s3:secrets: make use of des_salt_key() in secrets_store_machine_pw_sync()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:secrets: add some const to secrets_store_domain_guid()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:secrets: split out a domain_guid_keystr() function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:secrets: rework des_salt_key() to take the realm as argument

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:secrets: move kerberos_secrets_*salt related functions to machine_account_secrets.c

These don't use any krb5_context related functions and they just
work on secrets.tdb, so they really belong to machine_account_secrets.c.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libads: remove unused kerberos_fetch_salt_princ_for_host_princ()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libads: make use of kerberos_secrets_fetch_salt_princ() in ads_keytab_add_entry()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libnet: make use of kerberos_secrets_fetch_salt_princ()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:gse_krb5: simplify fill_keytab_from_password() by using kerberos_fetch_salt_princ()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libads: provide a simpler kerberos_fetch_salt_princ() function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libads: remove kerberos_secrets_fetch_salting_principal() fallback

The handling for per encryption type salts was removed in
Samba 3.0.23a (Jul 21, 2006). It's very unlikely that someone
has such an installation that got constantly upgraded over 10 years
with an automatic password change nor rejoin. It also means
that the KDC only has salt-less arcfour-hmac-md5 key together
with the salted des keys. So there would only be a problem
if the client whould try to use a des key to contact the smb server.

Having this legacy code adds quite some complexity for no
good reason.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libnet_join: move kerberos_secrets_store_des_salt() to libnet_join_joindomain_store_secrets()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libnet_join: move libnet_join_joindomain_store_secrets() to libnet_join_post_processing()

We should not store the secrets before we did all remote changes
(except the optional dns updates).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libnet_join: call do_JoinConfig() after we did remote changes on the server

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libnet_join: split libnet_join_post_processing_ads() into modify/sync

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libnet_join: move kerberos_secrets_store_des_salt() out of libnet_join_derive_salting_principal()

We should separate the calculation and the storing steps.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libnet_join: remember r->out.krb5_salt in libnet_join_derive_salting_principal()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libnet_join.idl: add krb5_salt to libnet_JoinCtx

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libnet_join: remember the domain_guid for AD domains

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libnet_join.idl: return the domain_guid in libnet_JoinCtx

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libnet_join: calculate r->out.account_name in libnet_join_pre_processing()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libnet_join: remove dead code from libnet_join_connect_ads()

username[strlen(username)] is *always* '\0'!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

krb5_wrap: add smb_krb5_salt_principal2data()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

krb5_wrap: add smb_krb5_salt_principal()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libads: remove unused kerberos_secrets_store_salting_principal()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:librpc: let NDR_SECRETS depend on NDR_SECURITY

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

idl_types.h: add NDR_SECRET shortcut

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

librpc/ndr: add LIBNDR_FLAG_IS_SECRET handling

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

librpc/ndr: align the definition of LIBNDR_STRING_FLAGS with currently defined flags

The range included the unused (1<<14) before.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

pidl:NDR/Parser: add missing {start,end}_flags() to ParseElementPrint()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:smbd: unimplement FSCTL_VALIDATE_NEGOTIATE_INFO with "server max protocol = SMB2_02"

A client that supports SMB3 will do a signed FSCTL_VALIDATE_NEGOTIATE_INFO
after a tree connect. This FSCTL_VALIDATE_NEGOTIATE_INFO call contains
the client capabilities, client guid, security mode and the array of supported
dialects. But if SMB 2.02 is negotiated the doesn't send these values to the
server in the first connection attempt (when the client starts with a SMB1 Negotiate).

Windows servers that only support SMB2 just return NT_STATUS_FILE_CLOSED
as answer to FSCTL_VALIDATE_NEGOTIATE_INFO.

