016 06:25:30 +0000 (08:25 +0200)]
WHATSNEW: recomment python-crypto and python-m2crypto
They're used for some samba-tool commands.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Wed, 17 Feb 2016 09:07:27 +0000 (10:07 +0100)]
WHATSNEW: add 'Password sync as active directory domain controller'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andrew Bartlett [Wed, 20 Jul 2016 04:45:34 +0000 (16:45 +1200)]
s4:torture/ndr: Add supplementalCredentials blob from Samba with the new SambaGPG blob
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 16 Feb 2016 02:19:58 +0000 (03:19 +0100)]
python:samba/tests: use 'samba-tool user {getpassword,syncpasswords}' with --decrypt-samba-gpg
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Tue, 12 Jan 2016 12:51:00 +0000 (13:51 +0100)]
selftest:Samba4: configure "password hash gpg key ids" for ad_dc (if available)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Tue, 16 Feb 2016 09:04:40 +0000 (10:04 +0100)]
s4:selftest: run samba.tests.samba_tool.user also against ad_dc:local
In future ad_dc_ntvfs and ad_dc will differ regarding the Primary:SambaGPG
password feature. So we should test both.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Tue, 12 Jan 2016 12:51:00 +0000 (13:51 +0100)]
selftest:gnupg: add a gpg key for Samba Selftest <selftest@samba.example.com>
This key doesn't have a passphrase and allows automatic testing
of decryption.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Fri, 22 Jan 2016 20:52:26 +0000 (21:52 +0100)]
samba-tool: add --decrypt-samba-gpg support to 'user getpasswords' and 'user syncpasswords'
This get's the cleartext passwords by decrypting
the 'Primary:SambaGPG' value in order to provide the
virtual attributes: virtualClearTextUTF16, virtualClearTextUTF8,
virtualCryptSHA256, virtualCryptSHA512, virtualSSHA
The virtual attribute virtualSambaGPG provides the raw
(encrypted) value of the 'Primary:SambaGPG' value.
See the "password hash gpg key ids" option for the encryption part
of this feature.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Tue, 12 Jan 2016 09:51:38 +0000 (10:51 +0100)]
s4:dsdb/samdb: optionally store package_PrimarySambaGPGBlob in supplementalCredentials
It's important that Primary:SambaGPG is added as the last element.
This is the indication that it matches the current password.
When a password change happens on a Windows DC,
it will keep the old Primary:SambaGPG value, but as the first element.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Tue, 12 Jan 2016 09:51:38 +0000 (10:51 +0100)]
drsblobs.idl: add package_PrimarySambaGPGBlob
This will be used to store the cleartext utf16 password
GPG encrypted in the supplementalCredentials attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Tue, 12 Jan 2016 09:51:38 +0000 (10:51 +0100)]
s4:dsdb/samdb: add configure checks for libgpgme
This will be used to store the cleartext utf16 password
GPG encrypted as 'Primary:SambaGPG' in the
supplementalCredentials attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Mon, 15 Feb 2016 08:56:03 +0000 (09:56 +0100)]
docs-xml/smbdotconf: reference "unix password sync" with "password hash gpg key ids"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Mon, 15 Feb 2016 08:10:54 +0000 (09:10 +0100)]
docs-xml/smbdotconf: add "password hash gpg key ids" option
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Tue, 16 Feb 2016 06:01:18 +0000 (07:01 +0100)]
.travis.yml: install libgpgme11-dev python[3]-gpgme
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Mon, 15 Feb 2016 08:56:03 +0000 (09:56 +0100)]
docs-xml/smbdotconf: reference "unix password sync" with "samba-tool user syncpasswords"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Mon, 15 Feb 2016 08:15:38 +0000 (09:15 +0100)]
docs-xml:samba-tool.8: document "user syncpasswords" command
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Tue, 16 Feb 2016 02:19:58 +0000 (03:19 +0100)]
python:samba/tests: add simple 'samba-tool user syncpasswords' test
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Fri, 22 Jan 2016 20:52:26 +0000 (21:52 +0100)]
samba-tool: add 'user syncpasswords' command
This provides an easy way to keep passwords in sync with
another account database, e.g. an OpenLDAP server.
