Volker Lendecke [Wed, 26 Mar 2014 13:32:16 +0000 (13:32 +0000)]
lib: Pull up lp_ctx use one level
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 26 Mar 2014 13:08:13 +0000 (13:08 +0000)]
lib: Fix blank line endings
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Guenter Kukkukk [Thu, 27 Mar 2014 23:05:02 +0000 (00:05 +0100)]
fix 2 typos
Signed-off-by: Guenter Kukkukk <linux@kukkukk.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Gregor Beck [Wed, 26 Mar 2014 08:30:24 +0000 (09:30 +0100)]
s3:rpcclient: fix build without HAVE_IPV6
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Amitay Isaacs [Fri, 28 Mar 2014 02:44:34 +0000 (13:44 +1100)]
ctdb-readonly: Do not use hard-coded value for readonly revoke timeout
In case of control timeouts, readonly revoke code currently aborts. This
needs to be fixed. Meanwhile, using control_timeout instead of 5 seconds,
increases the timeout to 60 seconds.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Mar 31 07:20:48 CEST 2014 on sn-devel-104
Stefan Metzmacher [Fri, 28 Mar 2014 09:24:56 +0000 (10:24 +0100)]
Revert "s4:tls_tstream: allow mode of SSL keyfile to be 0400, not only 0600"
This reverts commit
05c1fe50556e2330e23b7efb38e653428b9bdadf.
This was discussed here:
https://bugzilla.samba.org/show_bug.cgi?id=10392#c11
This generated warnings like:
invalid permissions on file
'/memdisk/metze/W/
b138235/samba/bin/ab/promoted_dc/private/tls/key.pem': has
0600 should be 0400'.
I think we need a better way. Maybe file_check_permissions()
should get allow_perms and deny_perms. And we would call it
with allow_perms = 0400 and deny_perms = 0177. And bits in none
of them are ignored.
For now we revert this and wait for a better fix.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 28 12:37:17 CET 2014 on sn-devel-104
Stefan Metzmacher [Thu, 13 Feb 2014 08:42:10 +0000 (09:42 +0100)]
s4:librpc/rpc: remember "ncalrpc_dir" on the dcerpc_pipe->binding
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 28 10:34:51 CET 2014 on sn-devel-104
Stefan Metzmacher [Thu, 27 Mar 2014 13:56:23 +0000 (14:56 +0100)]
pidl:Samba4/Python: add interface.abstract_syntax() to each interface
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 27 Mar 2014 13:57:29 +0000 (14:57 +0100)]
s4:pyrpc: add base.transfer_syntax_ndr*()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 27 Mar 2014 13:54:29 +0000 (14:54 +0100)]
s4:pyrpc: add py_dcerpc_syntax_init_helper()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 27 Mar 2014 12:08:22 +0000 (13:08 +0100)]
s4:librpc: compile python bindings for dcerpc.idl
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 27 Mar 2014 12:08:22 +0000 (13:08 +0100)]
dcerpc.idl: hide (ndr->flags & LIBNDR_FLAG_OBJECT_PRESENT) logic behind a define
This way we can alter the define depending on the generated code.
E.g python bindings won't have an 'ndr' struct available.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 26 Mar 2014 21:42:19 +0000 (22:42 +0100)]
dcerpc.idl: fix dcerpc_bind_nack definition
The version array is always present.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 26 Mar 2014 21:42:19 +0000 (22:42 +0100)]
dcerpc.idl: fix typo s/ist/int
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 19 Mar 2014 13:07:36 +0000 (14:07 +0100)]
dcerpc.idl: make use of DCERPC_NCA_S_* constants for the legacy DCERPC_FAULT_* codes
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 19 Mar 2014 13:14:36 +0000 (14:14 +0100)]
librpc/rpc: try to use DCERPC_NCA_S_* constants for error mappings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Amitay Isaacs [Thu, 27 Mar 2014 04:07:58 +0000 (15:07 +1100)]
ctdb-tests: Do not mix bool and int data types
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Mar 28 07:56:18 CET 2014 on sn-devel-104
Amitay Isaacs [Thu, 27 Mar 2014 04:11:09 +0000 (15:11 +1100)]
ctdb-tests: Use ctdb_fetch_lock instead of ctdb_fetch_lock_readonly
This will test that ctdb_fetch_lock correctly revokes readonly
delegations.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 27 Mar 2014 04:06:58 +0000 (15:06 +1100)]
ctdb-client: ctdb_fetch_lock should check for readonly delegations
When readonly delegations were added, ctdb_fetch_lock code should have
been modified to include the check for readonly flags.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Thu, 27 Mar 2014 05:26:21 +0000 (16:26 +1100)]
ctdb-tests: Fix and extend read-only records test
This test currently counts the number of read-only-enabled databases
and expects there to only be 1. It fails when there are existing
databases with read-only already enabled. Instead, check just the
test database.
