Andrew Bartlett [Wed, 6 Mar 2024 02:30:53 +0000 (15:30 +1300)]
lib/krb5_wrap: Rename confusing add_salt parameter to smb_krb5_kt_add_entry()
This just adds the key directly, it is not related to if salting is used or not.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Thu, 22 Feb 2024 04:29:07 +0000 (17:29 +1300)]
python/tests: Add test that gMSA keytab export works and matches direct keytab export
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Fri, 2 Feb 2024 01:41:52 +0000 (14:41 +1300)]
s4-auth/kerberos: Note the good possability that the msDS-KeyVersionNumber is wrong
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Fri, 2 Feb 2024 01:40:24 +0000 (14:40 +1300)]
auth/credentials: Cope with GMSA 5min password preview in cli_credentials_set_gmsa_passwords()
This is unused in Samba currently, but is a subtle race that will be difficult
to debug if this is ever used, so this makes things easier for some future
developer.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Wed, 20 Dec 2023 05:10:45 +0000 (18:10 +1300)]
s4-libnet: Add export of gMSA keys to "samba-tool domain exportkeytab"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Thu, 21 Dec 2023 23:09:45 +0000 (12:09 +1300)]
s4-kdc: Prepare for gMSA support by recording it on the entry
This will allow the "samba-tool domain exportkeytab" code to do special gMSA
processing and in the future will allow the KDC to know it needs to check
if the keys in the DB need refreshing.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Thu, 21 Dec 2023 01:04:23 +0000 (14:04 +1300)]
auth/credentials: Allow generation of old Kerberos keys also
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Thu, 21 Dec 2023 09:25:25 +0000 (22:25 +1300)]
auth/credentials: Make cli_credentials_get_aes256_key into generic key access
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Thu, 21 Dec 2023 01:06:26 +0000 (14:06 +1300)]
auth/credentials: Add hook to set credentials from msDS-ManagedPassword blob
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Wed, 20 Dec 2023 20:01:36 +0000 (09:01 +1300)]
s4-libnet: Pass the full struct smb_krb5_context to sdb_kt_copy()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Wed, 20 Dec 2023 23:00:46 +0000 (12:00 +1300)]
auth/credentials: Dynamically calculate the salt principal (unless speccified)
This helps pull the salt principal calculation into a single spot.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Wed, 20 Dec 2023 09:55:07 +0000 (22:55 +1300)]
auth/credentials: Use salt on credentials object for Creds.get_aes256_key()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Thu, 21 Dec 2023 09:04:17 +0000 (22:04 +1300)]
auth/credentials: Add bindings for getting and setting the salt principal
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Dec 2023 22:53:06 +0000 (11:53 +1300)]
s4-libnet: Provide hint for "samba-tool domain exportkeytab" if used over LDAP without gMSA
Only gMSA accounts, and only for authoriszed users, can export be exported without
local sam.ldb access.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Dec 2023 22:18:13 +0000 (11:18 +1300)]
Make "samba-tool domain exportkeytab" prune old keys
This slowly prepares this to be an update tool, not just a one-off export tool
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Dec 2023 22:08:57 +0000 (11:08 +1300)]
s4-auth/kerberos: Rename create_keytab() to smb_krb5_fill_keytab()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Dec 2023 21:58:01 +0000 (10:58 +1300)]
s4-auth/kerberos: Add define ENC_STRONG_SALTED_TYPES
This allows us to mask out RC4 and insist on the modern AES types
where that makes sense.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Dec 2023 21:40:07 +0000 (10:40 +1300)]
s4-auth/kerberos: Remove unused paremters to create_keytab()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Dec 2023 04:04:35 +0000 (17:04 +1300)]
samba-tool domain exportkeytab: Add support for -H to point to a different sam.ldb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Dec 2023 02:58:49 +0000 (15:58 +1300)]
libnet: Prepare to allow "samba-tool domain exportkeytab to support -H
We need to allow a samdb to be passed from the python to support
using a specific DB or remote server for gMSA passwords.