It provides a functionality like the "passwd program"
for the "unix password sync" feature of a standalone, member
and classic (NT4) server, but for an active directory domain
controller.
The provided script is called for each account/password related
change.
Like the 'user getpassword' command it allows virtual attributes like:
virtualClearTextUTF16, virtualClearTextUTF8,
virtualCryptSHA256, virtualCryptSHA512, virtualSSHA
Note that this command should just run on a single domain controller
(typically the PDC-emulator).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Mon, 15 Feb 2016 08:15:38 +0000 (09:15 +0100)]
docs-xml:samba-tool.8: document "user getpassword" command
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Tue, 16 Feb 2016 02:19:58 +0000 (03:19 +0100)]
python:samba/tests: verify the packages order in supplementalCredentials
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 16 Feb 2016 02:19:58 +0000 (03:19 +0100)]
python:samba/tests: add simple 'samba-tool user getpassword' test
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 22 Jan 2016 20:52:26 +0000 (21:52 +0100)]
samba-tool: add 'user getpassword' command
This provides an easy way to get the passwords of a user
including the cleartext passwords (if stored) and derived
hashes. This is done by providing virtual attributes like:
virtualClearTextUTF16, virtualClearTextUTF8,
virtualCryptSHA256, virtualCryptSHA512, virtualSSHA
This is much easier than using ldbsearch and manually parsing
the supplementalCredentials attribute.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Stefan Metzmacher [Tue, 12 Jul 2016 07:57:16 +0000 (09:57 +0200)]
pycredentials: add set_utf16_[old_]password()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 12 Jul 2016 06:14:36 +0000 (08:14 +0200)]
pycredentials: add {get,set}_old_password()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 21 Jul 2016 18:04:10 +0000 (20:04 +0200)]
WHATNEW: the default for "ntlm auth" is "no"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 21 Jul 2016 17:50:36 +0000 (19:50 +0200)]
selftest: don't allow ntlmv1 for 'nt4_member' and 'ad_member'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 15 Mar 2016 20:59:42 +0000 (21:59 +0100)]
docs-xml:smbdotconf: default "ntlm auth" to "no"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 21 Jul 2016 07:26:27 +0000 (09:26 +0200)]
selftest: set "ntlm auth = yes" for now as a lot of tests rely on it
In future we should use a mix of environments some which support ntlmv1
and some without.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 21 Jul 2016 17:45:04 +0000 (19:45 +0200)]
s3:selftest: run smbclient_auth with a few more combinations
E.g. we try lanman, ntlmv1 and ntlmv2 authentication.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 21 Jul 2016 17:41:57 +0000 (19:41 +0200)]
s3:tests: add 'as user' to the test names in test_smbclient_auth.sh
We already have 'as anon', having an indication for each case makes it
easier to mark some as knownfail.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 11 May 2016 21:09:53 +0000 (23:09 +0200)]
s3:ntlm_auth: call fault_setup() in order to get usefull backtraces
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Thu, 21 Jul 2016 23:24:59 +0000 (16:24 -0700)]
WHATSNEW. Add text for Open File Description (OFD) locks.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jul 22 14:13:52 CEST 2016 on sn-devel-144
Ralph Boehme [Thu, 21 Jul 2016 19:21:46 +0000 (12:21 -0700)]
WHATSNEW: SMB 2.1 leases enabled by default
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 20 Jul 2016 10:32:58 +0000 (12:32 +0200)]
smbd: Enable leases by default
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Thu, 21 Jul 2016 19:49:57 +0000 (12:49 -0700)]
s4: torture: Don't crash if connections fail and treeXX variables are left as NULL.