Clean up the test by adding some functions to check for precisely the
read-only flags that should be set on a node after each operation.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 28 Feb 2014 04:54:54 +0000 (15:54 +1100)]
ctdb-tests: Add a new NFS tickle test
This one ensures that a newly started node gets an up-to-date tickle
list. Tweak some of the integration test functions to accommodate
this.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Amitay Isaacs [Mon, 10 Mar 2014 08:10:29 +0000 (19:10 +1100)]
ctdb-locking: Instead of comparing key, compare key hash
This replaces memory comparison of the key with integer comparison.
In addition, this also avoids scheduling locks with the same hash.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Mar 28 05:28:58 CET 2014 on sn-devel-104
Amitay Isaacs [Tue, 11 Mar 2014 07:57:08 +0000 (18:57 +1100)]
ctdb-locking: Check for talloc_memdup error
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 11 Mar 2014 07:56:22 +0000 (18:56 +1100)]
ctdb-locking: Avoid memory leak
If lock_request could not be allocated, free lock_ctx since there can
only be a single lock_request per lock_ctx.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Volker Lendecke [Mon, 24 Mar 2014 14:53:36 +0000 (14:53 +0000)]
smbd: Use asys_results
When multiple aio requests finish simultaneously, this saves a few syscalls
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 27 08:05:46 CET 2014 on sn-devel-104
Volker Lendecke [Mon, 24 Mar 2014 14:36:34 +0000 (14:36 +0000)]
asys: Allow multiple results to be received
This makes use of C99 dynamic arrays. In this performance-sensitive code, I
would like to avoid malloc/free, and I think 15 years after the standard we
might be able to use this feature. Alternatively, we could use the "results"
memory area and store the jobids in the upper range, playing some cast-tricks.
Should work as well.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 24 Mar 2014 10:39:56 +0000 (10:39 +0000)]
pthreadpool: Allow multiple jobs to be received
This can avoid syscalls when multiple jobs are finished simultaneously
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 21 Mar 2014 16:53:26 +0000 (17:53 +0100)]
pthreadpool: Avoid a malloc/free per job
pthreadpool_add_job is in our hottest code path for r/w intensive workloads, so
we should avoid anything CPU-intensive. pthreadpool used to malloc each job and
free it in the worker thread. This patch adds a FIFO queue for jobs that helper
threads copy from, avoiding constant malloc/free. This cuts user space
CPU in the local-bench-pthreadpool benchmark by roughly 10% on my system.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 24 Mar 2014 09:40:20 +0000 (09:40 +0000)]
pthreadpool: Add a simple benchmark
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 28 Aug 2013 04:49:26 +0000 (06:49 +0200)]
auth/gensec/spnego: map SPNEGO_REJECT to NT_STATUS_LOGON_FAILURE
This is what NTLMSSP also gives.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 27 02:34:36 CET 2014 on sn-devel-104
Stefan Metzmacher [Fri, 13 Dec 2013 18:56:13 +0000 (19:56 +0100)]
auth/gensec: remove tevent_context argument from gensec_update()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 13 Dec 2013 18:37:32 +0000 (19:37 +0100)]
s4:ntlm_auth: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 13 Dec 2013 18:37:21 +0000 (19:37 +0100)]
s4:rpc_server: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 13 Dec 2013 18:37:00 +0000 (19:37 +0100)]
s4:smb_server: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 13 Dec 2013 18:36:41 +0000 (19:36 +0100)]
s4:librpc: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 13 Dec 2013 18:36:25 +0000 (19:36 +0100)]
s4:libcli: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 13 Dec 2013 18:35:52 +0000 (19:35 +0100)]
s4:ldap_server: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 13 Dec 2013 18:35:34 +0000 (19:35 +0100)]
s4:kdc: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 13 Dec 2013 18:35:07 +0000 (19:35 +0100)]
s4:dns_server: make use of gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 13 Dec 2013 19:05:11 +0000 (20:05 +0100)]
auth/gensec: make use of gensec_update_ev() in spnego.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 13 Dec 2013 18:18:48 +0000 (19:18 +0100)]
auth/gensec: add a gensec_update_ev() function
This is the current gensec_update() which takes an optional
tevent_context structure and allows semi-async code.
