Garming Sam [Thu, 30 Jun 2016 00:19:32 +0000 (12:19 +1200)]
WHATSNEW: Add the update for the samba kcc
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Wed, 29 Jun 2016 22:54:29 +0000 (10:54 +1200)]
samba_kcc: Enable the python samba_kcc
For any reasonably large domain, the old KCC is impractical as the dense
mesh topology causes replication pulses.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Mon, 18 Jul 2016 02:38:40 +0000 (14:38 +1200)]
kcc: correct a typo in the debug messages
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Mon, 18 Jul 2016 05:06:57 +0000 (17:06 +1200)]
dbcheck: Add a rule regarding replica locations
This fixes any RW DCs with repsFrom without the corresponding link. On
any RODC, this just reports an error (and doesn't fix it).
(the knownfail entry is also now removed)
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Wed, 20 Jul 2016 00:47:11 +0000 (12:47 +1200)]
dbcheck/release-4-1-0rc3: Add a check regarding replica locations
This DC has repsFrom for the DNS partitions, but not the corresponding
link. This ensures that dbcheck has fixed them up. This will currently
fail without the actual changes to dbcheck coming in the following
commit.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Mon, 18 Jul 2016 01:09:59 +0000 (13:09 +1200)]
join.py: Add Replica-Locations for DomainDNS and ForestDNS
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Wed, 20 Jul 2016 01:37:47 +0000 (13:37 +1200)]
join.py: Ensure that all expressions are escaped
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Tue, 5 Jul 2016 03:57:28 +0000 (15:57 +1200)]
samba_kcc: match translate connection from old KCC for RODC
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Fri, 1 Jul 2016 05:02:50 +0000 (17:02 +1200)]
kcc: Prevent the KCC from doing work on the RODC
This should never have done any real work, new code or not. This just removes
the initial KCC calls and bails out in the KCC if we actually ran it.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Sun, 3 Jul 2016 23:17:45 +0000 (11:17 +1200)]
kcc: Make debug more scarce
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Douglas Bagnall [Tue, 19 Jul 2016 02:03:57 +0000 (14:03 +1200)]
VLV tests: remove vestigial pdb stub
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 19 17:22:51 CEST 2016 on sn-devel-144
Douglas Bagnall [Tue, 19 Jul 2016 01:39:45 +0000 (13:39 +1200)]
VLV tests: add tests with show_deleted control
These tests add a few deleted users and ensure they are VLV-able.
In a `make test` context there will be other deleted users lying
around, so we can't assert the expected results of the search without
looking first.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 8 Jul 2016 02:20:15 +0000 (14:20 +1200)]
VLV: fix handling with show_deleted and similar controls
The first search in each round of VLV performs the search then saves
the results in the form of an array of GUIDs, which subsequent calls
refer to to get different ranges from the same search. These
subsequent calls make an individual search for each GUID. If the
original search had the show_deleted control, the array may contain
GUIDs for deleted items, which would not be seen on the later
searches without the same control.
So we save all controls except the VLV itself and the sort control
(which won't affect the search for a single GUID) and reuse them on
the subsequent VLV searches.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 19 Jul 2016 01:16:25 +0000 (13:16 +1200)]
VLV tests: comment typo
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 12 Jul 2016 02:07:13 +0000 (14:07 +1200)]
VLV tests: reduce test duplication hence elapsed time
This makes before/after lattice sparser for the slower tests. While
we're doing that, some of the tests are changed to traverse the
lattice in a different order just in case that matters.
There is very little chance that any particular combination of before
and after parameters will behave uniquely wrongly.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 18 Jul 2016 04:58:04 +0000 (16:58 +1200)]
join.py: Remove talloc enable_null_tracking
The removal of enable_null_tracking is required because we will no
longer importing join.py in every single samba-tool invocation. Without
removing this line, memory would be hanging from both the actual NULL
context and the talloc_null_context (causing a segfault at system_exit).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Sun, 17 Jul 2016 21:54:16 +0000 (09:54 +1200)]
pytalloc: Add a warning about enable_null_tracking
If it is called in the middle of a script such as samba-tool, memory
would be hanging from both the actual NULL context and the
talloc_null_context (causing a segfault at system_exit).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Jul 2016 04:55:50 +0000 (16:55 +1200)]
selftest: Disable all replication during most replication tests
Rather than just disabling inbound replication, consider that there may be another server
in the test network, and ensure we do not replicate to or from it either.