The gMSA passwords will not use this code, but we need to be
consistant.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Dec 2023 04:57:56 +0000 (17:57 +1300)]
python: Explain strange enable_net_export_keytab() behaviour is no longer due Heimdal
This code is now common between Heimdal and MIT Kerberos, but can still be missing
for builds of "samba-tool" that do not include the whole AD DC.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andreas Schneider [Mon, 4 Mar 2024 09:58:23 +0000 (10:58 +0100)]
packaging: Provide a systemd service file for samba-bgqd
There might be scenarios where the background queue daemon should be
running all the time instead of being started on demand. This makes
especially sense for bigger printing servers with a lot of printers. It
takes ~1 sec to get a printer from cups, so a print server with 100
printers needs 100 seconds to update the printer_list.tdb. The service
will be killed because of idle in the meantime.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15600
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Mar 14 12:19:56 UTC 2024 on atb-devel-224
Noel Power [Tue, 20 Feb 2024 09:26:29 +0000 (09:26 +0000)]
s3/smbd: If we fail to close file_handle ensure we should reset the fd
if fsp_flags.fstat_before_close == true then close_file_smb will call
vfs_stat which can fail. If it does fail then the fd associated
with the file handle will still be set (and we will hit an assert
is the file handle destructor) when calling file_free.
We need to set fd to -1 to avoid that. To achieve that we capture and
return the vfs_stat_fsp failure status while still processing the rest
of the fd_close logic.
[2024/02/20 09:23:48.454671, 0, pid=9744] ../../source3/smbd/smb2_close.c:226(smbd_smb2_close)
smbd_smb2_close: close_file[]: NT_STATUS_ACCESS_DENIED
[2024/02/20 09:23:48.454757, 0, pid=9744] ../../source3/smbd/fd_handle.c:40(fd_handle_destructor)
PANIC: assert failed at ../../source3/smbd/fd_handle.c(40): (fh->fd == -1) || (fh->fd == AT_FDCWD)
[2024/02/20 09:23:48.454781, 0, pid=9744] ../../lib/util/fault.c:178(smb_panic_log)
===============================================================
[2024/02/20 09:23:48.454804, 0, pid=9744] ../../lib/util/fault.c:185(smb_panic_log)
INTERNAL ERROR: assert failed: (fh->fd == -1) || (fh->fd == AT_FDCWD) in smbd (smbd[192.168.10) (client [192.168.100.15]) pid 9744 (4.21.0pre1-DEVELOPERBUILD)
[2024/02/20 09:23:48.454844, 0, pid=9744] ../../lib/util/fault.c:190(smb_panic_log)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
[2024/02/20 09:23:48.454869, 0, pid=9744] ../../lib/util/fault.c:191(smb_panic_log)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Mar 13 10:34:45 UTC 2024 on atb-devel-224
Ralph Boehme [Mon, 5 Feb 2024 14:03:48 +0000 (15:03 +0100)]
smbd: simplify handling of failing fstat() after unlinking file
close_remove_share_mode() already called vfs_stat_fsp(), so we can skip the
fstat() triggered in fd_close() by fsp->fsp_flags.fstat_before_close being true.
This avoids getting an EACCESS error when doing an fstat() on the removed file
which seems to happen with some FUSE filesystems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 29 Feb 2024 14:33:56 +0000 (15:33 +0100)]
ctdb: Remove an unnecessary cast
nl->srvid is uint64_t, as is the srvid parameter of ctdb_daemon_send_message()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Mar 13 08:43:16 UTC 2024 on atb-devel-224
Volker Lendecke [Tue, 20 Feb 2024 11:50:36 +0000 (12:50 +0100)]
smbd: Fix a DBG message
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Volker Lendecke [Mon, 19 Feb 2024 08:57:16 +0000 (09:57 +0100)]
smbd: Avoid a ZERO_STRUCT() with direct struct initialization
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar 12 14:33:14 UTC 2024 on atb-devel-224
Volker Lendecke [Thu, 8 Feb 2024 10:02:15 +0000 (11:02 +0100)]
tools: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Thu, 8 Feb 2024 09:28:02 +0000 (10:28 +0100)]
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Thu, 8 Feb 2024 09:24:56 +0000 (10:24 +0100)]
smbd: Fix and modernize a few DBG statements
There were still a few function names in DBGs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Thu, 8 Feb 2024 09:04:32 +0000 (10:04 +0100)]
smbd: Give smbXsrv_session.c its own header file
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Sun, 4 Feb 2024 09:09:07 +0000 (10:09 +0100)]
vfs: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Mon, 12 Feb 2024 12:35:19 +0000 (13:35 +0100)]
auth: Simplify smb_krb5_send_to_kdc_state_destructor()
Replace a call to dbwrap_fetch_locked() with the higherlevel
dbwrap_delete().
