Martin Schwenke [Sat, 3 Dec 2016 14:02:24 +0000 (01:02 +1100)]
ctdb-tests: Implement GET_PUBLIC_IP_INFO control in fake_ctdbd
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sat, 3 Dec 2016 13:59:29 +0000 (00:59 +1100)]
ctdb-tests: Factor out get_ctdb_iface_list()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sat, 3 Dec 2016 06:11:25 +0000 (17:11 +1100)]
ctdb-tests: Add public IP state to fake_ctdbd
Read it via a PUBLICIPS section.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sat, 3 Dec 2016 05:20:01 +0000 (16:20 +1100)]
ctdb-tests: Factor out reading of known public IP addresses
One change in behaviour is to actually copy the known IPs per node
instead of just assigning the pointer. When this is used by
fake_ctdbd the resulting structure will be used to keep state for
individual nodes, so data for nodes needs to be independent.
Also, drop some asserts in the factored code and do (slightly) better
error handling.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 8 Dec 2016 00:41:31 +0000 (11:41 +1100)]
ctdb-tests: Allow FAKE_CTDBD_DEBUGLEVEL to be specified
This is useful for debugging when doing developer testing.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 12 Dec 2016 05:43:43 +0000 (16:43 +1100)]
ctdb-tests: Make fake_ctdbd use logging_init()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 10 Nov 2016 05:11:12 +0000 (16:11 +1100)]
ctdb-client: Add available-only option public IP fetching
Update tool accordingly.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 10 Nov 2016 05:09:24 +0000 (16:09 +1100)]
ctdb-protocol: Move CTDB_PUBLIC_IP_FLAGS_ONLY_AVAILABLE to protocol.h
The protocol code needs it.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Amitay Isaacs [Sat, 17 Sep 2016 14:24:47 +0000 (00:24 +1000)]
ctdb-daemon: Remove ctdb_event_helper
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sun Dec 18 18:10:50 CET 2016 on sn-devel-144
Amitay Isaacs [Fri, 16 Sep 2016 10:06:07 +0000 (20:06 +1000)]
ctdb-daemon: Switch to using event daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Sat, 27 Aug 2016 07:26:28 +0000 (17:26 +1000)]
ctdb-daemon: Add functions to talk to event daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 16 Sep 2016 08:44:37 +0000 (18:44 +1000)]
ctdb-daemon: Refactor check for valid events during recovery
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 12 Sep 2016 01:33:02 +0000 (11:33 +1000)]
ctdb-protocol: Deprecate eventscript controls
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 23 Nov 2016 01:28:24 +0000 (12:28 +1100)]
ctdb-protocol: Drop marshaling for eventscript controls
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 12 Sep 2016 01:32:20 +0000 (11:32 +1000)]
ctdb-client: Drop client code for eventscript controls
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 12 Sep 2016 01:25:11 +0000 (11:25 +1000)]
ctdb-daemon: Drop implementation of eventscript controls
Following controls are now implemented by event daemon
- RUN_EVENTSCRIPTS
- GET_EVENT_SCRIPT_STATUS
- ENABLE_SCRIPT
- DISABLE_SCRIPT
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 12 Sep 2016 01:31:35 +0000 (11:31 +1000)]
ctdb-tool: Drop disablescript, enablescript and eventscript commands
These commands are now replaced with ctdb event ...
ctdb scriptstatus is maintained for backward compatibility.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 21 Nov 2016 03:52:41 +0000 (14:52 +1100)]
ctdb-tool: Add new command "event" to ctdb tool
This command covers all the commands to event daemon.
ctdb event run <event>
ctdb event status [<event>] [lastrun|lastfail|lastpass]
ctdb event script list
ctdb event script enable <script>
ctdb event script disable <script>
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 6 Sep 2016 08:53:02 +0000 (18:53 +1000)]
ctdb-tests: Add tests for event daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 21 Nov 2016 06:39:02 +0000 (17:39 +1100)]
ctdb-tool: Add helper for talking to event daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 31 Aug 2016 15:07:47 +0000 (01:07 +1000)]
ctdb-client: Add client api for eventd communication
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Sat, 27 Aug 2016 07:26:52 +0000 (17:26 +1000)]
ctdb-eventd: Add event script handling daemon
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 31 Aug 2016 07:02:55 +0000 (17:02 +1000)]
ctdb-protocol: Add marshalling for eventd protocol
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 31 Aug 2016 05:49:27 +0000 (15:49 +1000)]
ctdb-protocol: Add data types for eventd communication
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Sat, 3 Sep 2016 13:27:23 +0000 (23:27 +1000)]
ctdb-common: Add sock_daemon abstraction
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 16 Sep 2016 06:13:18 +0000 (16:13 +1000)]
ctdb-common: Add generic socket I/O
This is a generic socket read/write to be used in the ctdb daemon.
