Stefan Metzmacher [Fri, 5 Jan 2024 12:25:34 +0000 (13:25 +0100)]
BACKPORT-MARKER: v4-19-witness-backports-for-dcesrv-bug-14356.txt
Stefan Metzmacher [Tue, 14 Nov 2023 13:57:46 +0000 (14:57 +0100)]
Revert "DEBUG part3"
This reverts commit
5bb2366f67ef06c328ddd1a6d0269e2687c26053.
Stefan Metzmacher [Tue, 14 Nov 2023 13:57:36 +0000 (14:57 +0100)]
Revert "DEBUG librpc/rpc/dcesrv_auth.c AUTH3 failing machine account"
This reverts commit
1951885bae0fedc9a94c9a3b44d355ffd06afb9c.
Stefan Metzmacher [Tue, 14 Nov 2023 13:57:14 +0000 (14:57 +0100)]
DEBUG librpc/rpc/dcesrv_auth.c AUTH3 failing machine account
Stefan Metzmacher [Tue, 17 Nov 2020 16:47:23 +0000 (17:47 +0100)]
rm selftest/knownfail.d/dcerpc-auth-pad
Stefan Metzmacher [Tue, 17 Nov 2020 13:00:34 +0000 (14:00 +0100)]
FIX8 if (a->auth_type != auth_type) => auth_invalid
Stefan Metzmacher [Tue, 17 Nov 2020 12:05:36 +0000 (13:05 +0100)]
FIX8 sq dcesrv_auth_prepare_auth3
Stefan Metzmacher [Fri, 13 Nov 2020 04:12:48 +0000 (05:12 +0100)]
FIX8 auth3 fault codes
Stefan Metzmacher [Fri, 13 Nov 2020 02:44:56 +0000 (03:44 +0100)]
FIX8 SQ auth3 with 4 legs results in DCERPC_NCA_S_PROTO_ERROR => no
fault, just a delayed one
Stefan Metzmacher [Thu, 12 Nov 2020 15:40:31 +0000 (16:40 +0100)]
FIX8 auth3 with 4 legs results in DCERPC_NCA_S_PROTO_ERROR
Stefan Metzmacher [Thu, 12 Nov 2020 15:39:58 +0000 (16:39 +0100)]
FIX8 auth3 check against call->conn->transport_max_recv_frag
Stefan Metzmacher [Fri, 13 Nov 2020 01:47:51 +0000 (02:47 +0100)]
FIX8 librpc/rpc/dcesrv better fault codes dcesrv_auth_prepare_auth3
Stefan Metzmacher [Fri, 13 Nov 2020 10:29:30 +0000 (11:29 +0100)]
FIX7 sq2 fix default_auth_level_connect auth_invalid => FAULT_ACCESS_DENIED
Stefan Metzmacher [Fri, 13 Nov 2020 09:55:43 +0000 (10:55 +0100)]
FIX7 fix default_auth_level_connect auth_invalid => FAULT_ACCESS_DENIED
Stefan Metzmacher [Tue, 17 Nov 2020 09:05:41 +0000 (10:05 +0100)]
TEST5 test_no_auth_ctx_request
Stefan Metzmacher [Thu, 12 Nov 2020 15:41:53 +0000 (16:41 +0100)]
TEST3 LATER python/samba/tests/dcerpc/raw_testcase.py get_invalid_creds
Stefan Metzmacher [Tue, 17 Nov 2020 16:44:51 +0000 (17:44 +0100)]
TEST7 fix comment in test_spnego_change_auth_type1
Stefan Metzmacher [Wed, 11 Nov 2020 16:03:29 +0000 (17:03 +0100)]
gensec:spnego: ignore trailing bytes in SPNEGO_SERVER_START state - selftest/knownfail.d/dcerpc-auth-pad
Stefan Metzmacher [Wed, 11 Nov 2020 16:03:29 +0000 (17:03 +0100)]
gensec:spnego: ignore trailing bytes in SPNEGO_SERVER_START state
This matches Windows (at least Server 2012_R2).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 17 Feb 2021 23:40:56 +0000 (00:40 +0100)]
gensec:ntlmssp: only allow messages up to 2888 bytes - selftest/knownfail.d/dcerpc-auth-pad
Stefan Metzmacher [Thu, 12 Nov 2020 09:00:07 +0000 (10:00 +0100)]