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Sun, 11 Feb 2024 11:44:10 +0000 (12:44 +0100)]
smbd: Fix a comment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Sat, 10 Feb 2024 09:40:46 +0000 (10:40 +0100)]
smbXsrv_version: Use a struct assignment
Make sure everything is initialized
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Sat, 10 Feb 2024 09:37:42 +0000 (10:37 +0100)]
smbXsrv_version: Remove unused smbXsrv_version_global0->db_rec
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Sat, 10 Feb 2024 09:36:51 +0000 (10:36 +0100)]
smbXsrv_version: Use a struct assignment instead of ZERO_STRUCT
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Sat, 10 Feb 2024 09:29:35 +0000 (10:29 +0100)]
smbXsrv_version: Modernize DEBUG statements
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Mon, 19 Feb 2024 12:15:55 +0000 (13:15 +0100)]
lib: Simplify _hexcharval
Saves a few bytes and conditional jumps
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Wed, 31 Jan 2024 16:16:04 +0000 (17:16 +0100)]
smbd: Add parentheses for easier readability
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Wed, 31 Jan 2024 13:06:58 +0000 (14:06 +0100)]
torture: Fix an error message
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Fri, 2 Feb 2024 14:14:33 +0000 (15:14 +0100)]
lib: Simplify copy_unix_token()
Avoid an else with implicit NULL initialization
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Fri, 2 Feb 2024 14:06:06 +0000 (15:06 +0100)]
libsmb: Simplify an if-condition
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Fri, 9 Feb 2024 18:09:35 +0000 (19:09 +0100)]
lib: Make GUID_to_ndr_buf() return void
The whole point of struct GUID_ndr_buf is that this never fails.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Tue, 13 Feb 2024 12:13:26 +0000 (13:13 +0100)]
smbd: Remove get_Protocol()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Tue, 13 Feb 2024 12:12:14 +0000 (13:12 +0100)]
smbd: Remove the last use of get_Protocol()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Tue, 13 Feb 2024 11:26:22 +0000 (12:26 +0100)]
smbd: Add conn_protocol()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Mon, 12 Feb 2024 08:44:51 +0000 (09:44 +0100)]
smbd: Modernize a DEBUG statement
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Sun, 4 Feb 2024 09:57:28 +0000 (10:57 +0100)]
smbd: Simplify fsp_fullbasepath()
snprintf deals well with NULL/0 buffers. Basically this undoes
6555fa9d8fbc and
193df617.
6555fa9d8fbc gave cppcheck as a reason for
this patch, but if I look into susv4's snprintf definition I find:
If n is zero, nothing shall be written and s may be a null pointer.
This removes the checks and makes sure we fulfill the requirement of
susv4 that states that buf can only be NULL if buflen is 0.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Thu, 8 Feb 2024 09:30:52 +0000 (10:30 +0100)]
smbd: Remove unused declarations in smbXsrv.idl
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jule Anger [Tue, 5 Mar 2024 09:41:32 +0000 (10:41 +0100)]
selftest: add tests for "samba-tool user list --locked-only"
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Tue Mar 12 10:54:49 UTC 2024 on atb-devel-224
Jule Anger [Fri, 1 Mar 2024 10:16:26 +0000 (11:16 +0100)]
samba-tool: add "samba-tool user list --locked-only"
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 5 Mar 2024 12:17:19 +0000 (13:17 +0100)]
libgpo: Do not segfault if we don't have a valid security descriptor
Program received signal SIGSEGV, Segmentation fault.
