Andrew Bartlett [Thu, 17 Apr 2014 03:39:56 +0000 (15:39 +1200)]
dsdb: Do not permit nested event loops when in a transaction, use a nested event context
It is never safe to execute arbitary code inside a transaction - we
need to get in and get out, not run other events for the rest of the
server.
This patch avoids that by creating a private event loop during
transactions, so no unexpected operations fire, and returning the
original one when we finish it.
If an event fires during an LDB transaction, an unrelated operation
can occur during the transaction, and if the transaction were to be
cancelled, there would be a silent rollback (despite the client having
been indicated success).
Additionally, other processes could be called via IRPC that need to
operate on the database but are locked out due to the ongoing
transaction.
Andrew Bartlett
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10582
Change-Id: I22322fc006e61d7291da17cdf6431416ebb7b30f
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 6 13:36:20 CEST 2014 on sn-devel-104
Andrew Bartlett [Thu, 17 Apr 2014 03:38:14 +0000 (15:38 +1200)]
dsdb: Rename private_data to rootdse_private_data in rootdse
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10582
Change-Id: I349a2be67333ada86c19cd6d2ed283cd5bbeb2aa
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jose A. Rivera [Mon, 5 May 2014 12:29:57 +0000 (07:29 -0500)]
Minor typo fix in source3/wscript.
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 5 22:41:19 CEST 2014 on sn-devel-104
Jose A. Rivera [Mon, 5 May 2014 11:46:58 +0000 (06:46 -0500)]
Fix an empty if statement.
Primarily following the precedent set by other uses of composite_is_ok(), but
also making sure nothing tries to use c after this point if it is in fact not
ok.
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Martin Schwenke [Fri, 28 Mar 2014 05:18:17 +0000 (16:18 +1100)]
ctdb-daemon: Move a ZERO_STRUCT() to a better place
It might as well be near where it is used. Add a comment explaining
it.
Also add/update comments at the top of the RELEASE_IP and TAKEOVER_IP
loops to explain what is happening.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon May 5 06:20:39 CEST 2014 on sn-devel-104
Martin Schwenke [Thu, 16 Jan 2014 03:48:39 +0000 (14:48 +1100)]
ctdb-eventscripts: Add check for invalid policy routing configuration
The range
CTDB_PER_IP_ROUTING_TABLE_ID_LOW..CTDB_PER_IP_ROUTING_TABLE_ID_HIGH
should not include 253-255. Otherwise policy routing may overwrite
the default system routing tables.
Add some corresponding tests.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Pair-programmed-with: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 15 Jan 2014 03:16:52 +0000 (14:16 +1100)]
ctdb-eventscripts: Update comment in 11.routing
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 27 Mar 2014 05:31:54 +0000 (16:31 +1100)]
ctdb-eventscripts: Don't check if $iface is empty
This is the loop variable. It can't be empty, especially given the
way the list is built. This must have survived from an earlier
version of the script.
Given that there are whitespace changes associated with the above,
clean-up the "virtio_net" avoidance check so that it reads less like
line-noise.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Volker Lendecke [Sun, 4 May 2014 16:44:33 +0000 (18:44 +0200)]
poll_funcs: Fix a comment typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Sun May 4 22:19:53 CEST 2014 on sn-devel-104
Andrew Bartlett [Wed, 16 Apr 2014 21:33:26 +0000 (09:33 +1200)]
ldb: make the successful ldb_transaction_start() message clearer
Change-Id: I00d0705484c3b53f55c4a8ec2953e92329b7408e
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat May 3 10:20:52 CEST 2014 on sn-devel-104
Michael Adam [Wed, 30 Apr 2014 10:14:46 +0000 (12:14 +0200)]
s3:passdb: improve a debug message in pdb_default_sid_to_id()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Michael Adam [Wed, 30 Apr 2014 10:10:01 +0000 (12:10 +0200)]
s3:passdb: fix and improve debug message in pdb_default_sid_to_id().
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Michael Adam [Tue, 29 Apr 2014 11:31:42 +0000 (13:31 +0200)]
s4:samr: allow builtin groups for samr_OpenGroup.