This is just a temporary solution on the way to kill
the semi-async code completely, by using gensec_update_send/recv.
By providing a gensec_update_ev(), we can remove the explicit
tevent_context from gensec_update() and fix all the sane callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 13 Dec 2013 18:12:50 +0000 (19:12 +0100)]
s4:pygensec: don't pass an explicit tevent_context to gensec_update()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 13 Dec 2013 09:00:24 +0000 (10:00 +0100)]
auth/gensec: fix gensec_update() with ev == NULL.
In future we should remove the tevent_context argument from
gensec_update() completely!
If we have sane backends we should also remove the
tevent_loop_allow_nesting() call again!
t
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Felix Botner [Mon, 24 Feb 2014 13:08:25 +0000 (14:08 +0100)]
samba-tool dbcheck: handle missing objectClass
In several cases we have seen objects without the objectClass attribute.
Here the suggestion for a patch to find such objects in "samba-tool dbcheck"
with the option to delete them.
(patch improved by Andrew Bartlett to suggest DRS re-replication)
Signed-off-by: Felix Botner <botner@univention.de>
Change-Id: I8eb0d191a2089271a9af5884d6bfbf173a5c85c6
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 25 Mar 2014 23:46:57 +0000 (12:46 +1300)]
dsdb: Improve missing objectClass handling
This attempts to permit deletion of objects that have no objectClass
to allow dbcheck to clean up a corrupt database. It is not complete,
the replmd_replPropertyMetaDataCtr1_sort_and_verify() call will still
fail, but this is as much as is safe to do without a way to replicate
the original issue.
Andrew Bartlett
Change-Id: If0b6c7f18e8aee587e6b3b4af878a0145f5eac37
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 25 Mar 2014 23:48:17 +0000 (12:48 +1300)]
dsdb: Improve errors and checks for missing objectClass values
Change-Id: I8c4ac679accc90748d20c9c86986b127c939fa75
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 21 Mar 2014 03:56:19 +0000 (16:56 +1300)]
dsdb: Clarify how the DSDB_REPL_FLAG_PRIORITISE_INCOMING flag works
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: Ib9f2f4ba417dbf0ee24b6e7db02d78a9bfe8850c
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 21 Mar 2014 03:26:48 +0000 (16:26 +1300)]
dsdb: Do not update notify_uSN until the transaction is genuinely committed to the DB
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: I734bc75ed348de8f0a5ff92e18e08de2340b8951
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Martin Schwenke [Mon, 17 Mar 2014 05:06:48 +0000 (16:06 +1100)]
ctdb-tests: Add NAT gateway eventscript unit tests for static routes
Signed-off-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Mar 26 06:24:01 CET 2014 on sn-devel-104
Martin Schwenke [Fri, 7 Mar 2014 04:33:17 +0000 (15:33 +1100)]
ctdb-eventscripts: CTDB_NATGW_STATIC_ROUTES can specify gateways
Extend CTDB_NATGW_STATIC_ROUTES so that each network can have an
optional gateway that overrides CTDB_NATGW_DEFAULT_GATEWAY.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Fri, 7 Mar 2014 04:11:36 +0000 (15:11 +1100)]
ctdb-eventscripts: New configuration variable CTDB_NATGW_STATIC_ROUTES
This can be used to create more specific NATGW routes than the usual
NATGW default route.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Fri, 7 Mar 2014 03:14:16 +0000 (14:14 +1100)]
ctdb-eventscripts: Clarify that CTDB_NATGW_DEFAULT_GATEWAY is optional
This has been implied since the command to add the route has had
errors redirected to /dev/null. If infrastucture (e.g. ADS, DNS) is
on the same network as CTDB_NATGW_PUBLIC_IP then no route is
necessary.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Fri, 7 Mar 2014 03:07:17 +0000 (14:07 +1100)]
ctdb-eventscripts: Improve check in NATGW "startup" event
Although the dots in $CTDB_NATGW_PUBLIC_IP could probably only help
match an invalid public IP address, this is only executed once so do
as exact a check as possible.