We should do the same if we just pretend to support SMB 2.02,
as SMB 2.10 always include an SMB2 Negotiate request we can leave it as is.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

selftest: run nt4_dc_schannel with 'server max protocol = SMB2_02'

This reproduces the problem with trying to implement
FSCTL_VALIDATE_NEGOTIATE_INFO as SMB2_02 server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:selftest: run test_smbclient_basic.sh against nt4_dc_schannel with various protocols

This prepared a reproducer for bug #12772
'Clients with SMB3 support can't connect with "server max protocol = SMB2_02"'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:test_smbclient_basic.sh: make use of $incdir/common_test_fns.inc

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:test_smbclient_basic.sh: make use of $ADDARGS

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:gse_krb5: fix a possible crash in fill_mem_keytab_from_system_keytab()

If the keytab file isn't readable, we may call
krb5_kt_end_seq_get() with an invalid kt_cursor.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10490

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Michael Saxl <mike@mwsys.mine.bz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s4-netlogon: Escape user-supplied computer name in Bad credentials log line

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4-netlogon: Provide logs for machine account success and failures

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

smbtorture: Add more tests around NETLOGON challenge reuse

The existing tests did not actually demonstrate what they
thought they did until the credential values were refreshed.

The new test showed this, because Samba fails it (windows passes)
due to the way we keep the last challenge on the connection.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:tests: Add blackbox test for 'net usershare'

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

s3:param: Allow to add usershare if uid_wrapper is loaded

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:tests: Do not delete the contets of LOCAL_PATH with tarmode test

The test_smbclient_tarmode.pl test operates on $LOCAL_PATH by default
and removes everything. So it deletes all precreated files and
directories which the setup_fileserver() function initially set up.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12867

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

docs-xml: Sort input file list

because filesystems return entries in undeterministic order
and that ends up in index.xml and influences index.html
preventing reproducible builds of samba packages (e.g. for openSUSE)

See https://reproducible-builds.org/ for why this matters

Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Jun 27 16:56:06 CEST 2017 on sn-devel-144

WHATSNEW: Fix typo...

and add some new/changed parameters.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 27 03:19:19 CEST 2017 on sn-devel-144

auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2 client case

Some servers may not announce the NTLMSSP_NEGOTIATE_NTLM2
(a.k.a. NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY) bit.

But if we're acting as a client using NTLMv2 we need to
enforce this flag, because it's not really a negotiationable
in that case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12862

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3: smbd: fix regression with non-wide symlinks to directories over SMB3.

The errno returned by open() is ambiguous when called with flags O_NOFOLLOW and
O_DIRECTORY on a symlink. With ELOOP, we know for certain that we've tried to
open a symlink. With ENOTDIR, we might have hit a symlink, and need to perform
further checks to be sure. Adjust non_widelink_open() accordingly. This fixes
a regression where symlinks to directories within the same share were no
longer followed for some call paths on systems returning ENOTDIR in the above
case.

Also remove the knownfail added in previous commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860

Signed-off-by: Daniel Kobras <d.kobras@science-computing.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Add regression test for non-wide symlinks to directories fail over SMB3.

Mark as knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

ctdb-protocol: Do not pass tdb open flags to DB attach controls

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Jun 26 20:10:38 CEST 2017 on sn-devel-144

ctdb-client: Do not pass tdb open flags to db attach api

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-client: Remove calaculation of tdb flags

... and there is no need to find out if mutexes are enabled.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-client: Ask daemon for db open flags

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-client: Ask daemon for db open flags

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-client: Add a function to get db open flags

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-client: Add sync api for control DB_OPEN_FLAGS

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-protocol: Add protocol marshalling for control DB_OPEN_FLAGS

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-daemon: Implement DB_OPEN_FLAGS control

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-protocol: Add new control to get database open flags

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-daemon: Drop extra boolean arguments to ctdb_local_attach()

There is no need for with_jenkinshash and with_mutexes flags, since the
tdb_flags are now calculated based on database type.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-client: Drop tdb_flags argument to ctdb_attach()

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-client: Stop sending tdb_flags with DB_ATTACH controls

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-daemon: Ignore tdb open flags passed to DB attach controls

The tdb open flags should be calculated based on the database type and
ctdb tunables.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-daemon: Refactor calculation of tdb open flags based on database type

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-locking: Get tdb open flags from tdb instead of re-calculating

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-daemon: Store tdb flags just after tdb is opened in ctdb_local_attach()

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-daemon: Once database is attached, do not modify tdb flags

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

auth/ntlmssp: make ntlmssp_server_check_password() shorter

We move as must as possible into ntlmssp_server_{pre,post}auth().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jun 26 13:07:30 CEST 2017 on sn-devel-144

auth/ntlmssp: remove useless talloc_steal calls in ntlmssp_server_check_password()

We only create a temporary auth_usersupplied_info structure and pass it
down as const, lets keep the values on ntlmssp_state otherwise we may derefence
stale pointers.