Correctly log as torture fail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Amitay Isaacs [Wed, 14 Oct 2015 04:49:12 +0000 (15:49 +1100)]
ctdb-pcp-pmda: Reimplement using new client API
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Jul 22 10:31:57 CEST 2016 on sn-devel-144
Amitay Isaacs [Thu, 5 May 2016 04:51:07 +0000 (14:51 +1000)]
ctdb-tests: Add torture test for fetch functions
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 20 Apr 2016 08:30:30 +0000 (18:30 +1000)]
ctdb-tests: Remove unused tests code
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 20 Apr 2016 06:14:39 +0000 (16:14 +1000)]
ctdb-tests: Rename ctdb_porting_tests to porting_tests
and create unit test for it.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 20 Apr 2016 06:03:41 +0000 (16:03 +1000)]
ctdb-tests: Rename ctdb_lock_tdb to lock_tdb
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 20 Apr 2016 05:56:13 +0000 (15:56 +1000)]
ctdb-tests: Convert rb_test into a unit test
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 20 Apr 2016 04:29:56 +0000 (14:29 +1000)]
ctdb-tests: Replace ctdb_update_record_persistent with update_record_persistent
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 20 Apr 2016 04:27:40 +0000 (14:27 +1000)]
ctdb-tests: Replace ctdb_update_record with update_record using new client API
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 18 Apr 2016 07:11:36 +0000 (17:11 +1000)]
ctdb-tests: Replace ctdb_transaction with transaction_loop using new client API
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Sat, 21 Nov 2015 11:50:59 +0000 (22:50 +1100)]
ctdb-tests: Replace ctdb_fetch_readonly_loop with fetch_readonly_loop using new client API
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 20 Apr 2016 04:49:47 +0000 (14:49 +1000)]
ctdb-tests: Replace ctdb_fetch_readonly_once with fetch_readonly using new client API
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 20 Nov 2015 05:24:34 +0000 (16:24 +1100)]
ctdb-tests: Replace ctdb_fetch_one with fetch_loop using new client API
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 17 Nov 2015 21:51:41 +0000 (08:51 +1100)]
ctdb-tests: Replace ctdb_fetch with fetch_ring using new client API
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 10 Nov 2015 05:00:07 +0000 (16:00 +1100)]
ctdb-tests: Replace ctdb_bench with message_ring using new client API
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 19 Apr 2016 06:18:54 +0000 (16:18 +1000)]
ctdb-tests: Add torture test for g_lock functions
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 18 Nov 2015 01:46:08 +0000 (12:46 +1100)]
ctdb-tests: Common code to process commandline options
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 18 Nov 2015 01:18:14 +0000 (12:18 +1100)]
ctdb-tests: Common code to wait for synchronization across cluster
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Garming Sam [Thu, 30 Jun 2016 00:19:32 +0000 (12:19 +1200)]
WHATSNEW: Add the update for the samba kcc
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Jul 21 10:17:52 CEST 2016 on sn-devel-144
Garming Sam [Wed, 29 Jun 2016 22:54:29 +0000 (10:54 +1200)]
samba_kcc: Enable the python samba_kcc
For any reasonably large domain, the old KCC is impractical as the dense
mesh topology causes replication pulses.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 18 Jul 2016 02:38:40 +0000 (14:38 +1200)]
kcc: correct a typo in the debug messages
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 18 Jul 2016 05:06:57 +0000 (17:06 +1200)]
dbcheck: Add a rule regarding replica locations
This fixes any RW DCs with repsFrom without the corresponding link. On
any RODC, this just reports an error (and doesn't fix it).