Use CTDB_BASE instead of hardcoding /etc/ctdb.
Make the error message less redundant.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Fri, 7 Mar 2014 02:55:47 +0000 (13:55 +1100)]
ctdb-eventscripts: Reformat natgw_clear()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Fri, 7 Mar 2014 02:47:43 +0000 (13:47 +1100)]
ctdb-eventscripts: Rename some NAT gateway functions
delete_all() really needed renaming for clarity. While doing this,
might as well rename some of the others that don't start with
"natgw_".
Signed-off-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Sun, 16 Mar 2014 19:15:39 +0000 (06:15 +1100)]
ctdb-tests: Add a test for NAT gateway sanity checking
Signed-off-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Fri, 7 Mar 2014 02:43:17 +0000 (13:43 +1100)]
ctdb-eventscripts: Sanity check NAT gateway configuration
NAT gateway really can't operate unless most of the configuration
variables are set.
A check in delete_all() can be removed - strange that this isn't also
done in the add case.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Fri, 7 Mar 2014 02:35:03 +0000 (13:35 +1100)]
ctdb-eventscripts: Improve readability of NAT gateway update code
Put the code into a couple of usefully named functions.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Fri, 14 Mar 2014 05:29:01 +0000 (16:29 +1100)]
ctdb-tests: Add some tests for 11.natgw eventscript
This includes adding support for:
* Configuring fake NATGW state in the eventscript unit tests
* "natgwlist" and "setnatgwstate" in ctdb command stub
* ip command stub to default to "main table" when no table specified,
allow routes to be added without "dev" option (just add a default
dev), support "metric" option
Signed-off-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Fri, 7 Mar 2014 02:37:21 +0000 (13:37 +1100)]
ctdb-eventscripts: Use set_proc() to update /proc
In case we want to write some unit tests in the future.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Andrew Bartlett [Thu, 20 Mar 2014 23:42:46 +0000 (12:42 +1300)]
selftest: Remove print_smbtorture4_version and smbtorture4_possible check
smbtorture is now always the same version as the rest of Samba, and is strictly required.
Andrew Bartlett
Change-Id: I89d9c52275477177fa8a89050920ff8a2fec9288
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 26 04:20:16 CET 2014 on sn-devel-104
Andrew Bartlett [Mon, 24 Mar 2014 04:15:19 +0000 (17:15 +1300)]
dsdb: Do checks for invalid renames in samldb, before repl_meta_data
This ensures that conflict objects can be created in CN=System, and
that we do not stop replication just because some other DC allowed a
rename we do not like.
This is achived by doing the work in the samldb module, which is above
repl_meta_data in the stack.
Andrew Bartlett
Change-Id: I8c1a7d3e0fbd5a470cf1326cc055044ca885f7d9
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Guenter Kukkukk <kukks@samba.org>
Tested-by: Guenter Kukkukk <kukks@samba.org>
Björn Baumbach [Wed, 19 Mar 2014 14:01:11 +0000 (15:01 +0100)]
s3-nmbd: reset debug settings after reading config file (bug #10239)
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 25 18:29:06 CET 2014 on sn-devel-104
Jeremy Allison [Sun, 23 Mar 2014 04:23:48 +0000 (21:23 -0700)]
s3: smbd: Factor out code that calls getgroups_unix_user() into a separate function.