This fixes nsswitch getgrgid for builtins.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 3 Apr 2014 21:40:35 +0000 (10:40 +1300)]
selftest: Add tests for dbcheck detection and removal of partial objects
To avoid listing all the provision snapshots, we use a broader blacklist for waf dist
and a whitelist for dbcheck-oldrelease.sh
Andrew Bartlett
Change-Id: Iab0ff4be0b4287dc128a49302836a6f0f7b39678
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 3 Apr 2014 01:50:05 +0000 (14:50 +1300)]
dsdb: Make it harder to corrupt the database by requiring DBCHECK or RELAX for final object deletion
This kind of deletion can cause us to then replicate back a partial
object. We allow dbcheck to directly remove totally corrupt objects
(missing an objectclass) by specifying both DBCHECK and RELAX, and the
tombstone sweep after 180 days is done with the RELAX control.
Andrew Bartlett
Change-Id: Ic21f68e507ba9b65e035ca568430e35e2d001c7d
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Alexander Werth [Fri, 25 Apr 2014 11:53:48 +0000 (13:53 +0200)]
s3: Always cache idmapping results of pdb backend.
And don't cache in the pdb_ldap module on the id_to_sid calls.
Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat May 3 04:14:05 CEST 2014 on sn-devel-104
Björn Baumbach [Fri, 25 Apr 2014 20:05:54 +0000 (22:05 +0200)]
waf: fetch and use some exit codes of called processes
Without this patch for example "make ctags" reports "Success",
also if ctags fails or is not available.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Björn Baumbach [Mon, 25 Nov 2013 14:29:09 +0000 (15:29 +0100)]
samba-tool ldapcmp: fix a typo
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Thu, 1 May 2014 18:11:20 +0000 (11:11 -0700)]
s3: smbd: Remove open_file_fchmod().
No longer used (hurrah!).
Bug 10564 - Lock order violation and file lost
https://bugzilla.samba.org/show_bug.cgi?id=10564
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 2 23:47:38 CEST 2014 on sn-devel-104
Jeremy Allison [Thu, 1 May 2014 18:07:44 +0000 (11:07 -0700)]
s3: smbd: change file_set_dosmode() to use get_file_handle_for_metadata() instead of open_file_fchmod().
get_file_handle_for_metadata() is a new function that
finds an existing open handle (fsp->fh->fd != -1) for
a given dev/ino if there is one available, and uses
INTERNAL_OPEN_ONLY with WRITE_DATA access if not.
Allows open_file_fchmod() to be removed next.
Bug 10564 - Lock order violation and file lost
https://bugzilla.samba.org/show_bug.cgi?id=10564
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 1 May 2014 18:01:03 +0000 (11:01 -0700)]
s3: smbd : Ensure file_new doesn't call into smbXsrv_open_create() for INTERNAL_OPEN_ONLY.
This causes deadlocks which cause smbd to crash if the locking
database has already been locked for a compound operation we
need to be atomic (as in the file rename case).
Ensure INTERNAL_OPEN_ONLY opens are synonymous with req==NULL.
INTERNAL_OPEN_ONLY opens leave a NO_OPLOCK record in
the share mode database, so they can be detected by other
processes for share mode violation purposes (because
they're doing an operation on the file that may include
reads or writes they need to have real state inside the
locking database) but have an fnum of FNUM_FIELD_INVALID
and a local share_file_id of zero, as they will never be
seen on the wire.
Ensure validate_my_share_entries() ignores
INTERNAL_OPEN_ONLY records (share_file_id == 0).
Bug 10564 - Lock order violation and file lost
https://bugzilla.samba.org/show_bug.cgi?id=10564
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Jeremy Allison [Thu, 1 May 2014 17:58:51 +0000 (10:58 -0700)]
s3 : smbd : Protect all possible code paths from fsp->op == NULL.
In changes to come this will be possible for an INTERNAL_OPEN_ONLY.
The protection was already in place for some code paths, this
makes the coverage compete.
Bug 10564 - Lock order violation and file lost
https://bugzilla.samba.org/show_bug.cgi?id=10564
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Thu, 1 May 2014 20:50:19 +0000 (13:50 -0700)]
smbd: Fix compile warning in dmapi.c
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: I69297d91ab8c857204e1f78cafb210b9a05f3b77
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 2 03:41:31 CEST 2014 on sn-devel-104
Andrew Bartlett [Tue, 29 Apr 2014 21:38:34 +0000 (09:38 +1200)]
dbcheck: Directly call dn.get_rdn_{val,name}() for clarity and consistency
When looking for incorrect name values, this improves the previous
code by avoiding one more manual parse step, and uses less cryptic
variable names.
