Stefan Metzmacher [Fri, 30 Jun 2017 11:26:17 +0000 (13:26 +0200)]
s3:rpc_server: wrap make_auth4_context() into {become,unbecome}_root()
This need to create a temporary messaging context in order to do
the auth logging. This can only be done as root.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12850
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Jul 3 08:15:29 CEST 2017 on sn-devel-144
Garming Sam [Mon, 3 Jul 2017 01:15:50 +0000 (13:15 +1200)]
WHATSNEW: Improved AD performance (particularly linked attributes)
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 3 Jul 2017 01:09:26 +0000 (13:09 +1200)]
WHATSNEW: DNS at domain join improvements
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 3 Jul 2017 00:46:09 +0000 (12:46 +1200)]
WHATSNEW: Additional hashes introduced with WDigest
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Sun, 2 Jul 2017 23:51:10 +0000 (11:51 +1200)]
WHATSNEW: Improved RODC support
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sat, 1 Jul 2017 10:20:17 +0000 (22:20 +1200)]
selftest: Prime the netlogon cache during test_idmap_rfc2307
This ensures that the group memberships just created are reflected in the test
comparison. Otherwise we are trusting that no caches are primed, which is
simply not safe in a test.
(The login will put a list of groups, as obtained by the login over NETLOGON or
via the PAC, into the samlogon cache).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Jul 2 21:59:18 CEST 2017 on sn-devel-144
Andrew Bartlett [Sat, 1 Jul 2017 09:44:38 +0000 (21:44 +1200)]
selftest: Bind rfc2307 tests to exactly one server
The tests make changes to the DC, do not wait for replication, then expect
those to be reflected in the client. If they bind to another server this
will not hold true.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sat, 1 Jul 2017 09:34:44 +0000 (21:34 +1200)]
selftest: Use tree_delete control in idmap_rfc2307 test
This control removes an entire subtree, which was the intention of the previouse code
but much more effectively.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bob Campbell [Mon, 9 Jan 2017 20:20:47 +0000 (09:20 +1300)]
selftest: Do not force run of kcc at start of selftest
This should help to avoid clashes between periodic and manual runs of
the KCC during autobuild.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 30 Jun 2017 04:02:46 +0000 (16:02 +1200)]
WHATSNEW: Add entry for Multi-process LDAP Server
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 29 Jun 2017 00:50:03 +0000 (12:50 +1200)]
WHATSNEW: Add an entry for the LDB whole DB locking issue
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 17 Oct 2016 00:55:42 +0000 (13:55 +1300)]
ldap: Run the LDAP server with the default (typically standard) process model
This allows one LDAP socket to proceed if another fails, and reduces the
impact of a crash becoming a DoS bug, as it only impacts one socket.
This may mean we have a lot of idle tasks, but this should not be a big
issue
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 28 Jun 2017 05:34:05 +0000 (17:34 +1200)]
dsdb: Improve debugging on start transacton failure
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 26 Jun 2017 02:13:41 +0000 (14:13 +1200)]
dsdb: Teach the Samba partition module how to lock all the DB backends
The metadata partition (sam.ldb) lock is not
enough to block another process in prepare_commit(),
because prepare_commit() is a no-op, if nothing
was changed in the specific backend.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 26 Jun 2017 01:34:21 +0000 (13:34 +1200)]
dsdb: Add tests showing that the CN=CONFIGURATION partition is also locked
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 26 Jun 2017 01:16:01 +0000 (13:16 +1200)]
dsdb: Add new test adding a record to the top level sam.ldb file
This shows that locks are made on this file as well
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 23 Jun 2017 10:13:19 +0000 (12:13 +0200)]
dsdb: Add more locking more tests, confirming blocking locks in both directions
These extended tests allow us to show that a search (read) blocks a
transaction commit (write), and that a transaction commit blocks a
search.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 16 Jun 2017 03:49:45 +0000 (15:49 +1200)]
dsdb: Add test showing a search can't start while a transaction is already repared in a backend partition
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 16 Jun 2017 03:49:45 +0000 (15:49 +1200)]
dsdb: Add test showing a search can't start while a transaction is already repared
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 11 Apr 2017 15:50:08 +0000 (17:50 +0200)]
ldb: version 1.2.0
* handle one more LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK
case in ldb_tdb
* fix ldb_tdb locking (performance) problems
* fix ldb_tdb search inconsistencies by adding
read_[un]lock() hooks to the module stack
(bug #12858)
* add cmocka based tests for the locking issues
* ldb_version.h provides LDB_VERSION_{MAJOR,MINOR,RELEASE} defines
* protect ldb_modules.h from being used by Samba < 4.7
Note: that this release (as well as 1.1.30 and 1.1.31)
may cause problems for older applications, e.g. Samba
See https://bugzilla.samba.org/show_bug.cgi?id=12859
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 30 Jun 2017 06:14:02 +0000 (08:14 +0200)]
ldb:includes: protect ldb_modules.h from being used by Samba < 4.7
Samba versions before 4.7 are incompatible with the read_[un]lock()
behaviour introduced into ldb.