This code needs to special-case the guest user, as
this token can have the token_sid[0] set to the Guest
SID, not the mapping of UNIX uid -> SID.
Other users that may have a well-known SID
set in token_sid[0] (like SYSTEM) are usually
not mappable to UNIX users and can be ignored
when adding local groups from /etc/group.
Found by <linux@kukkukk.com>.
Second part of the bugfix for:
https://bugzilla.samba.org/show_bug.cgi?id=10508
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 25 Jan 2014 10:14:36 +0000 (11:14 +0100)]
s4:librpc/rpc: use dcerpc_binding_get_object() in order to pass the object to the epmapper
This way we'll be able to do epmapper lookups for the DFS-R (MS-FRS2) endpoint, by using
"
5bc1ed07-f5f5-485f-9dfd-
6fd0acf9a23c@ncacn_ip_tcp:hostname.exmple.com[krb5,seal]"
as binding.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 25 02:43:39 CET 2014 on sn-devel-104
Stefan Metzmacher [Fri, 7 Feb 2014 21:17:43 +0000 (22:17 +0100)]
s4:librpc/tests: assert the the abstract syntax has the expected value (null)
This makes sure that it's not mixed with the object guid anymore.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 11 Mar 2014 07:49:07 +0000 (08:49 +0100)]
librpc/rpc: finally maintain only the object guid
This has nothing to do with ndr_syntax_id...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 4 Feb 2014 12:52:26 +0000 (13:52 +0100)]
librpc/rpc: maintain "abstract_syntax" as string option of dcerpc_binding
This should not be mixed with the object guid! They are different things!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Mon, 10 Mar 2014 14:52:49 +0000 (15:52 +0100)]
s4:librpc/tests: reset the object on the binding created from the tower
The tower doesn't contain information about the object only about
the abstract syntax.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 16 Jan 2014 07:23:47 +0000 (08:23 +0100)]
s4:torture/raw: fix debug message in torture_raw_qfileinfo_pipe()
We no longer use dcerpc_pipe_open_smb() there.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Jan 2014 10:19:15 +0000 (11:19 +0100)]
s4:torture/rpc: make use of dcerpc_binding_handle_auth_info() in backupkey.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Jan 2014 10:19:15 +0000 (11:19 +0100)]
s4:torture/rpc: make use of dcerpc_binding_handle_auth_info() in lsa.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Jan 2014 10:18:35 +0000 (11:18 +0100)]
s4:torture/rpc: fix altercontext test against windows
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Jan 2014 11:22:30 +0000 (12:22 +0100)]
s4:torture/rpc: remove bogus rpc.multibind test
We can later add a more useful test that tests
security context multiplexing correctly.
And another one that demonstrates that only DCERPC_BIND
must be the first (and only the first) PDU on a connection.
Otherwise DCERPC_ALTER_CONTEXT is used.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Jan 2014 11:21:50 +0000 (12:21 +0100)]
s4:selftest: don't run rpc.multibind anymore
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Jan 2014 13:14:12 +0000 (14:14 +0100)]
s4:dsdb/repl: make use of dcerpc_binding_handle_is_connected()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 13 Feb 2014 17:55:48 +0000 (18:55 +0100)]
s4:librpc/test: test ipv6 addresses in dcerpc_binding strings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 13 Feb 2014 17:55:10 +0000 (18:55 +0100)]
librpc/rpc: handle ipv6 addresses without transport in dcerpc_parse_binding()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 11 Mar 2014 15:28:16 +0000 (16:28 +0100)]
librpc/rpc: add "schannel" => DCERPC_SCHANNEL as ncacn_option
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 13 Feb 2014 17:00:36 +0000 (18:00 +0100)]
s4:librpc/tests: add more no transport tests
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 13 Feb 2014 18:51:30 +0000 (19:51 +0100)]
lib/util: let is_ipaddress_v6() cope with "fe80::1234%3"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 16 Jan 2014 08:22:53 +0000 (09:22 +0100)]