We finally free the memory at the end of ntlmssp_server_postauth() now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb/samdb: pass an existing 'struct ldb_context' to crack_auto_name_to_nt4_name()

There's no point in creating a temporary ldb_context as
the only callers already have a valid struct ldb_context for
the local sam.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb/samdb: pass an existing 'struct ldb_context' to crack_name_to_nt4_name()

There's no point in creating a temporary ldb_context as
all direct callers already have a valid struct ldb_context for
the local sam.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:auth/unix_token: remove unused tevent_context from auth_session_info_fill_unix()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:auth/unix_token: remove unused tevent_context from security_token_to_unix_token()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:smbd: call auth_check_password_session_info() only in one central place

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:smbd: introduce a reply_sesssetup_and_X_state

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:smbd: inline check_guest_password() into reply_sesssetup_and_X()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:smbd: only set user_info->auth_description on success

Otherwise we'll derefence a NULL pointer.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pidl:NDR/Parser: initialize [skip] values in ndr_pull_*

It's too dangerous to leave values uninitialzed!
[skip_noinit] can be used if required.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

ntprinting.idl: make use of [skip_noinit] for string_flags

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

pidl:NDR/Parser: add "skip_noinit" element

In future "skip" will be changed to initialize the element
with ZERO_STRUCT() on ndr_pull_*.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

pidl:NDR/Parser: fix "skip" for pointers

We should handle the "skip" at the element level before
we traverse trough the element levels.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-scripts: Don't send empty argument string to logger

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12856

This stops logger reading from stdin.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Jun 24 14:37:48 CEST 2017 on sn-devel-144

ctdb-recovery: Do not run local ip verification when in recovery

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857

If we drop public IPs because CTDB is in recovery for too long, then
avoid spamming logs "Trigger takeoverrun" every second.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-recovery: Get recmode unconditionally in the main_loop

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857

This can be used later in the main_loop to avoid the local ip check.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-recovery: Finish processing for recovery mode ACTIVE first

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857

This simplifies the code and avoids complicated conditions.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-recovery: Simplify logging of recovery mode setting

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-recovery: Setting up of recmode should be idempotent

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12857

If the recovery mode is already set to the expected value, there is
nothing to do.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-recovery: Assign banning credits if database fails to freeze

https://bugzilla.samba.org/show_bug.cgi?id=12857

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

lib: Use ctdb_protocol instead of ctdb_private

ctdb_private is much broader. Right now we implement the protocol
ourselves. In the future, we might switch to the native ctdb
client implementation defined in ctdb_client.h, but that's a
different project :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 24 05:33:41 CEST 2017 on sn-devel-144

lib: Give util_paths.c its own header

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

net: Dump data for net_g_lock dump

4d404f2 added user-data for a g_lock. Print it in net g_lock dump.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

build: fix build of vfs_posix_eadb module

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jun 24 01:20:16 CEST 2017 on sn-devel-144

waf:lib/replace: Fix building with older GCC versions

Using gcc 4.3.2:
cc1: error: unrecognized command line option "-Wno-format-truncation"

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s4:torture: Do not segfault in torture_rpc_spoolss_printer_teardown_common()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 23 21:00:19 CEST 2017 on sn-devel-144

samba_kcc: debugging: say intrasite when we mean intrasite

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Jun 23 06:45:47 CEST 2017 on sn-devel-144

samba_kcc: drop all connections from non-existent DSAs

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

samba_kcc: comment typo

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

third_party/dnspython: fix variable name in dnssec

This appears to have been fixed upstream (along with significant other
changes)

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

samba_kcc: avoid crash on odd networks with --dot-file-dir

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

waf/wafadmin/3rdparty: fix paranoid.py variable names

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

python/getopt: -d/--debuglevel saves value in options for scripts

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

add provision performance tests

Because making provision faster makes autobuild faster.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>