Andrew Bartlett
Change-Id: Iff8e571a6359a67bf173f729dc12b8787292b3cb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Stefan Metzmacher [Thu, 3 Apr 2014 14:03:19 +0000 (16:03 +0200)]
s4:repl_meta_data: fix array assignment in replmd_process_linked_attribute()
Change-Id: I10357236108f68ab749ba0e1f07558302c573887
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 13 Mar 2014 22:12:39 +0000 (23:12 +0100)]
dbchecker: verify and fix broken dn values
With older Samba versions (4.0.x) the following could happen:
- On account was created on DC1
- It was replicated to DC2
- The connection between the dcs is offline
- The account gets modified on DC2
- The account gets deleted on DC1
- The connection becomes online again
- DC1 replicates the modification from DC2,
this resets the dn to the original value.
'name' and 'cn' are correct (with '\nDEL${GUID}'),
but 'dn' is wrong.
- DC2 replicates the deletion from DC1.
this doesn't include a changed dn as DC1
had a bug.
'name' is correct (with '\nDEL${GUID}'),
but 'cn' and 'dn' are wrong.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10536
Change-Id: Ia70a6c12e0ff0d4c2c8100cb1d8f3c6422b65591
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 13 Mar 2014 22:12:39 +0000 (23:12 +0100)]
dbchecker: make the deleted objects container detection more generic
Change-Id: I282ad887c41412e25fdf73476e405f4e88e0b239
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 29 Apr 2014 07:37:54 +0000 (09:37 +0200)]
ldb: change version to 1.1.17
This adds some pyldb methods for ldb.Dn.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 29 Apr 2014 07:35:31 +0000 (09:35 +0200)]
ldb:pyldb: add some more helper functions for LdbDn
This adds [g|s]et_component[|_name|_value]() and get_rdn_[name|value]().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 29 Apr 2014 07:34:48 +0000 (09:34 +0200)]
ldb:pyldb: fix doc string for set_extended_component()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 29 Apr 2014 07:32:45 +0000 (09:32 +0200)]
ldb:pyldb: add some const to PyObject_FromLdbValue()
PyString_FromStringAndSize() makes a copy of the value...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Fri, 7 Feb 2014 13:11:19 +0000 (14:11 +0100)]
ctdb: Fix a comment typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 30 21:05:09 CEST 2014 on sn-devel-104
Volker Lendecke [Tue, 29 Apr 2014 12:27:03 +0000 (14:27 +0200)]
torture3: Add a test deleting a different req
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Apr 30 17:09:59 CEST 2014 on sn-devel-104
Volker Lendecke [Tue, 29 Apr 2014 12:25:14 +0000 (14:25 +0200)]
torture3: Add local-messaging-read1
This covers deleting and re-adding a request in a callback
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Apr 2014 12:14:24 +0000 (14:14 +0200)]
messaging3: Fix messaging_read_send/recv
messaging_read_send/recv was okay for just one handler in the queue. For
multiple handlers it was pretty broken.
A handler that deletes itself as part of the callback (pretty typical use
case...) drops the message for a subsequent handler that responds to the same
message type. In messaging_dispatch_rec we walk the array, however
messaging_read_cleanup has already changed the array. tevent_req_defer_callback
does not help here: It only defers the callback, it does not defer the cleanup
function.
This also happens when a callback deletes a different handler
A handler that re-installs itself in the callback might get a message twice.
This patch changes the code such that only messaging_dispatch_rec adds records
to msg_ctx->waiters, new waiters are put into a staging area first
(msg_ctx->new_waiters). Also messaging_read_cleanup does not move anything
around in msg_ctx->waiters, it only nulls out itself. messaging_dispatch_rec is
changed to cope with this.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Apr 2014 12:12:26 +0000 (14:12 +0200)]
messaging3: Make "presult" optional in messaging_read_recv
Callers might not be interested in the rec, just the fact that something
arrived
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Apr 2014 12:10:04 +0000 (14:10 +0200)]
torture3: Add a bit more coverage to messaging_read
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 29 Apr 2014 12:08:29 +0000 (14:08 +0200)]
messaging3: Fix formatting
This went over the 80-char limit
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 29 Apr 2014 23:59:55 +0000 (16:59 -0700)]
s3: smbd : Fix wildcard unlink to fail if we get an error rather than trying to continue.