It is based on ctdb_io.c and comm.c.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 30 Aug 2016 07:33:42 +0000 (17:33 +1000)]
ctdb-common: Add run_proc abstraction
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 31 Aug 2016 05:46:45 +0000 (15:46 +1000)]
ctdb-protocol: Add marshalling for int32_t
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 30 Aug 2016 15:33:38 +0000 (01:33 +1000)]
ctdb-protocol: Fix marshalling of string with length
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 21 Nov 2016 06:38:18 +0000 (17:38 +1100)]
ctdb-tool: Improve error reporting if helper execution fails
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 21 Nov 2016 03:36:04 +0000 (14:36 +1100)]
ctdb-tool: Allow passing multiple command-line arguments to helper
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Stefan Metzmacher [Fri, 16 Dec 2016 10:09:16 +0000 (11:09 +0100)]
selftest: make sure we always export KRB5CCNAME
We should not risk the usage of the users global ccache!
This results in unpredictable effects for the user and
selftest itself.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Dec 17 22:58:28 CET 2016 on sn-devel-144
Stefan Metzmacher [Thu, 15 Dec 2016 09:31:50 +0000 (10:31 +0100)]
selftest: also export TMPDIR
This should hopefully avoid usage of /tmp.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 16 Dec 2016 12:35:36 +0000 (13:35 +0100)]
script/autobuild.py: create tmpdir for each try and export it as TMPDIR
This way the compiler and other tools hopefully don't use /tmp
anymore.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 16 Dec 2016 12:35:01 +0000 (13:35 +0100)]
script/autobuild.py: cleanup testbase/prefix before each retry
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 16 Dec 2016 12:33:42 +0000 (13:33 +0100)]
script/autobuild.py: remove pointless mkdir/rmdir commands
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 16 Dec 2016 12:30:57 +0000 (13:30 +0100)]
script/autobuild.py: don't add subdirs of testbase to cleanup_list
We already have testbase in there.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 15 Dec 2016 17:10:22 +0000 (18:10 +0100)]
vfs_gpfs: simplify stat_with_capability() ifdef
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Dec 17 12:58:07 CET 2016 on sn-devel-144
Ralph Boehme [Mon, 28 Nov 2016 11:22:04 +0000 (12:22 +0100)]
vfs_gpfs: remove updating btime from stat VFS calls
This is now handled by the vfs_gpfs_(f)get_dos_attributes. Getting rid
of this in the stat VFS functions is a huge performance saver. perf
report found that in a kernel copy workload smbd was spending
considerable CPU time in vfs_gpfs_(f|l)stat -> gpfs_get_winattrs.
Most of the time the VFS stat caller is not interested in the btime. The
SMB frontend processing around btime is designed to fetch btime together
with DOS attributes via dos_mode() in all places that need these
attributes. That's the way it is implemented in the default VFS module
and that's what vfs_gpfs now does as well for performance reasons.
This makes vfs_gpfs_fstat a null op and I'm therefor removing it.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Ralph Boehme [Thu, 15 Dec 2016 06:09:58 +0000 (07:09 +0100)]
vfs_gpfs: update btime in vfs_gpfs_(f)get_dos_attributes
This paves the way for removing btime updates from the stat VFS
functions.