This makes sure older Samba versions fail to compile against
ldb >= 1.2.0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12859
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 30 Jun 2017 06:09:38 +0000 (08:09 +0200)]
ldb:wscript: define EXPECTED_SYSTEM_LDB_VERSION_{MAJOR,MINOR,RELEASE}
This indicates what feature set Samba assumes from the used
libldb from the system.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12859
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 23 Jun 2017 08:50:54 +0000 (10:50 +0200)]
ldb:wscript: provide LDB_VERSION_{MAJOR,MINOR,RELEASE} in ldb_version.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 16 Jun 2017 03:49:16 +0000 (15:49 +1200)]
ldb:tests: Extend api.py testsuite to show transaction_commit() blocks against the whole-db read lock
The new ldb whole-db lock behaviour now allows this test
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 16 Jun 2017 03:44:46 +0000 (15:44 +1200)]
ldb:tests: Extend api.py testsuite to show transaction contents can not be seen outside the transaction
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 16 Jun 2017 00:19:00 +0000 (12:19 +1200)]
ldb:tests: Add test to show that locks are released on TALLOC_FREE(req)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 16 Jun 2017 00:18:39 +0000 (12:18 +1200)]
ldb:tests: Correct comment about version numbers
(ldb releases have been made while this patch set was in train)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 15 Jun 2017 01:56:46 +0000 (13:56 +1200)]
ldb: Lock the whole backend database for the duration of a search
We must hold locks not just for the duration of each search, but for the whole search
as our module stack may make multiple search requests to build up the whole result.
This is explains a number of replication and read corruption issues in Samba
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 11 May 2017 23:39:08 +0000 (01:39 +0200)]
ldb_tdb: Implement read_lock and read_unlock module operations
This allows Samba to provide a consistent view of the DB
despite the use of multiple databases via the partitions module
and over multiple callbacks via a module stack.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 15 Jun 2017 00:10:51 +0000 (12:10 +1200)]
ldb: Add read_lock and read_unlock to ldb_module_ops
This will be used to implement read locking in ldb_tdb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 22 May 2017 04:18:20 +0000 (16:18 +1200)]
ldb:tests: Add test encoding current locking behaviour during ldb_search()
Currently, a lock is not held against modifications once the final
record is returned via a callback, so modifications can be made
during the DONE callback. This makes it hard to write modules
that interpert an ldb search result and do further processing
so will change in the future to allow the full search to be
atomic.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 25 Apr 2017 10:33:53 +0000 (22:33 +1200)]
ldb:tests: Show that writes do not appear during an ldb_search()
A modify or rename during a search must not cause a search to change
output, and attributes having an index should in particular not see
any change in behaviour in this respect
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 15 Jun 2017 01:56:46 +0000 (13:56 +1200)]
ldb:tests: don't assert the results before doing the final search finished
This is required to pass the test in future, because
otherwise the clean up will fail because we hold locks.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Garming Sam [Wed, 29 Mar 2017 23:03:17 +0000 (12:03 +1300)]
ldb:tdb: Ensure we correctly decrement ltdb->read_lock_count
If we do not do this, then we never take the all record lock, and instead do a lock
for every record as we go, which is very slow during a large search
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 30 Jun 2017 00:55:15 +0000 (12:55 +1200)]
ldb_pack: use ldb_dn_from_ldb_val() and avoid a duplicate strlen() call
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 11 Apr 2017 15:27:33 +0000 (17:27 +0200)]
tdb: version 1.3.14
* allow tdb_traverse_read before tdb_transaction[_prepare]_commit()
* Improve documentation for tdb_transaction_start()
* Add new function tdb_transaction_active()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 26 Apr 2017 20:34:56 +0000 (08:34 +1200)]
tdb: Add new function tdb_transaction_active()
This will allow callers to avoid their own reference counting of transactions.