This can break smbd if we end up leaving a SHARING_VIOLATION
retry record on the queue.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Andrew Bartlett [Fri, 28 Mar 2014 01:35:21 +0000 (14:35 +1300)]
winbind: Allow winbindd to be run from inside "samba"
Change-Id: I6b90a9b62ba5821e0feedb23cd20642078ba0ca6
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr 29 05:28:39 CEST 2014 on sn-devel-104
Andrew Bartlett [Thu, 17 Apr 2014 10:35:33 +0000 (22:35 +1200)]
kerberos: Remove un-used event context argument from smb_krb5_init_context()
The event context here was only specified in the server or admin-tool
context, which does not do network communication, so this only caused
a talloc_reference() and never any useful result.
The actual network communication code sets an event context directly
before making the network call.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr 28 02:24:57 CEST 2014 on sn-devel-104
Andrew Bartlett [Thu, 17 Apr 2014 09:48:30 +0000 (21:48 +1200)]
dsdb: Specify no event context to smb_krb5_init_context() in dsdb
These routines parse principals and generate keys only, no network
communication is done.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Michael Adam [Fri, 11 Apr 2014 17:14:41 +0000 (19:14 +0200)]
autorid: Add allocation from above in alloc range for well known sids
This way, we achieve a better determinism for the id mappings
of the well knowns without wasting a separate range.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Apr 25 17:52:10 CEST 2014 on sn-devel-104
Michael Adam [Thu, 24 Apr 2014 11:34:40 +0000 (13:34 +0200)]
autorid: use dbwrap_trans_do() in idmap_autorid_sid_to_id_alloc()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 11 Apr 2014 19:31:48 +0000 (21:31 +0200)]
autorid: add high_id to range config and fill it where we also fill range->low_id.
This corresponds to low_id for convenience and allows
for computations without going back to the global config.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 7 Apr 2014 15:24:31 +0000 (17:24 +0200)]
autorid: reserve 500 IDs at the top of the ALLOC range.
The wellknowns are now allocated into this sub-range.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 11 Apr 2014 19:06:26 +0000 (21:06 +0200)]
autorid: reverse order of arguments of idmap_autorid_sid_to_id_alloc()
for consistency
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 11 Apr 2014 16:56:21 +0000 (18:56 +0200)]
autorid: introduce idmap_autorid_domsid_is_for_alloc()
Currently, this checks if the sid is a wellknown domain sid.
But the code reads more nicely and more domains might be added
in the future.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 11 Apr 2014 16:43:58 +0000 (18:43 +0200)]
autorid: factor idmap_autorid_sid_to_id() out of idmap_autorid_sids_to_unixids()
- reduces indentation
- unifies error code paths and bumping counters
- makes the code more easy to read
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 11 Apr 2014 16:25:44 +0000 (18:25 +0200)]
autorid: make the checks for bumping num_mapped identical for alloc and rid case
in idmap_autorid_sids_to_unixids()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 11 Apr 2014 16:20:56 +0000 (18:20 +0200)]
autorid: explicitly return NTSTATUS_OK in idmap_autorid_sid_to_id_alloc().