This way we behave like the default VFS module where DOS attributes and
btime are fetched from the same backing store and the frontend is
designed around using dos_mode() -> SMB_VFS_GET_ATTRIBUTES to update
both attributes as necessary in the SMB processing.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Volker Lendecke [Mon, 5 Dec 2016 15:31:56 +0000 (15:31 +0000)]
idmap_autorid: Simplify idmap_autorid_loadconfig
autorid_global_config is a fixed small structure that can be stack-allocated.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Dec 16 21:30:28 CET 2016 on sn-devel-144
Volker Lendecke [Mon, 5 Dec 2016 15:29:06 +0000 (15:29 +0000)]
idmap_autorid: Fix a small memleak
Not long-term, all callers free our "mem_ctx" immediately
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 2 Dec 2016 15:37:49 +0000 (15:37 +0000)]
idmap_autorid: Fix a race condition when acquiring ranges
Here we are in a transaction to create a range, but we already found
one to exist. We need to return the information about this range to the
caller, just as we do when actually allocating the range. This does not
hit us with current code, as we just have one idmap child. However, if
we parallelize that, two children might have found a domain to not exist
and call idmap_autorid_acquire_range simultaneously. One will create
the range, the other one will find it to already exist. The second child
will also have to pass the info up.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 2 Dec 2016 15:25:10 +0000 (15:25 +0000)]
idmap_autorid: Use acquire_range directly
idmap_autorid_get_domainrange is reading again for an existing mapping. We
know we need to allocate here, so avoid passing down that r/o boolean :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 2 Dec 2016 15:11:24 +0000 (15:11 +0000)]
idmap_autorid: Make idmap_autorid_acquire_range public
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 2 Dec 2016 14:10:34 +0000 (14:10 +0000)]
idmap_autorid: Fix checks for valid domains to allocate ranges for
The tdc cache is not reliable. The main dynamic check is
netsamlogon_cache_have: The only reliable way to see a domain as valid
for allocating a range for is a successful login. With a recent addition
to netsamlogon_cache_store, we can now reliably tell from there whether
a domain is trusted.
This also adds a few heuristic checks, such as allocation for the local
domains and additional ranges where we already have a mapping for range
index 0 for.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 2 Dec 2016 14:10:00 +0000 (14:10 +0000)]
idmap_autorid: Add ntstatus to a debug message
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 2 Dec 2016 12:18:06 +0000 (12:18 +0000)]
idmap_autorid: Only look at the tdc cache when allocating ranges
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 2 Dec 2016 12:14:17 +0000 (12:14 +0000)]
idmap_autorid: Do a readonly attempt before looking at the tdc cache
If autorid.tdb already has a mapping for a domain range, we can just
return that. Even if the volatile tdc cache at this point does not have
the domain, we should return a correct mapping.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 2 Dec 2016 10:58:35 +0000 (10:58 +0000)]
idmap_autorid: idmap_autorid_sid_to_id_rid only uses rangesize from "global"
Simplification -- from the callers perspective looks like a complex
routine which it is not
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Fri, 2 Dec 2016 10:58:35 +0000 (10:58 +0000)]
idmap_autorid: idmap_autorid_sid_to_id_rid only uses low_id from "range"
Simplification -- from the callers perspective looks like a complex
routine which it is not
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Thu, 1 Dec 2016 16:24:51 +0000 (16:24 +0000)]
idmap_autorid: Tighten idmap_autorid_id_to_sid a bit
We should only allow '#' as a sid/range-number separator in autorid.tdb.
The logic might be a bit clumsy. But the switch statement with failure
fall thru was the clearest I could come up with.
Signed-off-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Thu, 1 Dec 2016 13:29:29 +0000 (13:29 +0000)]
idmap_autorid: Fix a comment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Thu, 1 Dec 2016 13:28:01 +0000 (13:28 +0000)]
idmap_autorid: Protect against dsize==0
Not sure it can happen, but you never know...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Wed, 30 Nov 2016 17:43:44 +0000 (18:43 +0100)]
idmap_tdb: Harden idmap_tdb_common_unixid_to_sid
A non-null terminated record would make string_to_sid read beyond the
end of allocated data.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Wed, 30 Nov 2016 17:35:55 +0000 (18:35 +0100)]
idmap_autorid: Slightly simplify idmap_autorid_unixids_to_sids
Avoid an else branch where it's not necessary
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Mon, 5 Dec 2016 14:38:14 +0000 (14:38 +0000)]
samlogon_cache: Rename "user_sid" to "sid"
This is no longer just a user, we can also check for domains
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Thu, 1 Dec 2016 20:46:47 +0000 (20:46 +0000)]
samlogon_cache: Add the user's domain sid into the samlogon_cache
This will be used by autorid and possibly others instead of the tdc
cache. The only reliable way to find a domain to be trusted is via a
successful login. We indicate successful login via a netsamlogon_cache.tdb
entry. This patch also adds the user's domain sid with an entry, so we
can check for that existence without traversing the cache.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Volker Lendecke [Thu, 1 Dec 2016 20:45:35 +0000 (20:45 +0000)]
samlogon_cache: Simplify netsamlogon_cache_have
We're interested in existence only, we should be able to trust the data
format consistency for this type of query.