gensec:ntlmssp: only allow messages up to 2888 bytes
This matches Windows (at least Server 2012_R2).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 12 Nov 2020 15:41:21 +0000 (16:41 +0100)]
dcesrv_core: alter_context logon failures should result in DCERPC_FAULT_ACCESS_DENIED test_spnego_change_auth_type1 selftest/knownfail.d/dcerpc-auth-pad
Stefan Metzmacher [Thu, 12 Nov 2020 15:41:21 +0000 (16:41 +0100)]
dcesrv_core: alter_context logon failures should result in DCERPC_FAULT_ACCESS_DENIED
We should use DCERPC_FAULT_ACCESS_DENIED as default for
gensec status results of e.g. NT_STATUS_LOGON_FAILURE or
NT_STATUS_INVALID_PARAMTER.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 12 Nov 2020 15:41:05 +0000 (16:41 +0100)]
dcesrv_core: a failure from gensec_update results in NAK_REASON_INVALID_CHECKSUM selftest/knownfail.d/dcerpc-auth-pad
Stefan Metzmacher [Thu, 12 Nov 2020 15:41:05 +0000 (16:41 +0100)]
dcesrv_core: a failure from gensec_update results in NAK_REASON_INVALID_CHECKSUM
We already report that for gensec_start_mech_by_authtype() failures,
but we also need to do that for any invalid authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 16:07:54 +0000 (17:07 +0100)]
dcerpc_util: let dcerpc_pull_auth_trailer() ignore data_and_pad for bind, alter, auth3 selftest/knownfail.d/dcerpc-auth-pad
Stefan Metzmacher [Wed, 11 Nov 2020 16:07:54 +0000 (17:07 +0100)]
dcerpc_util: let dcerpc_pull_auth_trailer() ignore data_and_pad for bind, alter, auth3
Sometimes Windows sends 3 presentation contexts (NDR32, NDR64,
BindTimeFeatureNegotiation) in the first BIND of an association.
Binding an additional connection to the association seems to
reuse the BIND buffer and just changes the num_contexts field from
3 to 2 and leaves the BindTimeFeatureNegotiation context as padding
in places.
Note, the auth_pad_length field is send as 0 in that case,
which means we need to ignore it completely, as well as any
padding before the auth header.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 16:59:45 +0000 (17:59 +0100)]
dcerpc_util: let dcerpc_pull_auth_trailer() expose the reject reason selftest/knownfail.d/dcerpc-auth-pad
Stefan Metzmacher [Wed, 11 Nov 2020 16:59:45 +0000 (17:59 +0100)]
dcerpc_util: let dcerpc_pull_auth_trailer() expose the reject reason
If dcerpc_pull_auth_trailer() returns NT_STATUS_RPC_PROTOCOL_ERROR
it will return the BIND reject code in auth->auth_context_id.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 11 Nov 2020 16:05:21 +0000 (17:05 +0100)]
dcerpc_util: let dcerpc_pull_auth_trailer() check that auth_offset is 4 bytes aligned selftest/knownfail.d/dcerpc-auth-pad
Stefan Metzmacher [Wed, 11 Nov 2020 16:05:21 +0000 (17:05 +0100)]
dcerpc_util: let dcerpc_pull_auth_trailer() check that auth_offset is 4 bytes aligned
That what Windows (at least 2012_R2) also asserts.