ndr_push_security_descriptor (ndr=ndr@entry=0x555555bf41b0, ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at librpc/gen_ndr/ndr_security.c:713
713 NDR_CHECK(ndr_push_security_descriptor_revision(ndr, NDR_SCALARS, r->revision));
Thread 1 (Thread 0x7ffff7ece740 (LWP 21460) "python3"):
#0 ndr_push_security_descriptor (ndr=ndr@entry=0x555555bf41b0, ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at librpc/gen_ndr/ndr_security.c:713
_flags_save_STRUCT = 0
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
_status = <optimized out>
__FUNCTION__ = "ndr_push_security_descriptor"
#1 0x00007ffff617237f in ndr_push_struct_blob (blob=blob@entry=0x7fffffffdb20, mem_ctx=0x555555aa3bd0, p=0x0, fn=0x7ffff6074ad0 <ndr_push_security_descriptor>, fn@entry=0x7ffff60706c8 <ndr_push_security_descriptor@plt>) at ../../librpc/ndr/ndr.c:1438
_status = <optimized out>
ndr = 0x555555bf41b0
#2 0x00007ffff607cccf in marshall_sec_desc (mem_ctx=<optimized out>, secdesc=<optimized out>, data=data@entry=0x7fffffffdb80, len=len@entry=0x7fffffffdb78) at ../../libcli/security/secdesc.c:241
blob = {data = 0x7fffffffdb40 "`\333\377\377\377\177", length =
140737352374299}
ndr_err = <optimized out>
__FUNCTION__ = "marshall_sec_desc"
#3 0x00007ffff29edd94 in GPO_marshall_get_sec_desc_buf (self=<optimized out>, args=<optimized out>, kwds=<optimized out>) at ../../libgpo/pygpo.c:119
gpo_ptr = <optimized out>
status = <optimized out>
data = 0x0
len = 0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15599
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar 6 15:44:19 UTC 2024 on atb-devel-224
Andreas Schneider [Mon, 4 Mar 2024 15:42:38 +0000 (16:42 +0100)]
libgpo: Fix trailing spaces in pygpo.c
Reviewed-by: David Mulder <dmulder@samba.org>
Vinit Agnihotri [Fri, 27 Oct 2023 06:38:22 +0000 (23:38 -0700)]
ctdb-scripts: Remove usage of releaseip-pre, takeip-pre pseudo-events
These were generated by 06.nfs.script.
Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Mar 6 07:09:06 UTC 2024 on atb-devel-224
Vinit Agnihotri [Fri, 27 Oct 2023 06:35:25 +0000 (23:35 -0700)]
ctdb-scripts: Remove unnecessary 06.nfs.script
Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Vinit Agnihotri [Fri, 27 Oct 2023 06:07:47 +0000 (23:07 -0700)]
ctdb-doc: Put NFS in grace on startipreallocate
Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Vinit Agnihotri [Fri, 27 Oct 2023 06:03:01 +0000 (23:03 -0700)]
ctdb-doc: Factor out grace period function
Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Vinit Agnihotri [Thu, 26 Oct 2023 10:09:07 +0000 (03:09 -0700)]
ctdb-client: Remove unused function
Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Vinit Agnihotri [Thu, 26 Oct 2023 10:32:00 +0000 (03:32 -0700)]
ctdb-scripts: Add handling for startipreallocate
Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Vinit Agnihotri [Tue, 27 Feb 2024 08:13:57 +0000 (00:13 -0800)]
ctdb: send a CTDB_SRVID_START_IPREALLOCATE message after CTDB_EVENT_START_IPREALLOCATE
Event scripts run the "start_ipreallocate" hook in order to notice
that some ip addresses in the cluster potentially changed.
CTDB_SRVID_START_IPREALLOCATE gives C code a chance to get notified as well
once the event scripts are finished.
Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Vinit Agnihotri [Wed, 25 Oct 2023 10:30:27 +0000 (03:30 -0700)]
ctdb-takeover: Use CTDB_CONTROL_START_IPREALLOCATE
Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Vinit Agnihotri [Thu, 26 Oct 2023 06:55:17 +0000 (23:55 -0700)]
ctdb-server: Implement CTDB_CONTROL_START_IPREALLOCATE
Trigger a "startipreallocate" event, but only if in RUNNING runstate.
"startipreallocate" is intended to allow an NFS server to be put into
grace on all nodes before any locks are released as part of releaseip
during failover. If node A is leader and initiates a takeover run
then node B may be connected/active but may not have completed
startup. In this case, the attempt to put NFS-Ganesha into grace on
node B will fail, startipreallocate will fail, and the node will be
banned.
Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Vinit Agnihotri [Wed, 25 Oct 2023 09:14:24 +0000 (02:14 -0700)]
ctdb-protocol: Add new control CTDB_CONTROL_START_IPREALLOCATE
Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Vinit Agnihotri [Wed, 25 Oct 2023 11:29:33 +0000 (04:29 -0700)]
ctdb-daemon: Implement startipreallocate event
Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Vinit Agnihotri [Thu, 26 Oct 2023 06:50:30 +0000 (23:50 -0700)]
ctdb-protocol: Add new event startipreallocate
A new event is needed for NFS lock reclaim to ensure all nodes are in
grace before any locks are released. This event must take place before
releaseip.
Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Martin Schwenke [Sat, 10 Feb 2024 04:41:38 +0000 (15:41 +1100)]
ctdb-common: Remove old runstate/string translation functions
The canonical versions are in protocol utils.
These were unused apart from some stray forward declarations in
tools/ctdb.c and a single call in ctdb_set_runstate(), where
ctdb_runstate_to_string() can be used instead.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Martin Schwenke [Sat, 10 Feb 2024 04:36:32 +0000 (15:36 +1100)]
ctdb-common: Remove unused variable ctdb_eventscript_call_names.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Martin Schwenke [Sat, 10 Feb 2024 04:34:03 +0000 (15:34 +1100)]
ctdb-daemon: Use ctdb_event_to_string()
ctdb_eventscript_call_names() will be dropped so the mapping between
events and strings is only maintained in one place.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andrew Bartlett [Mon, 4 Mar 2024 01:45:42 +0000 (14:45 +1300)]
lib/ldb-samba: Remove unused ldb.set_opaque_integer()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 5 03:55:33 UTC 2024 on atb-devel-224
Andrew Bartlett [Mon, 4 Mar 2024 01:44:53 +0000 (14:44 +1300)]
dsdb: Remove calls to ldb.set_opaque_integer()
This routine will shortly be removed, it is now replaced by an
improved ldb.set_opaque()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Mon, 4 Mar 2024 01:27:19 +0000 (14:27 +1300)]
lib/ldb-samba: Align py_ldb_set_opaque_integer() with pyldb_set_opaque() and use "unsigned long long"
We need to change the internal types assumed in Samba for the opaque
integers to "unsigned long long" as this is what ldb.set_opaque() will
create, and we want to move to this interface rather than have a
duplicate.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Mon, 4 Mar 2024 00:02:54 +0000 (13:02 +1300)]
lib/ldb: Allocate opaque on ldb_ctx
Just in case this LDB is given away into the C code, that opaque must live
as long as the LDB itself, not the python wrapper object.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Mon, 4 Mar 2024 22:49:49 +0000 (11:49 +1300)]
python/samba/provision: Ensure KDS root key is usable as soon as provision is complete
We do this by setting the start time to being 10 hours 5min earlier
than now.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Mon, 4 Mar 2024 23:38:06 +0000 (12:38 +1300)]
selftest: Assert that the provision KDS root key is already valid for use
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Douglas Bagnall [Sun, 3 Mar 2024 21:46:02 +0000 (10:46 +1300)]
pytest:samba-tool domain kds root-key: test with normal user
It would be bad if samba-tool let ordinary users read root-key secrets.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 4 03:20:46 UTC 2024 on atb-devel-224
Douglas Bagnall [Sun, 3 Mar 2024 21:43:17 +0000 (10:43 +1300)]
samba-tool: tidy up uncaught insufficient rights LdbError
It is likely that many sub-commands will produce a traceback when people
go `-H ldap://server -Ubob` when they needed to go `-UAdministrator`.
We can catch these and show only the core message.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Fri, 1 Mar 2024 03:23:58 +0000 (16:23 +1300)]
ldb: Update ldb.get_opaque() to return talloc‐managed opaque values
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Mar 3 23:33:44 UTC 2024 on atb-devel-224
Jo Sutton [Fri, 1 Mar 2024 03:23:53 +0000 (16:23 +1300)]
ldb: Update ldb.set_opaque() to accept only supported types
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Thu, 29 Feb 2024 00:07:47 +0000 (13:07 +1300)]
ldb: Remove trailing whitespace
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Fri, 1 Mar 2024 03:18:10 +0000 (16:18 +1300)]
ldb: Pass a supported opaque type to ldb.set_opaque()
We are about to modify ldb.set_opaque() to accept only certain types,
and ldb.Ldb is not one of those types.