(the knownfail entry is also now removed)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9200
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 20 Jul 2016 00:47:11 +0000 (12:47 +1200)]
dbcheck/release-4-1-0rc3: Add a check regarding replica locations
This DC has repsFrom for the DNS partitions, but not the corresponding
link. This ensures that dbcheck has fixed them up. This will currently
fail without the actual changes to dbcheck coming in the following
commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9200
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 21 Jul 2016 04:01:20 +0000 (16:01 +1200)]
join.py: Don't add replica locations without the backend
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9200
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 18 Jul 2016 01:09:59 +0000 (13:09 +1200)]
join.py: Add Replica-Locations for DomainDNS and ForestDNS
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9200
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 20 Jul 2016 01:37:47 +0000 (13:37 +1200)]
join.py: Ensure that all expressions are escaped
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9200
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 21 Jul 2016 03:34:13 +0000 (15:34 +1200)]
dbcheck: Replica locations can now be leftover
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9200
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 21 Jul 2016 01:08:31 +0000 (13:08 +1200)]
kcc: Make more fault tolerant on DC demotion
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 20 Jul 2016 22:42:14 +0000 (10:42 +1200)]
samba_kcc: match translate connection from old KCC for RWDC
This makes it so that repsTo are always regenerated on the target DCs.
This also happens elsewhere in drepl_out, but is to be removed.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Tue, 5 Jul 2016 03:57:28 +0000 (15:57 +1200)]
samba_kcc: match translate connection from old KCC for RODC
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Fri, 1 Jul 2016 05:02:50 +0000 (17:02 +1200)]
kcc: Prevent the KCC from doing work on the RODC
This should never have done any real work, new code or not. This just removes
the initial KCC calls and bails out in the KCC if we actually ran it.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 21 Jul 2016 01:08:56 +0000 (13:08 +1200)]
selftest: Add more information when KCC fails
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Sun, 3 Jul 2016 23:17:45 +0000 (11:17 +1200)]
kcc: Make debug more scarce
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 20 Jul 2016 21:08:11 +0000 (09:08 +1200)]
drepl: Fix a typo
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 21 Jul 2016 04:30:35 +0000 (16:30 +1200)]
WHATSNEW: Samba-tool speed-up
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Martin Schwenke [Thu, 14 Jul 2016 02:01:14 +0000 (12:01 +1000)]
ctdb-tests: Add shellcheck test suite
CTDB has a lot of scripts and shellcheck can be useful to find dubious
scripting practices.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Jul 21 06:06:49 CEST 2016 on sn-devel-144
Martin Schwenke [Thu, 14 Jul 2016 01:58:51 +0000 (11:58 +1000)]
ctdb-tests: Add new test support script for script install paths
This helps unit tests locate CTDB's scripts. It is being created to
support some new shellcheck unit tests.
Hopefully, it can also be used to simplify some of the symlink
complexity in some other unit tests suites, such as eventscripts.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 14 Jul 2016 02:58:31 +0000 (12:58 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2006 (legacy `..`)
SC2006: Use $(..) instead of legacy `..`.
Make the obvious changes to $(...) but convert some to $((...)).
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 14 Jul 2016 02:28:17 +0000 (12:28 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2124 (string=array)
SC2124: Assigning an array to a string!
Assign as array, or use * instead of @ to concatenate.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 14 Jul 2016 02:27:05 +0000 (12:27 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2155 (declare, assign)
SC2155: Declare and assign separately to avoid masking return values.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 14 Jul 2016 02:08:04 +0000 (12:08 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2059 ($ in printf format)
SC2059: Don't use variables in the printf format string.
Use printf "..%s.." "$foo".
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 13 Jul 2016 01:50:58 +0000 (11:50 +1000)]
ctdb-scripts: Avoid chellcheck warning SC2012 (ls for file list)
SC2012: Use find instead of ls to better handle non-alphanumeric filenames.
Make this cope better with unexpected whitespace.
Unfortunately, this results in shellcheck warning:
SC2035: Use ./*.tdb.* so names with dashes won't become options.
No! Then stat(1) will print ./file.tdb.X. We want the basenames and
we know the filenames don't start with dashes.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 12 Jul 2016 20:53:21 +0000 (06:53 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2012 (ls for file list)
SC2012: Use find instead of ls to better handle non-alphanumeric filenames.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 12 Jul 2016 03:27:08 +0000 (13:27 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2038 (find without -print0)
SC2038: Use -print0/-0 or -exec + to allow for non-alphanumeric filenames.