netsamlogon_cache_get calls netsamlogon_cache_init for us, now we have
to do it directly.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Björn Jacke [Fri, 16 Dec 2016 10:16:56 +0000 (11:16 +0100)]
pam_winbind: Fix compiler warnings
Thanks to Stef Walter <stefw@gnome.org>
BUG: http://bugzilla.samba.org/show_bug.cgi?id=8888
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Dec 16 16:22:32 CET 2016 on sn-devel-144
Martin Schwenke [Tue, 13 Dec 2016 00:16:05 +0000 (11:16 +1100)]
ctdb-tools: Don't trust non-hosting nodes in "ctdb ip all"
Redundant RELEASE_IPs gives nodes a preview of where an IP address
will move to. However, if the associated TAKEOVER_IP fails then the
node will actually be unhosted.
This is similar to commit
77a29b37334b9df62b755b6f538fb975e105e1ff.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12470
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Dec 16 12:32:02 CET 2016 on sn-devel-144
Martin Schwenke [Thu, 8 Dec 2016 00:37:06 +0000 (11:37 +1100)]
ctdb-tools: Print PNN as int in "ctdb ip -v"
Otherwise it prints
4294967295 for the PNN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12470
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 8 Dec 2016 00:35:23 +0000 (11:35 +1100)]
ctdb-tools: Skip GET_PUBLIC_IP_INFO for unassigned addresses
The GET_PUBLIC_IP_INFO control fails for unassigned addresses because
PNN is CTDB_UNKNOWN_PNN.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12470
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 8 Dec 2016 00:29:13 +0000 (11:29 +1100)]
ctdb-tools: Fix memory corruption in "ctdb ip -v"
First argument to talloc_asprintf_append() is the string being
appended to, not a talloc context.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12470
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 6 Dec 2016 22:23:02 +0000 (09:23 +1100)]
ctdb-tools: Fix sort order of "ctdb ip" output
The new hash-table-based method of merging the IP information does not
sort, whereas the RB-tree method implicitly sorted. This probably
only really matters for the "all" case, but sort regardless to ensure
consistent output format.
Sorting has to be done here instead of when printing to ensure
consistency between ip[] and ipinfo[].
No longer reverse the sort order.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12470
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 23 May 2016 01:53:26 +0000 (11:53 +1000)]
ctdb-tests: Add unit test for protocol utilities
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12470
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 23 May 2016 00:35:10 +0000 (10:35 +1000)]
ctdb-protocol: Add generalised socket address comparison
Add new function ctdb_sock_addr_cmp(), which returns a 3-way result
useful for qsort(3). Reimplent ctdb_sock_addr_same() using this.
In the process, make arguments const so that ctdb_sock_addr_cmp() can
be used with qsort().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12470
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 14 Dec 2016 23:17:25 +0000 (10:17 +1100)]
ctdb-tests: Fix "ctdb reloadips" simple test
The name of the addresses file to modify is based on the original
selection of a test node at the top of the test. Repeating the
selection a test node can result in a mismatch between the new test
node and the addresses file. This occurs on local daemons, because
the addresses file name has the original node number in it but the
test is being performed on the the newly selected node number.
For some reason this test has only occasionally failed. An upcoming
commit that stops the output of "ctdb ip" from being reversed causes
this test to fail (nearly?) every time.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12470
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Amitay Isaacs [Tue, 30 Aug 2016 07:27:47 +0000 (17:27 +1000)]
ctdb-build: Remove unnecessary intermediate build target
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Fri, 9 Dec 2016 03:38:38 +0000 (14:38 +1100)]
ctdb-tests: Do not remove event script dir before shutting down ctdb
When the test is over, the exit_hook will remove the temporary event
script directory and then CTDB is restarted. Explicitly shutting down
CTDB ensures that event script directory is not removed while CTDB is
still running.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 23 Nov 2016 00:46:18 +0000 (11:46 +1100)]
ctdb-tests: Display filtered output when the test fails
This simplifies comparing the output to the expected output.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 13 Sep 2016 02:50:13 +0000 (12:50 +1000)]
ctdb-daemon: Move function typedef to where it's used
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 14 Dec 2016 04:09:24 +0000 (15:09 +1100)]
ctdb-scripts: Drop ctdb_check_service_reconfigure
This gets rid of implicit check if a service needs to configured. As a
side effect, we also get rid of the monitor "replay" which was
introduced to avoid a collision between a script executed via event and
manually. Event scripts are not expected to be run by hand.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 14 Dec 2016 04:06:45 +0000 (15:06 +1100)]
ctdb-scripts: Add explicit check for service reconfiguration
This will help get rid of implicit ctdb_service_check_reconfigure.