Pass in a value that is supported and whose lifetime is guaranteed to
outlive the Ldb object.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Fri, 1 Mar 2024 03:06:49 +0000 (16:06 +1300)]
ldb: Add tests for Python set_opaque() and get_opaque()
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 14 Nov 2023 06:12:02 +0000 (19:12 +1300)]
pyldb: Remove unused and broken Python access to LDB module API
These exposed the private LDB modules API to python, and was
untested and broken since LDB was made async internally as
it never called ldb_wait() on the result.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 5 Dec 2023 22:18:47 +0000 (11:18 +1300)]
pyldb: Improve docstric for whoami(), which takes no arguments.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 4 Dec 2023 22:59:46 +0000 (11:59 +1300)]
pyldb: Remove last caller to and definition of PyLdb_Check()
This is now checked by PyArg_ParseTupleAndKeywords().
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 4 Dec 2023 22:53:58 +0000 (11:53 +1300)]
pyldb: Use "O!" to specify the type of py_ldb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 4 Dec 2023 21:34:56 +0000 (10:34 +1300)]
pyldb: Move PyErr_LDB_OR_RAISE() and PyErr_LDB_DN_OR_RAISE() into pyldb.h
While these style of macros are against our coding style, it is still better
to have them in a single place, and while pyldb.h is technically public
Samba is the only user of the C bindings.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 4 Dec 2023 21:31:48 +0000 (10:31 +1300)]
dns: Use pyldb_check_type() in PyErr_LDB_DN_OR_RAISE()
This prepares to move this macro into pyldb.h
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 4 Dec 2023 21:30:50 +0000 (10:30 +1300)]
dns: Use pyldb_Ldb_AsLdbContext() in PyErr_LDB_OR_RAISE()
This prepares to move this macro into pyldb.h
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 4 Dec 2023 21:27:54 +0000 (10:27 +1300)]
dsdb: Use pyldb_check_type() in PyErr_LDB_DN_OR_RAISE()
This prepares to move this macro into pyldb.h
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 4 Dec 2023 21:08:23 +0000 (10:08 +1300)]
dsdb: Use pyldb_Ldb_AsLdbContext() in PyErr_LDB_OR_RAISE()
This macro already checks the type, so we do not need to call
py_check_dcerpc_type() and prepares to move this macro into pyldb.h
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Wed, 31 Jan 2024 04:26:45 +0000 (17:26 +1300)]
ldb/pyldb: Call Py_DECREF(list) on failure in PyLdbResult_FromResult()
We need to drop the reference to the list we created if we
are going to fail.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Wed, 22 Nov 2023 02:01:47 +0000 (15:01 +1300)]
ldb/pyldb: Check errors from PyLdbMessage_FromMessage
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Wed, 28 Feb 2024 00:17:48 +0000 (13:17 +1300)]
netcmd: models: Create ClaimType in the model layer instead
Having it inside a command isn't very re-usable.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 1 05:52:53 UTC 2024 on atb-devel-224
Rob van der Linde [Wed, 28 Feb 2024 00:15:40 +0000 (13:15 +1300)]
netcmd: models: ClaimType: move all dunder methods to the top for consistency
It's nice to consistently list the __str__ method first and all the dunder methods, then the static methods, then the rest.
At least for the models.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Tue, 27 Feb 2024 23:20:24 +0000 (12:20 +1300)]
netcmd: claims: tidy up, avoid setting enabled twice
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Tue, 27 Feb 2024 03:58:56 +0000 (16:58 +1300)]
netcmd: models: rename lookup methods to find for consistency
There are a mixture of methods called either 'lookup' or 'find'.
This dates back to when they raised LookupError, but these now raise NotFound.
They should be all called 'find' for consistency.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Tue, 27 Feb 2024 02:35:24 +0000 (15:35 +1300)]
netcmd: models: Rename username to account_name for consistency
When creating the User model initially, "username" was the only field that was inconsistently named, it maps to "sAMAccountName".
It should really have been account "account_name".
There is also a field "account_type" and should be similarly named to "account_name".
Basically the naming of fields should always be consistent, breaking the rule for one field only was a mistake.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Tue, 27 Feb 2024 01:21:31 +0000 (14:21 +1300)]
netcmd: models: Add optional base_dn argument to Model.query method
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rob van der Linde [Tue, 27 Feb 2024 01:12:40 +0000 (14:12 +1300)]
netcmd: models: Add Person and OrganizationalPerson
Move only those fields over that we already had on User that actually belong on Person and OrganizationalPerson
There are more fields to add later.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
git.samba.org / samba.git / log