The suggested options aren't POSIX-compliant. This is more portable.
Base filenames can't have whitespace so rework to avoid problems with
whitespace in directory name.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 12 Jul 2016 02:15:12 +0000 (12:15 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2039 (non-portable ulimit options)
SC2039: In POSIX sh, ulimit -c/-n is not supported.
Have shellcheck suppress the warnings. If -n is not supported then
don't set CTDB_MAX_OPEN_FILES. If packaging for a platform where -c
is not supported then remove this code and associated documentation.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 12 Jul 2016 01:57:55 +0000 (11:57 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2039 (test -nt operator)
SC2039: In POSIX sh, -nt is not supported.
This script is specific to the Linux NFS implementation. The -nt
operator is well supported in Linux shells (e.g. dash, bash, ksh).
The alternatives (e.g. using stat(1)) would result in less readable
code.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 11 Jul 2016 10:53:56 +0000 (20:53 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2094 (read/write same file)
SC2094: Make sure not to read and write the same file in the same pipeline.
The semantics here are unclear, so use a separate flock file in each
case for clarity.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 6 Jul 2016 20:41:27 +0000 (06:41 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2039 (echo -n)
SC2039: In POSIX sh, echo flags are not supported.
echo -n is well supported but the changes are simple.
Improve some logic, replace some instances with printf. Who knew
printf was in POSIX?
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 6 Jul 2016 10:43:29 +0000 (20:43 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2039 (type command)
SC2039: In POSIX sh, 'type' is not supported.
type is commonly supported and is more portable than which(1).
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 6 Jul 2016 10:40:23 +0000 (20:40 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2015 (A && B || C)
SC2015: Note that A && B || C is not if-then-else. C may run when A is
true.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 6 Jul 2016 10:25:57 +0000 (20:25 +1000)]
ctdb-scripts: Avoid shellcheck warnings SC2119, SC2120 (function arguments)
SC2119: Use FUNC "$@" if function's $1 should meanscript's $1.
SC2120: FUNC references arguments, but none are ever passed.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 6 Jul 2016 10:17:26 +0000 (20:17 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2002 (useless cat)
SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 6 Jul 2016 10:14:03 +0000 (20:14 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2017 (arithmetic precision)
SC2017: Increase precision by replacing a/b*c with a*c/b.
This code intentionally rounds to an even value.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 6 Jul 2016 10:09:07 +0000 (20:09 +1000)]
ctdb-scripts: Avoid shellcheck warning SC1004 (backslash in quotes)
SC1004: You don't break lines with \ in single quotes, it results in
literal backslash-linefeed.
These don't hurt, since awk can cope with the continuations. However,
they don't add anything.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 6 Jul 2016 07:41:55 +0000 (17:41 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2154 (unassigned variables)
SC2154: VAR is referenced but not assigned.
Change ctdb_setup_service_state_dir(), ctdb_get_pnn() and
ctdb_get_ip_address() to print the value so it can be assigned to a
variable. The performance gain from avoiding the sub-shells when
calling these functions is close to zero.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 6 Jul 2016 07:31:51 +0000 (17:31 +1000)]
ctdb-scripts: Avoid shellcheck warnings SC2046, SC2086 (double-quoting)
SC2046: Quote this to prevent word splitting.
SC2086: Double quote to prevent globbing and word splitting.
Add some quoting where it makes sense. Use shellcheck directives for
false-positives.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 6 Jul 2016 07:16:44 +0000 (17:16 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2034 (unused variables)
SC2034: VAR appears unused. Verify it or export it.
Drop some variables that are unnecessarily used. Use shellcheck
directive for false-positives.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 6 Jul 2016 06:50:30 +0000 (16:50 +1000)]
ctdb-scripts: Avoid shellcheck warning SC2004 ($ in arithmetic)
SC2004: $/${} is unnecessary on arithmetic variables.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>