Additionally, this will always line up with the acutal transaction state, even
in the error cases where tdb can cancel the transaction
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 26 Apr 2017 20:51:08 +0000 (08:51 +1200)]
tdb: Improve documentation for tdb_transaction_start()
It now references the TDB_ALLOW_NESTING and TDB_DISALLOW_NESTING flags
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 31 Mar 2017 04:34:13 +0000 (17:34 +1300)]
tdb: Remove locking from tdb_traverse_read()
This restores the original intent of tdb_traverse_read() in
7dd31288a701d772e45b1960ac4ce4cc1be782ed
This is needed to avoid a deadlock with tdb_lockall() and the
transaction start, as ldb_tdb should take the allrecord lock during a
search (which calls tdb_traverse), and can otherwise deadlock against
a transaction starting in another process
We add a test to show that a transaction can now start while a read
traverse is in progress
This allows more operations to happen in parallel. The blocking point
is moved to the prepare commit.
This in turn permits a roughly doubling of unindexed search
performance, because currently ldb_tdb omits to take the lock due to
an unrelated bug, but taking the allrecord lock triggers the
above-mentioned deadlock.
This behaviour was added in
251aaafe3a9213118ac3a92def9ab2104c40d12a for
Solaris 10 in 2005. But the run-fcntl-deadlock test works also on Solaris 10,
see https://lists.samba.org/archive/samba-technical/2017-April/119876.html.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Wed, 3 May 2017 04:34:01 +0000 (06:34 +0200)]
drsuapi: Improve debugging in DsAddEntry()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 30 Jun 2017 04:21:32 +0000 (06:21 +0200)]
wafsamba: add maxversion and version_blacklist to CHECK_BUNDLED_SYSTEM[_PKG]()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12859
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Fri, 30 Jun 2017 20:37:03 +0000 (13:37 -0700)]
s3: VFS: Change SMB_VFS_CONNECTPATH to take const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 1 07:20:28 CEST 2017 on sn-devel-144
Jeremy Allison [Fri, 30 Jun 2017 18:59:20 +0000 (11:59 -0700)]
S3: smbd: Finish plumbing struct smb_filename * through the check_name() stack.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Fri, 30 Jun 2017 18:34:13 +0000 (11:34 -0700)]
s3: smbd: Add missing out of memory check.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Fri, 30 Jun 2017 18:32:59 +0000 (11:32 -0700)]
s3: VFS: Change SMB_VFS_REALPATH to take and return struct smb_filename * instead of char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Thu, 29 Jun 2017 21:32:47 +0000 (14:32 -0700)]
s3: VFS: Change SMB_VFS_GETWD to return struct smb_filename * instead of char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Jeremy Allison [Thu, 29 Jun 2017 18:29:33 +0000 (11:29 -0700)]
s3: VFS: Change SMB_VFS_CHDIR to use const struct smb_filename * instead of const char *.
We need to migrate all pathname based VFS calls to use a struct
to finish modernising the VFS with extra timestamp and flags parameters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Garming Sam [Fri, 23 Jun 2017 00:37:01 +0000 (12:37 +1200)]
show-deleted: Rename attr_filter to exclude_filter for clarity
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 30 06:23:39 CEST 2017 on sn-devel-144
Garming Sam [Fri, 23 Jun 2017 00:35:56 +0000 (12:35 +1200)]
show-deleted: Simplify the code to require as little logic as needed
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Fri, 23 Jun 2017 00:18:35 +0000 (12:18 +1200)]
show-deleted: Remove an unnecessary search during connect
This is only required if you supply SHOW_RECYCLED or SHOW_DELETED. Note
that any add does trigger this (through callbacks in the modules in acl,
objectclass etc.).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Tue, 27 Jun 2017 01:02:49 +0000 (13:02 +1200)]
show-deleted: Do not indicate an error if an object is missing.