replica_sync.py is omitted, as it tests some more subtle variations
of the DISABLE_INBOUND_REPL flag.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 19 Jul 2016 01:04:02 +0000 (13:04 +1200)]
selftest: Ensure we can call DRSUAPI_EXOP_REPL_OBJ with replication disabled
We add the forced flag, so that we can leave replication otherwise disabled
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Jul 2016 05:05:40 +0000 (17:05 +1200)]
drs: pass the forced-replication flag from DsReplicaSync to GetNCChanges
This ensures we and sync from a server with DISABLE_OUTBOUND_REPL set
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Jul 2016 04:53:27 +0000 (16:53 +1200)]
selftest: Disable replication before doing forced pre-test replicate
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Jul 2016 04:35:28 +0000 (16:35 +1200)]
selftest: Make repl_move more robust by disabling replication before the test
We do this before we ensure the two DCs are in sync, and then force the sync
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Jul 2016 03:53:20 +0000 (15:53 +1200)]
selftest: Make repl_schema more robust by disabling replication before the test
We also ensure the two DCs are in sync before the test starts
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Mon, 18 Jul 2016 03:47:03 +0000 (15:47 +1200)]
samba-tool: Put full command and subcommand in informative name when testing samba-tool
These are not used for anything other than to print in the usage, but
it seems nicer to match normal invocation of these commands
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 7 Jul 2016 22:03:38 +0000 (10:03 +1200)]
ldb: Add better debugging to ldb_wait()
To keep line lengths short, the code is re-factored to the
early return pattern.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Sat, 9 Jul 2016 04:51:56 +0000 (16:51 +1200)]
repl: Remove check for parentGUID being NULL in dsdb_convert_object_ex()
We find that Windows 2012R2 sends a NULL parent_guid here, probably when no change to name is replicated.
That is, if there has not been a rename, this is not required information, as we
can just merge with the existing object, not matter where it is
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Sun, 10 Jul 2016 09:53:04 +0000 (21:53 +1200)]
Remove unused and untested source4 ntptr and spoolss systems
These were never finished, were not tested and clearly will not be revived
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Sat, 9 Jul 2016 05:36:18 +0000 (17:36 +1200)]
param: Correct the defaults for "dcerpc endpoint services"
We must not list any services that we skip building, as otherwise all RPC services fail to start.
We now build without the source4 spoolss server in non-developer builds
This fixes commit
0b4c741b9c03d147ee5f56d027bacda75c1b5282
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12025
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Sat, 9 Jul 2016 05:34:39 +0000 (17:34 +1200)]
build: Always build eventlog6. This is not a duplicate of eventlog
The eventlog6 pipe is not a duplicate with the source3 code, so should be built even
for the default build with smbd for file serving
This fixes commit
0b4c741b9c03d147ee5f56d027bacda75c1b5282
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12026
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Ralph Boehme [Fri, 15 Jul 2016 15:48:19 +0000 (17:48 +0200)]
vfs_acl_xattr: objects without NT ACL xattr
Even with "ignore system acls" set to "yes", for objects without NT ACL
xattr we use the underlying filesystem permissions to construct an NT
ACL. This can result in *very* unexpected permissions, eg:
- a directory with the following ACL:
$ ./bin/smbcacls -Uslow%pass //localhost/normal ""
REVISION:1
CONTROL:SR|DP
OWNER:SLOW\slow
GROUP:Unix Group\root
ACL:SLOW\slow:ALLOWED/0x0/FULL
So only one non-inheritable(!) ACE.
- creating a subdirectory:
$ ./bin/smbclient -Uslow%pass //localhost/normal -c "mkdir dir1"
- checking whether there's an ACL xattr:
$ getfattr -m "" /Volumes/normal/dir1
getfattr: Removing leading '/' from absolute path names
system.posix_acl_access
system.posix_acl_default
user.DOSATTRIB
So there isn't an ACL xattr, because there where no inheritable ACEs on
the parent folder.
- reading the new subdirectories ACL:
$ ./bin/smbcacls -Uslow%pass //localhost/normal "dir1"
REVISION:1
CONTROL:SR|DP
OWNER:SLOW\slow
GROUP:Unix Group\slow
ACL:SLOW\slow:ALLOWED/0x0/FULL
ACL:Unix Group\slow:ALLOWED/0x0/READ
ACL:Everyone:ALLOWED/0x0/READ
ACL:NT Authority\SYSTEM:ALLOWED/0x0/FULL
The ACES for "SLOW\slow", "Unix Group\slow" and "Everyone" are coming
from the underlying filesystem. This is the problem.