It also makes sure that ndr_pull_dcerpc_auth() will
start with ndr->offset = 0 and don't tries to eat
possible padding.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 12 Nov 2020 10:10:46 +0000 (11:10 +0100)]
TEST2 TODO test_schannel_invalid_bind selftest/knownfail.d/dcerpc-auth-pad
Stefan Metzmacher [Thu, 12 Nov 2020 10:10:46 +0000 (11:10 +0100)]
TEST2 TODO test_schannel_invalid_bind
Stefan Metzmacher [Thu, 12 Nov 2020 16:22:19 +0000 (17:22 +0100)]
TEST1b test_spnego_connect_bind_auth_align[4|2] selftest/knownfail.d/dcerpc-auth-pad
Stefan Metzmacher [Thu, 12 Nov 2020 16:22:19 +0000 (17:22 +0100)]
TEST1b test_spnego_connect_bind_auth_align[4|2]
Stefan Metzmacher [Wed, 11 Nov 2020 00:19:23 +0000 (01:19 +0100)]
TEST1 python/samba/tests/dcerpc/raw_protocol.py selftest/knownfail.d/dcerpc-auth-pad
Stefan Metzmacher [Wed, 11 Nov 2020 00:19:23 +0000 (01:19 +0100)]
TEST1 python/samba/tests/dcerpc/raw_protocol.py
Stefan Metzmacher [Thu, 12 Nov 2020 15:38:32 +0000 (16:38 +0100)]
dcesrv_core: introduce dcesrv_connection->transport_max_recv_frag
The max fragment size depends on the transport.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 16 Nov 2020 14:01:49 +0000 (15:01 +0100)]
tests/dcerpc/raw_protocol: run test_neg_xmit_ffff_ffff over tcp and smb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 16 Nov 2020 15:58:35 +0000 (16:58 +0100)]
dcesrv_core: add more verbose debugging for missing association groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 14 Nov 2023 13:04:30 +0000 (14:04 +0100)]
DEBUG part3
Stefan Metzmacher [Fri, 5 Jan 2024 12:21:36 +0000 (13:21 +0100)]
BACKPORT-MARKER: v4-19-witness-backports-from-wip.txt
Stefan Metzmacher [Tue, 31 Jul 2012 06:55:20 +0000 (08:55 +0200)]
smb2_tcon: add "smb3 share cap:{CONTINUOUS AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}" options
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 22 Jan 2024 18:27:03 +0000 (19:27 +0100)]
python:tests/rpcd_witness_samba_only: add tests for 'net witness force-response'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 15 Dec 2023 13:49:37 +0000 (14:49 +0100)]
s3:utils: add 'net witness force-response'
This allows generating any possible AsyncNotify response
for the specified selection of witness registrations
from rpcd_witness_registration.tdb.
This can be used by developers to test the (windows)
client behavior to specific AsyncNotify responses.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2024 13:20:00 +0000 (14:20 +0100)]
python:tests/rpcd_witness_samba_only: add tests for 'net witness force-unregister'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 15 Dec 2023 13:49:37 +0000 (14:49 +0100)]
s3:utils: add 'net witness force-unregister'
This allows removing of the specified selection
of witness registrations from rpcd_witness_registration.tdb.
Any pending AsyncNotify will get WERR_NOT_FOUND.
Typically this triggers a clean re-registration on the client.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2024 13:20:00 +0000 (14:20 +0100)]
python:tests/rpcd_witness_samba_only: add tests for 'net witness {client,share}-move'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 15 Dec 2023 13:49:37 +0000 (14:49 +0100)]
s3:utils: add 'net witness client-move' and 'net witness share-move'
These can be used to generate CLIENT_MOVE or SHARE_MOVE message
to the specified selection of witness registrations from
rpcd_witness_registration.tdb
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 20 Dec 2023 18:22:25 +0000 (19:22 +0100)]
s3:rpc_server/witness: add handling of MSG_RPCD_WITNESS_REGISTRATION_UPDATE messages
This implements the server side features for the
'net witness [client-move,...]' commands in the end.
These are administrator driven notifications for the witness client.
RPCD_WITNESS_REGISTRATION_UPDATE_FORCE_RESPONSE and
RPCD_WITNESS_REGISTRATION_UPDATE_FORCE_UNREGISTER will be very useful
for later automated testing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 21 Dec 2023 14:03:05 +0000 (15:03 +0100)]
s3:rpcd_witness.idl: add rpcd_witness_registration_updateB message definitions
This will be used for rpcd_witness_registration_updateB messages
in 'net witness [client-move,...]' commands later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 21 Dec 2023 14:03:05 +0000 (15:03 +0100)]
messaging.idl: add MSG_RPCD_WITNESS_REGISTRATION_UPDATE
This will be used for rpcd_witness_registration_updateB messages
in 'net witness [client-move,...]' commands later.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Jan 2024 16:30:41 +0000 (17:30 +0100)]
python:tests/rpcd_witness_samba_only: add tests for 'net witness list'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 15 Dec 2023 13:49:37 +0000 (14:49 +0100)]
s3:utils: add 'net witness list' command
It lists the entries from the rpcd_witness_registration.tdb.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 24 Nov 2023 16:15:36 +0000 (17:15 +0100)]
s3:rpc_server/witness: let Register[Ex] store rpcd_witness_registration.tdb records
This will allow 'net witness list' to be implemented in the end.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 21 Dec 2023 14:03:05 +0000 (15:03 +0100)]