This happens during provision, however due to the fact that the first
search in the rootDSE init does not check return codes, this was done
implicitly (and coincidentally).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Wed, 28 Jun 2017 00:22:05 +0000 (12:22 +1200)]
dsdb: Add a dummy module to replace show_deleted
This helps when we improve show_deleted in a way that the fake database in samba3sam can not cover
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Fri, 5 May 2017 20:33:47 +0000 (22:33 +0200)]
travis-ci: Also build samba-systemkrb5
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Thu, 29 Jun 2017 23:11:05 +0000 (11:11 +1200)]
autobuild: Use new selftest.pl feature to run only some environments
This is cleaner than test filtering with regular expressions
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 27 Feb 2017 21:45:24 +0000 (10:45 +1300)]
selftest: Allow selftest.pl to run just some environments
This makes it easier to declare that some autobuild environments
only run some selftest environments.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Mon, 15 May 2017 20:32:03 +0000 (08:32 +1200)]
debug: new debug class for kerberos
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Stefan Metzmacher [Wed, 14 Jun 2017 01:29:58 +0000 (03:29 +0200)]
auth/spnego: do basic state_position checking in gensec_spnego_update_in()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 29 20:15:05 CEST 2017 on sn-devel-144
Stefan Metzmacher [Tue, 13 Jun 2017 21:41:01 +0000 (23:41 +0200)]
auth/spnego: move gensec_spnego_update() into gensec_spnego_update_send()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 30 Dec 2016 05:56:47 +0000 (06:56 +0100)]
auth/spnego: split out gensec_spnego_update_{client,server}() functions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 27 Jun 2017 16:05:04 +0000 (18:05 +0200)]
auth/spnego: remove unused out_mem_ctx = spnego_state fallback in gensec_spnego_update()
The only caller never passes NULL.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 10 May 2017 12:44:48 +0000 (14:44 +0200)]
auth/spnego: add gensec_spnego_update_sub_abort() helper function
This helps to be consistent when destroying a unuseable sub context.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 30 Dec 2016 08:06:33 +0000 (09:06 +0100)]
auth/spnego: remove useless spnego_state->sub_sec_ready check
The lines above make sure it's always true.
Check with git show -U15
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 30 Dec 2016 08:04:47 +0000 (09:04 +0100)]
auth/spnego: consitently set spnego_state->sub_sec_ready = true after gensec_update_ev()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 30 Dec 2016 08:03:08 +0000 (09:03 +0100)]
auth/spnego: rename spnego_state->no_response_expected to ->sub_sec_ready
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 13 Jun 2017 20:43:59 +0000 (22:43 +0200)]
auth/spnego: move gensec_spnego_update_out() behind gensec_spnego_update_in()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 13 Jun 2017 20:41:14 +0000 (22:41 +0200)]
auth/spnego: move some more logic to gensec_spnego_update_in()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 13 Jun 2017 14:59:02 +0000 (16:59 +0200)]
auth/spnego: move gensec_spnego_update_in() after gensec_spnego_update_send()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 14 Jun 2017 06:43:13 +0000 (08:43 +0200)]
auth/spnego: set state_position = SPNEGO_DONE in gensec_spnego_update_cleanup()
Every fatal error should mark the spnego_state to reject any further update()
calls.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 13 Jun 2017 14:53:06 +0000 (16:53 +0200)]
auth/spnego: move gensec_spnego_update_wrapper() into gensec_spnego_update_send()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Fri, 30 Dec 2016 15:36:23 +0000 (16:36 +0100)]
auth/spnego: make use of data_blob_null instead of using data_blob(NULL, 0)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Amitay Isaacs [Tue, 21 Mar 2017 04:36:36 +0000 (15:36 +1100)]
ctdb-tests: Add transaction/recovery test for replicated database
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Jun 29 14:43:44 CEST 2017 on sn-devel-144
Amitay Isaacs [Thu, 2 Mar 2017 07:15:05 +0000 (18:15 +1100)]
ctdb-tests: Generalize transaction_loop test
Instead of hard-coding the database name, it's passed as an argument
along with database type.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 4 Apr 2017 07:02:38 +0000 (17:02 +1000)]
ctdb-tests: Support replicated db in tool tests
This updates and adds unit tests for database operations.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 07:14:44 +0000 (18:14 +1100)]
ctdb-tests: Add database type option for tests
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 06:36:59 +0000 (17:36 +1100)]
ctdb-tools: Allow attach for replicated databases
... and update the output from various database query commands.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 06:34:55 +0000 (17:34 +1100)]
ctdb-client: Add db support for CTDB_DB_FLAGS_REPLICATED
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 26 Jun 2017 05:55:15 +0000 (15:55 +1000)]