s4:librpc/rpc: correctly map the fault code of alter context to NTSTATUS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 23 Jan 2014 08:48:20 +0000 (09:48 +0100)]
s4:librpc/rpc: remove unused dcecli_connection->binding_string
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 23 Jan 2014 08:46:55 +0000 (09:46 +0100)]
s4:torture/rpc: avoid using dcecli_connection->binding_string
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 18 Mar 2014 06:07:13 +0000 (07:07 +0100)]
librpc/rpc: use dcerpc_binding_set_string_option(b, "endpoint", NULL) to reset the endpoint
We should always go through just one code path to [re]set a value.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 18 Mar 2014 06:07:13 +0000 (07:07 +0100)]
librpc/rpc: let dcerpc_binding_set_transport() also reset the assoc_group_id
This is transport/endpoint specific.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sun, 16 Mar 2014 10:50:39 +0000 (11:50 +0100)]
libcli/smb: reuse tstream_smbXcli_np_disconnect_send/recv as helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sun, 16 Mar 2014 10:50:39 +0000 (11:50 +0100)]
libcli/smb: add tstream_smbXcli_np_disconnect_cleanup() to handle talloc_free(req)
If the tevent_req of tstream_smbXcli_np_disconnect_* is explicitly or
implicitly free'ed, we need to make sure we still deliver the
close request to the server! Otherwise the SMB signing sequence gets out of
sync.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 22 Jan 2014 10:29:15 +0000 (11:29 +0100)]
libcli/smb: make TSTREAM_SMBXCLI_NP_MAX_BUF_SIZE public
This should be used to negotiate the may fragment size
of DCERPC connections.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 11 Mar 2014 13:29:46 +0000 (14:29 +0100)]
libcli/smb: keep references to smbXcli_{conn,session,tcon} in tstream_smbXcli_np
This fixes some valgrind errors when the smbXcli_tcon disappears before the
smbXcli_conn.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 11 Mar 2014 14:05:37 +0000 (15:05 +0100)]
s4:torture/rpc: fix error path in torture_leave_domain()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
David Disseldorp [Mon, 24 Mar 2014 15:46:10 +0000 (16:46 +0100)]
librpc: inline CHECK_SYNTAX macro logic
The CHECK_SYNTAX macro is currently used to compare ndr_syntax_ids and
return false on mismatch. Macros affecting control flow are evil!
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar 24 21:46:39 CET 2014 on sn-devel-104
David Disseldorp [Mon, 24 Mar 2014 15:46:09 +0000 (16:46 +0100)]
librpc: inline VT CHECK macro logic
The CHECK macro is currently used to dump error and return false on
VT condition check failure. Macros affecting control flow are evil!
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Mon, 24 Mar 2014 15:46:08 +0000 (16:46 +0100)]
librpc: split type specific VT checks into helpers
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Disseldorp [Mon, 24 Mar 2014 15:46:07 +0000 (16:46 +0100)]
librpc: dump correct ndr_syntax_id on VT check failure
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Tue, 21 Jan 2014 13:34:48 +0000 (14:34 +0100)]
s3:build: remove global CLUSTER_SUPPORT define
All ctdb specific code is isolated in samba-cluster-support.so now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 24 19:08:44 CET 2014 on sn-devel-104
Stefan Metzmacher [Tue, 21 Jan 2014 14:26:28 +0000 (15:26 +0100)]
s3:wscript: only build ctdb_dummy.c if we have no cluster support
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Tue, 8 Oct 2013 10:56:02 +0000 (12:56 +0200)]
s3:wscript: only fill in CTDB_CFLAGS instead of config.h
Only files in 'samba3-ctdb-client' will see HAVE_CTDB* defines.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Tue, 8 Oct 2013 10:11:49 +0000 (12:11 +0200)]
s3:wscript: don't add ctdb include dir globally
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Stefan Metzmacher [Tue, 8 Oct 2013 13:31:17 +0000 (15:31 +0200)]
s3:serverid: use ctdb_serverids_exist_supported() runtime check
This is better than a compile time check for
HAVE_CTDB_CONTROL_CHECK_SRVIDS_DECL.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>