s3:rpcd_witness.idl: introduce definitions for rpcd_witness_registration.tdb records
A rpcd_witness_registration.tdb will be added shortly in order to
implement useful 'net witness [list,client-move,...]' commands
in the end.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 10 Jan 2024 14:11:24 +0000 (15:11 +0100)]
python/blackbox: add rpcd_witness_samba_only.py test
This tests the witness service and its interaction with
ctdb.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Jan 2024 15:56:58 +0000 (16:56 +0100)]
python/tests: add TestCase.get_loadparm(s3=True) support
This will be used for tests with registry shares,
as the top level loadparm system doesn't support them.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 15 Jan 2024 12:06:57 +0000 (13:06 +0100)]
script/autobuild.py: also pass PYTHONPATH to make test of 'samba-ctdb'
Otherwise tests won't find the custom tdb python bindings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Jan 2024 16:09:51 +0000 (17:09 +0100)]
selftest/Samba: export CTDB_PREFIX in clusteredmember testenv
It means ctdb/tests/local_daemons.sh will be easily useable
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Jan 2024 16:08:06 +0000 (17:08 +0100)]
selftest/Samba3: start samba_dcerpcd in clusteredmember
This enables the rpcd_witness to be available.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Jan 2024 16:06:05 +0000 (17:06 +0100)]
selftest/Samba3: remove unused variable in setup_clusteredmember
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Jan 2024 16:03:38 +0000 (17:03 +0100)]
selftest/Samba3: get NETBIOSNAME correct for clusteredmember
It was missed in commit
7598b9069d3b983f8eb3b89b8459ec993ee43c80
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 9 Aug 2023 18:24:52 +0000 (20:24 +0200)]
s3:rpc_server/witness: add implementation based on CTDB_SRVID_IPREALLOCATED and ctdbd_all_ip_foreach()
The design is relatively simple in the end:
- We use ctdbd_all_ip_foreach() in order to build an
in memory list of interfaces(ip addresses) and
record if:
- they are currently available or not
- if they node local or not
- The current list is would we use for the
GetInterfaceList() call.
- Register[Ex] will create an in memory structure
holding a queue for pending AsyncNotify requests.
- Unregister() will cancel pending AsyncNotify requests and
let them return NOT_FOUND.
- CTDB_SRVID_IPREALLOCATED messages will cause we refresh
with ctdbd_all_ip_foreach():
- this will detect changes in the interface state
and remove stale interfaces.
- for each change the list of registrations is checked
for a matching ip address and a RESOURCE_CHANGE
will be scheduled in the queue of the registration,
the started queue will trigger AsyncNotify responses
- We also register the connections with ctdb in order
to give other nodes a chance to generate tickle-acks
for the witness tcp connections.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 9 Aug 2023 10:18:05 +0000 (12:18 +0200)]
s3:rpc_server: add basic rpcd_witness template
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 11 Aug 2023 11:07:46 +0000 (13:07 +0200)]
s3:ctdbd_conn: add ctdbd_all_ip_foreach() helper
This can we used to traverse through all ip addresses ctdb knows
about.
The caller can select node ips and/or public ips.
This will we useful to monitor the addresses from a witness
service...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 11 Aug 2023 09:51:04 +0000 (11:51 +0200)]
s3:ctdbd_conn: split out ctdbd_control_get_nodemap()
This will simplify future changes...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 11 Aug 2023 09:30:07 +0000 (11:30 +0200)]
s3:ctdbd_conn: pass vnn to ctdbd_control_get_public_ips()
In future we also want to ask other nodes for their public_ips.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 12 Jan 2024 15:54:32 +0000 (16:54 +0100)]
witness.idl: make witness_interfaceList public to that ndr_print works in python
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 9 Jan 2024 15:46:06 +0000 (16:46 +0100)]
smbstatus: let --json include session.{creation,expiration,auth}_time
This is very useful in order to predict NETWORK_SESSION_EXPIRED
messages...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Rob van der Linde [Wed, 13 Dec 2023 01:00:00 +0000 (14:00 +1300)]
selftest: make get_loadparm a classmethod
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit
18fd2e4ff35e4ec3491a1836c1896c1417126b08)
Stefan Metzmacher [Fri, 5 Jan 2024 12:17:03 +0000 (13:17 +0100)]
BACKPORT-MARKER: v4-19-witness-backports-from-txt
Stefan Metzmacher [Fri, 24 Nov 2023 13:42:35 +0000 (14:42 +0100)]
dcesrv_reply: just drop responses if the connection is already terminating
There's no reason to waste resources...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 9 11:26:55 UTC 2024 on atb-devel-224
(cherry picked from commit
1b6ef968d8370757cb472a1e3bfe030f8066c50d)
Stefan Metzmacher [Fri, 24 Nov 2023 13:02:02 +0000 (14:02 +0100)]
dcesrv_core: add dcesrv_call_state->subreq in order to allow tevent_req_cancel() on termination
Requests might be cancelled if the connection got disconnected,
we got an ORPHANED or CO_CANCEL pdu.