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 11 Apr 2014 16:20:01 +0000 (18:20 +0200)]
autorid: more explicitly and reasonably set map->state in idmap_autorid_sid_to_id_alloc
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 11 Apr 2014 15:56:37 +0000 (17:56 +0200)]
autorid: rename idmap_autorid_sid_to_id() -> idmap_autorid_sid_to_id_rid()
For consistency. This is the function that does the calculation
if the sid is treated by a rid range.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Thu, 10 Apr 2014 16:33:20 +0000 (18:33 +0200)]
autorid: rename idmap_autorid_map_sid_to_id() -> idmap_autorid_sid_to_id_alloc()
for consistency. this is the sid->id function for the alloc range.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Thu, 10 Apr 2014 16:20:23 +0000 (18:20 +0200)]
autorid: rename idmap_autorid_map_id_to_sid() -> idmap_autorid_id_to_sid_alloc()
for consistency. This is the function that maps id to sid
for the alloc range.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 17 Mar 2014 11:49:59 +0000 (12:49 +0100)]
autorid: factor idmap_autorid_get_alloc_range() out of idmap_autorid_allocate_id()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 11 Apr 2014 19:42:43 +0000 (21:42 +0200)]
autorid: fix discard-const warning in idmap_autorid_init_hwm()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Wed, 23 Apr 2014 16:19:09 +0000 (18:19 +0200)]
autorid: fix uninitialized return code for successful autorid.tdb creation/opening
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 17 Mar 2014 11:49:19 +0000 (12:49 +0100)]
autorid: improve a debug message in idmap_autorid_map_sid_to_id()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 17 Mar 2014 11:43:12 +0000 (12:43 +0100)]
autorid: add debug messages to idmap_autorid_get_domainrange()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Mon, 17 Mar 2014 11:42:41 +0000 (12:42 +0100)]
autorid: improve wording in a debug message
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 11 Apr 2014 18:59:52 +0000 (20:59 +0200)]
autorid: remove a legacy comment from sid_to_id
With the introduction of the ID_TYPE_BOTH mapping
to idmap_autorid, it is not a deficiency but a
virtue of the autorid backend that it does not
care about the existence or type of the
sid to be mapped.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 11 Apr 2014 19:03:06 +0000 (21:03 +0200)]
idmap_rid: remove a legacy comment from sid_to_id
With the introduction of the ID_TYPE_BOTH mapping
to idmap_rid, it is not a deficiency but a
virtue of the rid backend that it does not
care about the existence or type of the
sid to be mapped.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 11 Apr 2014 21:52:20 +0000 (23:52 +0200)]
idmap_tdb_common: remove legacy comment.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Thu, 24 Apr 2014 15:18:34 +0000 (17:18 +0200)]
idmap_tdb_common: fix a debug message in idmap_tdb_common_set_mapping()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Michael Adam [Wed, 23 Apr 2014 19:52:07 +0000 (21:52 +0200)]
idmap_tdb_common: fix a debug message in idmap_tdb_common_unixid_to_sid()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 17 Apr 2014 12:25:48 +0000 (14:25 +0200)]
s3-rpc_server: Remove ncalrpc_as_system from make_server_pipes_struct().
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 24 13:39:10 CEST 2014 on sn-devel-104
Andreas Schneider [Thu, 17 Apr 2014 12:22:17 +0000 (14:22 +0200)]
s3-rpc_server: Remove ncalrpc_as_system from pipes_struct.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 17 Apr 2014 11:46:07 +0000 (13:46 +0200)]
s3-rpc_server: Use gensec for NCALRPC_AS_SYSTEM.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Thu, 17 Apr 2014 09:00:54 +0000 (11:00 +0200)]
s3-rpc_server: Add special tsocket address for ncalrpc_as_system.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 23 Apr 2014 12:45:45 +0000 (14:45 +0200)]
s3:rpc_client: Use gensec for NCALRPC_AS_SYSTEM.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Thu, 17 Apr 2014 10:02:45 +0000 (12:02 +0200)]
s3-auth: Register ncalrpc_as_system gensec module.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 16 Apr 2014 13:21:40 +0000 (15:21 +0200)]
gensec: add DCERPC_AUTH_TYPE_NCALRPC_AS_SYSTEM backend
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 23 Apr 2014 11:07:15 +0000 (13:07 +0200)]
s3:rpc_server: pass everything but AUTH_TYPE_{NONE,NCALRPC_AS_SYSTEM} to gensec
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Wed, 23 Apr 2014 08:42:12 +0000 (10:42 +0200)]
s3-rpc_server: Call pipe_auth_verify_final() if needed.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 23 Apr 2014 08:40:27 +0000 (10:40 +0200)]
s3-rpc_server: Return the status code from gensec.