ctdb-client: Add sync api for DB_ATTACH_REPLICATED control
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 06:07:13 +0000 (17:07 +1100)]
ctdb-protocol: Add marshalling for CTDB_CONTROL_DB_ATTACH_REPLICATED control
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 05:38:58 +0000 (16:38 +1100)]
ctdb-daemon: Add implementation for CTDB_CONTROL_DB_ATTACH_REPLICATED control
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Tue, 28 Feb 2017 22:51:32 +0000 (09:51 +1100)]
ctdb-protocol: Add new control CTDB_CONTROL_DB_ATTACH_REPLICATED
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 05:36:55 +0000 (16:36 +1100)]
ctdb-daemon: Add accessors for CTDB_DB_FLAGS_REPLICATED flag
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Mon, 1 May 2017 14:59:46 +0000 (00:59 +1000)]
ctdb-daemon: Calculate tdb flags for replicated databases
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 16 Feb 2017 07:44:38 +0000 (18:44 +1100)]
ctdb-protocol: Add CTDB_DB_FLAGS_REPLICATED for new type of database
persistent: replicated and permanent
volatile: distributed and temporary
replicated: replicated and temporary
This type of database will be used by CTDB for storing it's state.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 06:29:04 +0000 (17:29 +1100)]
ctdb-client: Store db_flags instead of a boolean persistent flag
... and add accessors for CTDB_DB_FLAGS_PERSISTENT flag.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 05:19:11 +0000 (16:19 +1100)]
ctdb-recovery: Use db_flags instead of a boolean persistent flag
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 05:07:32 +0000 (16:07 +1100)]
ctdb-daemon: Pass db_flags instead of passing persistent flag
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 04:53:17 +0000 (15:53 +1100)]
ctdb-daemon: Store db_flags instead of individual boolean flags
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 04:47:46 +0000 (15:47 +1100)]
ctdb-daemon: Add accessors for CTDB_DB_FLAGS_STICKY flag
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 04:44:48 +0000 (15:44 +1100)]
ctdb-daemon: Add accessors for CTDB_DB_FLAGS_READONLY flag
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Thu, 2 Mar 2017 04:39:29 +0000 (15:39 +1100)]
ctdb-daemon: Add accessors for CTDB_DB_FLAGS_PERSISTENT flag
This allows to differentiate between the two database models.
ctdb_db_persistent() - replicated and permanent
ctdb_db_volatile() - distributed and temporary
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 28 Jun 2017 06:41:49 +0000 (16:41 +1000)]
ctdb-protocol: Add DB_OPEN_FLAGS control to debug
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Amitay Isaacs [Wed, 28 Jun 2017 06:39:13 +0000 (16:39 +1000)]
ctdb-tests: Fix control reply data for DB_ATTACH_PERSISTENT control
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Gary Lockyer [Mon, 26 Jun 2017 22:33:56 +0000 (10:33 +1200)]
tests py_credentials: Fix encrypt_netr_crypt_password test
The test uses NetrServerPasswordSet2 to change a password, this tests
the end to end encryption. The original call to NetrServerPasswordSet2
was not utf-16 encoding the new password. However the call to
netr_DsrEnumerateDomainTrusts was using cached credentials and not
using the new password, so this was not detected.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Jun 29 06:50:32 CEST 2017 on sn-devel-144
Andreas Schneider [Fri, 23 Jun 2017 14:14:08 +0000 (16:14 +0200)]
nsswitch: Add ad_member tests for wbinfo --domain-info and --dc-info
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 29 02:33:48 CEST 2017 on sn-devel-144
Andreas Schneider [Fri, 23 Jun 2017 14:25:27 +0000 (16:25 +0200)]
s3:winbind: Move debug statement into the error handling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Wed, 28 Jun 2017 12:58:41 +0000 (14:58 +0200)]
s3:tests: Do *NOT* flush the complete gencache!
This removes important entries winbindd created during startup!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12868
Pair-Programmed-With: Ralph Boehme <slow@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Wed, 28 Jun 2017 12:49:45 +0000 (14:49 +0200)]
selftest: Do *NOT* flush the complete gencache!
This removes *IMPORTANT* entries from the gencache winbindd creates on
startup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12868
Pair-Programmed-With: Ralph Boehme <slow@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 16 Jun 2017 22:05:22 +0000 (00:05 +0200)]
s4:auth/ntlm: allow auth_operations to specify check_password_send/recv()
This prepares real async handling in the backends.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jun 27 21:09:08 CEST 2017 on sn-devel-144
Stefan Metzmacher [Fri, 16 Jun 2017 22:05:22 +0000 (00:05 +0200)]
s4:auth/ntlm: introduce auth_check_password_next()
This prepares real async handling in the backends.
Check with git show -w.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Fri, 16 Jun 2017 20:46:27 +0000 (22:46 +0200)]
s4:auth/ntlm: move auth_check_password_wrapper() further down
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>