- Windows assigns the following ACL in this situation:
$ ./bin/smbcacls -UAdministrator%Passw0rd //10.10.10.14/data "dir"
REVISION:1
CONTROL:SR|PD|DI|DP
OWNER:VORDEFINIERT\Administratoren
GROUP:WIN2008R2\Domänen-Benutzer
ACL:WIN2008R2\Administrator:ALLOWED/0x0/FULL
$ ./bin/smbclient -UAdministrator%Passw0rd //10.10.10.14/data -c "mkdir dir\dir1"
$ ./bin/smbcacls -UAdministrator%Passw0rd //10.10.10.14/data "dir\dir1"
REVISION:1
CONTROL:SR|DI|DP
OWNER:VORDEFINIERT\Administratoren
GROUP:WIN2008R2\Domänen-Benutzer
ACL:VORDEFINIERT\Administratoren:ALLOWED/0x0/FULL
ACL:NT-AUTORITÄT\SYSTEM:ALLOWED/0x0/FULL
By changing make_default_filesystem_acl() to only adds user and system
ACE to the ACL of objects that lack an ACL xattr, we match Windows
behaviour:
$ ./bin/smbclient -Uslow%pass //localhost/normal -c "mkdir dir2"
$ ./bin/smbcacls -Uslow%pass //localhost/normal "dir2"
REVISION:1
CONTROL:SR|DP
OWNER:SLOW\slow
GROUP:Unix Group\slow
ACL:SLOW\slow:ALLOWED/0x0/FULL
ACL:NT Authority\SYSTEM:ALLOWED/0x0/FULL
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12028
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul 19 10:22:05 CEST 2016 on sn-devel-144
Ralph Boehme [Fri, 15 Jul 2016 15:56:02 +0000 (17:56 +0200)]
s3/smbd: move make_default_filesystem_acl() to vfs_acl_common.c
This function is only used in vfs_acl_common.c and will be modified in
the next commit.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12028
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Fri, 15 Jul 2016 19:16:18 +0000 (12:16 -0700)]
notify_inotify: Map inotify mask back to filter
Instead of reporting that an inotify event triggered all possible filter
masks, map the inotify event back to the filter mask. This is slightly
more accurate, although there can still be mismatches due to the
mapping.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jul 18 18:50:55 CEST 2016 on sn-devel-144
Christof Schmitt [Fri, 15 Jul 2016 19:15:15 +0000 (12:15 -0700)]
notify_inotify: Move mapping table to top of file
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Thu, 14 Jul 2016 22:44:46 +0000 (15:44 -0700)]
smbd: Allow passing notify filter from inotify and fam
This only adds a parameter to the callback without any functional
change.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Christof Schmitt [Thu, 14 Jul 2016 20:35:15 +0000 (13:35 -0700)]
smbtorture: Correctly initialize notify request in smb2.notify.tree
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Fri, 15 Jul 2016 08:55:54 +0000 (10:55 +0200)]
lib: Fix a signed/unsigned mixup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 16 00:17:03 CEST 2016 on sn-devel-144
Volker Lendecke [Fri, 15 Jul 2016 09:00:36 +0000 (11:00 +0200)]
dbwrap: Remove dbwrap_watchers.tdb based code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 14 Jul 2016 05:43:20 +0000 (07:43 +0200)]
smbd: Remove a reference to dbwrap_watch_db()
This has never been watched, so it's an unnecessary overhead on
dbwrap_record_store().
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jul 15 20:32:19 CEST 2016 on sn-devel-144
Volker Lendecke [Wed, 13 Jul 2016 05:41:02 +0000 (07:41 +0200)]
smbd: Convert smbXsrv_open_global.tdb to new dbwrap_watch
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 13 Jul 2016 05:27:30 +0000 (07:27 +0200)]
smbd: Convert locking.tdb to new dbwrap_watch
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 13 Jul 2016 05:26:52 +0000 (07:26 +0200)]
lib: Convert g_lock to new dbwrap_watch
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 12 Jul 2016 13:59:56 +0000 (15:59 +0200)]
dbwrap: Add an alternative implementation of dbwrap_watch_record_send
The existing one with a separate dbwrap_watchers.tdb turns out to
create a performance penalty in a clustered environment. Non-clustered,
dbwrap_parse_record on non-existent records is very cheap, but in a
cluster environment this is very noticable.