We still need to keep "reconfigure" event in 13.per_ip_routing, so that
the per ip routing can be refreshed if the configuration has changed.
The correct fix for this is to add caching of configuration and checking
of configuration changes in "ipreallocated" event.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Thu, 15 Dec 2016 04:25:14 +0000 (15:25 +1100)]
ctdb-scripts: Drop some tests for "reconfigure" event and monitor replay
These features are going away. There is nothing to reconfigure for
NFS anyway.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Andreas Schneider [Thu, 15 Dec 2016 09:33:59 +0000 (10:33 +0100)]
testsuite: Add cmocka unit test for smb_krb5_kt_open()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 16 05:43:12 CET 2016 on sn-devel-144
Andreas Schneider [Wed, 14 Dec 2016 15:44:10 +0000 (16:44 +0100)]
docs: Update doc to use absolute path for 'dedicated keytab file'
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 14 Dec 2016 15:40:23 +0000 (16:40 +0100)]
krb5_wrap: Remove incorrect absolute path checks in smb_krb5_kt_open_relative()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 14 Dec 2016 15:37:17 +0000 (16:37 +0100)]
krb5_wrap: More checks for absolute path in smb_krb5_kt_open()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 14 Dec 2016 15:43:53 +0000 (16:43 +0100)]
s3:crypto: Use smb_krb5_kt_open_relative() for MEMORY keytab
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Mon, 12 Dec 2016 23:25:12 +0000 (12:25 +1300)]
selftest: test new "lsa over netlogon" smb.conf option
This proves we can act like Windows and over lsarpc over netlogon if we want
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 15 12:11:09 CET 2016 on sn-devel-144
Andrew Bartlett [Mon, 12 Dec 2016 20:06:25 +0000 (09:06 +1300)]
s4-rpc_server: Add back support for lsa over \\pipe\\netlogon optionally
The idea here is that perhaps some real client relies on this (and not just Samba torture
commands), so we need a way to support it for the 4.6 release.
If no such client emerges, it can be deprecated and removed in the normal way.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 13 Nov 2016 21:13:26 +0000 (10:13 +1300)]
idl: Do not listen for lsarpc on \\pipe\netlogon
This prevents making the netlogon process multi-threaded.
This works on Windows becuase NETLOGON is part of lsad
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Douglas Bagnall [Wed, 9 Nov 2016 02:17:00 +0000 (15:17 +1300)]
rpc_server:netlogon Move from memcache to a tdb cache
This allows the netlogon server to be moved into a multi-process model
while still supporting clients that use a challenge from a different
network connection.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 14 20:12:14 CET 2016 on sn-devel-144
Andrew Bartlett [Wed, 14 Dec 2016 02:59:08 +0000 (15:59 +1300)]
torture: Add ServerReqChallengeReuseGlobal2 to rpc.netlogon
This test ensures that when the per-pipe challenge is used, the tdb cache
is wiped as well
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 14 15:56:37 CET 2016 on sn-devel-144
Andrew Bartlett [Wed, 14 Dec 2016 02:17:24 +0000 (15:17 +1300)]
torture: Add ServerReqChallengeReuse to rpc.netlogon
This test covers credentials reuse on the same process.
We test with direct re-use, and for the case where the challenge
is reset to zeros.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 14 Dec 2016 02:12:12 +0000 (15:12 +1300)]
torture: Add new test ServerReqChallengeReuseGlobal to rpc.netlogon
This tests ensures we can not re-use the entries in global challenge table.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 14 Dec 2016 02:09:15 +0000 (15:09 +1300)]
torture/samba3rpc: Use NETLOGON_NEG_AUTH2_ADS_FLAGS
This allows this test to pass after "allow nt4 crypto" is removed from
the default environment.