We need to know the difference between NT_STATUS_OK
and NT_STATUS_MORE_PROCESSING_REQUIRED.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Wed, 23 Apr 2014 11:02:35 +0000 (13:02 +0200)]
s3:rpc_server: let auth_generic_server_step() handle gensec_security == NULL
This simplifies the caller, we don't need to look at the auth_type anymore.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 23 Apr 2014 16:13:04 +0000 (18:13 +0200)]
s3:rpc_server: make sure we have a unix token
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 23 Apr 2014 11:01:00 +0000 (13:01 +0200)]
s3:rpc_server: handle everything but AUTH_TYPE_NONE as gensec in verify_final
The NCALRPC_AS_SYSTEM doesn't use pipe_auth_verify_final() yet,
so it's fine for now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 23 Apr 2014 12:35:15 +0000 (14:35 +0200)]
s3:rpc_client: pass everything to gensec by default
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 23 Apr 2014 16:59:52 +0000 (18:59 +0200)]
auth/gensec: use auth_ctx->generate_session_info() for schannel
This way we generate a correct session info for the s3 rpc_server,
including a unix token.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Wed, 23 Apr 2014 17:00:26 +0000 (19:00 +0200)]
s3:auth: allow special SYSTEM and ANONYMOUS handling in auth3_generate_session_info()
auth_ctx->generate_session_info() will be used by the SCHANNEL and
NCALRPC_AS_SYSTEM gensec modules in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Jeremy Allison [Tue, 22 Apr 2014 23:07:18 +0000 (16:07 -0700)]
s3: torture - Fix racy assumption in original messaging test.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 24 00:50:55 CEST 2014 on sn-devel-104
Jeremy Allison [Tue, 22 Apr 2014 22:55:53 +0000 (15:55 -0700)]
s3: torture - Add required talloc frame for msgtest.c
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Jeremy Allison [Fri, 18 Apr 2014 22:09:28 +0000 (15:09 -0700)]
s3: winbindd: Call dgram cleanup init background setup.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Fri, 18 Apr 2014 22:08:19 +0000 (15:08 -0700)]
s3: nmbd: Call dgram cleanup init background setup.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Fri, 18 Apr 2014 22:06:05 +0000 (15:06 -0700)]
s3: smbd: Call dgram cleanup init background setup.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Fri, 11 Apr 2014 11:08:56 +0000 (11:08 +0000)]
s3: messaging: Add infrastructure to clean up orphaned sockets every 15 minutes as a background task.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Fri, 18 Apr 2014 21:47:39 +0000 (14:47 -0700)]
s3 : build system : Move lib/background.c from smbd_base to samba3core.
Allows background jobs to be run from winbindd and nmbd.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Fri, 11 Apr 2014 11:07:10 +0000 (11:07 +0000)]
smbd: Call the msg_ctx destructor for background jobs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 10 Apr 2014 20:09:04 +0000 (22:09 +0200)]
smbcontrol: Add dgm-cleanup command
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 10 Apr 2014 20:07:11 +0000 (22:07 +0200)]
messaging_dgm: Add messaging_dgm_wipe
This walks all sockets and wipes the left-overs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 11 Apr 2014 07:13:10 +0000 (09:13 +0200)]
smbd: Always clean up the child's msg_ctx
This is a bit lazy programming, we could and possibly should do this in
exit_server() in the child. But this way we make sure the cleanup works. If it
only was executed for unclean exits, we might not detect failure of this code
in the parent.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 11 Apr 2014 07:12:46 +0000 (09:12 +0200)]
smbcontrol: Clean up the msg_ctx
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 11 Apr 2014 07:09:49 +0000 (09:09 +0200)]
printing_cups: Call the msg_ctx destructor on exit
With the new messaging, if we don't do this, we'll leave sockets around. I'm
sure we will not catch everything, so a periodic cleanup will be required.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 4 Apr 2014 19:12:06 +0000 (21:12 +0200)]
smbd: Sort notify events by timestamp
This will fix the raw.notify test with the new messaging system. With the new
messaging system messages come in via yet another fd that has to line up in
poll next to the incoming client TCP socket. With the signal-based messaging
messages were always handled before client requests. The new scheme means that
notify messages might be deferred a bit (something which can happen in a
cluster already now), which then means that notify_marshall_changes() will
coalesce entries, which in turn makes raw.notify unhappy.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 4 Apr 2014 19:01:01 +0000 (21:01 +0200)]
smbd: Pass on a timestamp in MSG_PVFS_NOTIFY
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 25 Feb 2014 12:15:58 +0000 (12:15 +0000)]
messaging3: Add messaging_send_iov
This uses a copy, will be replaced by a direct iovec call through to
sendmsg on the unix domain socket
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 2 Mar 2014 18:33:08 +0000 (19:33 +0100)]
lib: Add iov_buf
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 2 Mar 2014 17:34:53 +0000 (18:34 +0100)]
lib: Introduce iov_buflen
.. with overflow protection
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>