But this is all opt-in for the backends to choose.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
e829f5d8ec3a77acb52a22d45e61dcce03762a10)
Stefan Metzmacher [Fri, 29 Dec 2023 09:20:02 +0000 (10:20 +0100)]
witness.idl: add flag(NDR_PAHEX) to some hex based enums
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
87e37e73a9ba13ed92a33a385a387b225b2b9190)
Stefan Metzmacher [Fri, 24 Nov 2023 15:38:06 +0000 (16:38 +0100)]
witness.idl: make some types public in order to be used elsewhere
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
290b0b04ae41b835f864bba02b1320693ef199d3)
Samuel Cabrero [Wed, 21 Oct 2020 16:30:29 +0000 (18:30 +0200)]
witness.idl: Set cifs as auth service name for the witness interface
Windows clients use the 'cifs' service name to bind to the witness interface.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
5beef87816d103a729508ce88368c30c87b1fa4e)
Stefan Metzmacher [Fri, 24 Nov 2023 15:28:38 +0000 (16:28 +0100)]
tdb: fix python/tdbdump.py example
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
78ec47a6674db65d738305cf00861aa711886a43)
Ralph Boehme [Sun, 28 Jan 2018 14:35:44 +0000 (15:35 +0100)]
examples/scripts: add smbXsrvdump
A simple python tool to dump smbXsrv TDB databases.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
3c73d201d454a88135757065a2b238e6d94a1ac9)
Stefan Metzmacher [Fri, 24 Nov 2023 15:09:58 +0000 (16:09 +0100)]
smbXsrv.idl: add python bindings
This is useful for some scripting examples and debugging...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
8e850685a1052a16bea402df3e8057218080c373)
Stefan Metzmacher [Fri, 15 Dec 2023 15:46:50 +0000 (16:46 +0100)]
smbstatus: let --json dump also session channels
This makes if easier to see how tcp connections belong
to a session or client_guid.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
b96ce32f826ba03384e6a7535200d7e18354fc4b)
Stefan Metzmacher [Thu, 28 Dec 2023 09:36:25 +0000 (10:36 +0100)]
smbstatus: let --json report the client_guid a session belongs to
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
3f92a684abb577b84d01b8f9124a7a459635d851)
Stefan Metzmacher [Thu, 28 Dec 2023 09:35:43 +0000 (10:35 +0100)]
smbXsrv_session: store session_global->client_guid
This is very useful for debugging...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
c1c326ebccb272acc918a97aff5b659cc299c9e5)
Stefan Metzmacher [Fri, 15 Dec 2023 15:45:54 +0000 (16:45 +0100)]
s3:sessionid: export smbXsrv_session_global via sessionid->global
This will allow smbstatus --json to dump more details.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
88b1c8723b30930585514dacd472e4941c69220c)
Stefan Metzmacher [Thu, 21 Dec 2023 12:02:43 +0000 (13:02 +0100)]
lib/util: let is_zero_addr() return true for AF_UNSPEC
It means the completely zero'ed structure is detected
as zero address, as AF_UNSPEC is 0.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
d52f7279063817055b6816d9f8372e374c90f75f)
Stefan Metzmacher [Fri, 17 Nov 2023 12:36:02 +0000 (13:36 +0100)]
s3:smbd multichannel: improve smbXsrv_connection_dbg()
client_guid as well as local and remote address help a lot
for debugging...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
10b084f824f839497405665b904cd54f8f5ff703)
Stefan Metzmacher [Fri, 22 Dec 2023 20:50:57 +0000 (21:50 +0100)]
s3:smbd multichannel: let a cross-node session binding NT_STATUS_REQUEST_NOT_ACCEPTED
This is better than NT_STATUS_USER_SESSION_DELETED, as it means the
client can keep it's session alive. Otherwise a windows client believes
the whole session is gone and all other channels are invalid.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
475784d63e9381e8a76cd666842686c1b8d2d0b4)
Stefan Metzmacher [Fri, 29 Dec 2023 12:09:32 +0000 (13:09 +0100)]
s3:smbd multichannel: always allow multichannel to the ip of the queried connection
We can announce the ip of the current connection even if it's
a moveable cluster address... as the client is already connected to it.