We now only set it in ad_dc
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 14 Dec 2016 04:45:19 +0000 (17:45 +1300)]
torture: Use DCERPC_SCHANNEL_AUTO in rpc.schannel.schannel2 test
This allows it to run against modern servers that do not permit NT4 crypto
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 14 Dec 2016 01:50:20 +0000 (14:50 +1300)]
torture: Add credentials downgrade and challenge reuse test to rpc.netlogon
This test confirms that the challenge set up is available
after the ServerAuthenticate has failed at the NT_STATUS_DOWNGRADE_DETECTED
check.
This is needed for NetApp ONTAP member servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11291
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Douglas Bagnall [Tue, 6 Dec 2016 22:54:41 +0000 (11:54 +1300)]
librpc/ndr/uuid.c: improve speed and accuracy of GUID string parsing
GUID_from_data_blob() was relying on sscanf to parse strings, which was
slow and quite accepting of invalid GUIDs. Instead we directly read a
fixed number of hex bytes for each field.
This now passes the samba4.local.ndr.*.guid_from_string_invalid tests.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Dec 14 08:55:42 CET 2016 on sn-devel-144
Douglas Bagnall [Wed, 7 Dec 2016 01:35:58 +0000 (14:35 +1300)]
s4-torture: better, failing, tests for GUID_from_string
These tests reveal that the current implementation accepts all kinds
of invalid GUIDs. In particular, we fail on these ones:
"
00000001-0002-0003-0405--
060708090a0"
"-
0000001-0002-0003-0405-
060708090a0b"
"-
0000001-0002-0003-04-5-
060708090a0b"
"
d0000001-0002-0003-0405-
060708090a-b"
"
00000001- -2-0003-0405-
060708090a0b"
"
00000001-0002-0003-0405-
060708090a0"
"0x000001-0002-0003-0405-
060708090a0b"
"
00000001-0x02-0x03-0405-
060708090a0b"
This test is added to selftest/knownfail.
The test for valid string GUIDs is extended to test upper and mixed case
GUIDs.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Uri Simchoni [Tue, 13 Dec 2016 06:10:56 +0000 (08:10 +0200)]
cli-quotas: fix potential memory leak
Fix a memory leak in out-of-memory condition
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 13 22:30:44 CET 2016 on sn-devel-144
Jeremy Allison [Mon, 12 Dec 2016 23:52:11 +0000 (15:52 -0800)]
s3: libsmb: Ensure SMB2 operations correctly set cli->raw_status.
Needs to be done even on success (cli_is_error() checks if
cli->raw_status was NT_STATUS_OK).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12468
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Björn Jacke [Tue, 13 Dec 2016 08:00:58 +0000 (09:00 +0100)]
pam: strip trailing whitespaces in pam_winbind.c
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Karolin Seeger <ks@sernet.de>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Tue Dec 13 18:01:21 CET 2016 on sn-devel-144
Björn Jacke [Wed, 25 Nov 2015 13:04:24 +0000 (14:04 +0100)]
pam: map more NT password errors to PAM errors
NT_STATUS_ACCOUNT_DISABLED,
NT_STATUS_PASSWORD_RESTRICTION,
NT_STATUS_PWD_HISTORY_CONFLICT,
NT_STATUS_PWD_TOO_RECENT,
NT_STATUS_PWD_TOO_SHORT
now map to PAM_AUTHTOK_ERR (Authentication token manipulation error), which is
the closest match.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2210
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Thu, 24 Nov 2016 00:57:54 +0000 (13:57 +1300)]
talloc: Add tests for talloc destructor behaviour after talloc_realloc()
That this behaved correctly was not clear, so I added tests to prove
it to myself.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 13 06:47:58 CET 2016 on sn-devel-144
Andrew Bartlett [Tue, 13 Dec 2016 01:21:29 +0000 (14:21 +1300)]
selftest: Print the POSIX ACL we got when the posixacl test fails
Knowing we have 11 of 15 ACEs is not very helpful
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Alexander Bokovoy [Thu, 8 Dec 2016 08:21:53 +0000 (10:21 +0200)]
smb.conf: add identity mapping section
Add a generic identity mapping section that points out to the other
resources in Samba documentation about idmap modules and their
configuration.
This should help users to discover corresponding documentation easily.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrea Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 13 00:14:04 CET 2016 on sn-devel-144
Andreas Schneider [Mon, 12 Dec 2016 09:05:39 +0000 (10:05 +0100)]
s3:winbind: Do not start with an invalid default idmap backend
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>