This change means in a typical ctdb cluster, where we only have public
addresses, the client can at least have more than one multichannel'ed
connection to the public ip.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
8a3707e3ed96df43c8f825527deb7d27fe0c6be8)
Stefan Metzmacher [Thu, 28 Dec 2023 09:18:51 +0000 (10:18 +0100)]
libcli/security: remove PRIMARY_{USER,GROUP}_SID_INDEX defines from security.h
These and more are also defined in security_token.h, which is later included
from security.h anyway.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
f94d2ed13e6aa54e7e4e4cc292c565de1711a2a9)
Stefan Metzmacher [Fri, 22 Dec 2023 23:04:33 +0000 (00:04 +0100)]
libcli/smb: add new SMB2_SHAREFLAG_ defines in smb2_constants.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit
6331d33ae498e03368422e585c3e47cfc73dfdb2)
Stefan Metzmacher [Fri, 24 Nov 2023 10:51:54 +0000 (11:51 +0100)]
ctdb: add comments to "addip"/"delip" when CTDB_{CONTROL,EVENT,SRVID}_IPREALLOCATED happens
"addip"/"delip" are different from "moveip" so they don't need to
call ipreallocate() nor send_ipreallocated_control_to_nodes().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
62654f0aeb1909129e87df061186509560859bed)
Stefan Metzmacher [Fri, 24 Nov 2023 09:53:44 +0000 (10:53 +0100)]
ctdb: let "moveip" end with CTDB_CONTROL_IPREALLOCATED to all connected nodes
This matches the behavior of takeover_send/recv() from
ctdb_takeover_helper.c.
It means we consistently call the ipreallocated event scripts
and also send CTDB_SRVID_IPREALLOCATED after moving ips.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
589ebabc95eef0c301a47696e82c0ac341027597)
Stefan Metzmacher [Fri, 24 Nov 2023 09:50:16 +0000 (10:50 +0100)]
ctdb: remove unused ctdb_message_disable_ip_check()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
2c6b455bd7656b4e43d1f4ea488f06cd7918586b)
Stefan Metzmacher [Thu, 23 Nov 2023 12:57:28 +0000 (13:57 +0100)]
ctdb: let "moveip" also use disable_takeover_runs()
That makes the behavior more consistent compared to a takeover run
started from the within ctdbd.
The behavior is the same but ctdb_message_disable_ip_check() used
a legacy code path and the next commits will also touch some
of the moveip logic...
The logic and comments are copied from control_reloadips().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
cad1969b171766a5264973e7bfb5f9f7295421b6)
Stefan Metzmacher [Thu, 23 Nov 2023 14:04:09 +0000 (15:04 +0100)]
ctdb: send a CTDB_SRVID_IPREALLOCATED message after CTDB_EVENT_IPREALLOCATED
Event scripts run the "ipreallocated" hook in order to notice that some ip addresses
in the cluster potentially changed.
CTDB_SRVID_IPREALLOCATED gives C code a chance to get notified as well once the event
scripts are finished.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit
b1d0d5d51422f377c2e989ea6dacb2aa5794082b)
Stefan Metzmacher [Fri, 13 Oct 2023 07:18:25 +0000 (09:18 +0200)]
s4:rpc_server/epmapper: use ndr_syntax_id_equal() in dcesrv_epm_Map() to match the request
This matches it much easier to understand.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
5ec5496df40e6015ec8de6133a406bb50efebe35)
Stefan Metzmacher [Fri, 13 Oct 2023 07:11:51 +0000 (09:11 +0200)]
s4:rpc_server/epmapper: check dcerpc_floor_get_uuid_full() result in dcesrv_epm_Map()
This already checks for EPM_PROTOCOL_UUID and simplifies the logic.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
53e4fe647ec3f840836340cf9eac4f79b8794aad)
Stefan Metzmacher [Thu, 12 Oct 2023 15:19:21 +0000 (17:19 +0200)]
s4:rpc_server: simplify logic in dcesrv_epm_Map matching
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
dfdb8736c750079bc42d274a416c9f7ea3f820dc)
Stefan Metzmacher [Wed, 9 Aug 2023 17:39:21 +0000 (19:39 +0200)]
librpc/rpc: also get the 2nd half of the ndr_syntax_id from a floor
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
7a7a38b870dd8f0b384e290b8e9e18305bf54f90)
Stefan Metzmacher [Wed, 9 Aug 2023 17:23:59 +0000 (19:23 +0200)]
librpc/rpc: add dcerpc_floor_pack_uuid_full() helper function
This handles the full syntax with split major and minor version,
from lhs and rhs.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit
1058382d048bc368a3825cb295d9aeabf0ef9b10)