This implementation puts the watcher information into the records itself. For
large records, this might be another performance penalty, because we have to
assemble the final record together with talloc and memcpy, but this might be
fixed later with a tdb_storev call.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 12 Jul 2016 13:57:29 +0000 (15:57 +0200)]
dbwrap: Add overflow protection to dbwrap_record_watchers_key()
It's highly unlinkely that this will ever kick in, because our current tdb keys
are rather small, but offset calculations without overflow checks are bad.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 12 Jul 2016 14:07:51 +0000 (16:07 +0200)]
g_lock: Use "blocker" argument to dbwrap_record_watch_send
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 10 Mar 2016 13:37:12 +0000 (14:37 +0100)]
dbwrap: Add "blocker" to record_watch_send
Typicall, when we watch a record, we wait for a process to give up some
resource. Be it an oplock, a share mode or the g_lock. If everything goes well,
the blocker sends us a message. If the blocker dies hard, we want to also be
informed immediately.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 12 Jul 2016 13:33:59 +0000 (15:33 +0200)]
lib: Add server_id_watch_send
This is a brute force variant, trying twice a second. We'll have better
variants with tmsgd in the future.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Garming Sam [Tue, 12 Jul 2016 00:44:10 +0000 (12:44 +1200)]
renamedc: Make a more targeted dbcheck
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Fri Jul 15 13:40:40 CEST 2016 on sn-devel-144
Garming Sam [Thu, 14 Jul 2016 11:54:59 +0000 (13:54 +0200)]
flapping: Remove dbcheck from flapping
This reverts commit
019bdcd0bbac1e10be75ba37a22d4255bb31ebd6.
The dbcheck should no longer be flapping now that the stale links are
cleaned up by an earlier check.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Jul 2016 22:36:38 +0000 (10:36 +1200)]
dbcheck.sh: Remove all the plausible stale links
This ensures the subsequent dbcheck doesn't fail. The reason these stale
links occur is because they are effectively one-way links at this point
we have no efficient method of checking the opposite end of a one-way
link (without doing a full traversal).
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Jul 2016 22:31:50 +0000 (10:31 +1200)]
dbcheck: Split out valid stale DN links and invalid ones
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Jul 2016 01:30:35 +0000 (13:30 +1200)]
dbcheck.sh: Fix the arguments supplied as $@
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 11 Jul 2016 21:54:14 +0000 (09:54 +1200)]
tests/dbcheck: One way links are expected to be stale
Run a targeted dbcheck to fix only the one way links.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Mon, 11 Jul 2016 03:14:47 +0000 (15:14 +1200)]
dbcheck: change argument to specify a partial --yes
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 23:19:54 +0000 (11:19 +1200)]
dbcheck linked attribute tests: save environment with bad links
We save a database snapshot that contains linked attributes that
should have been deleted, and make sure dbcheck fixes those links
without ruining anything else.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 23:22:11 +0000 (11:22 +1200)]
blackbox/dbcheck-oldrelease: more accurate temp filename
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 28 Jun 2016 01:58:41 +0000 (13:58 +1200)]
s4/selftest/provisions/dump.sh: dump to target dir if supplied
This is clearly what was meant to happen.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 04:17:37 +0000 (16:17 +1200)]
dbcheck: check for linked atributes that should not exist
In order to do this we need to use the reveal internals control, which
breaks the comparison against extended DNs. So we compare the
components instead.
Because this patch makes our code notice and fix stale one-way-links
(eg, after a rename) now, the renamedc test needs to be adjusted to
match.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Garming Sam [Thu, 14 Jul 2016 11:53:23 +0000 (13:53 +0200)]
flapping: Add dbcheck to flapping
This is required as the tests will pass or not depending on if it is run
solely or not. This will be removed in the later patches.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 04:15:35 +0000 (16:15 +1200)]
dbcheck: cache linkIDs and reverse attribute names
This avoids fetching the same same schema things again and again.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Jul 2016 01:29:19 +0000 (13:29 +1200)]
extended_dn_out: Force showing of one-way links if they exist
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 14 Jul 2016 04:56:50 +0000 (16:56 +1200)]
link_attrs: Add tests for one way links (and pseudo one-way)
Tested against Win2012R2. The deactivated link control has no effect on either
one way links or pseudo ones (only two-way ones presumably).
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Jul 2016 06:03:33 +0000 (18:03 +1200)]
drs tests: querying linked attribute over DRS
Without the deactivated links control, we assert certain conditions over DRS
instead.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 04:35:08 +0000 (16:35 +1200)]
dsdb tests: add linked attribute tests
Note that this test will not work properly across ldap as the
marked-deleted linked attributes will not appear.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 5 Jul 2016 23:54:25 +0000 (11:54 +1200)]
dsdb: add vanish links control
Normally linked attributes are deleted by marking them as with RMD flags,
but sometimes we want them to vanish without trace. At those times we
set the DSDB_CONTROL_REPLMD_VANISH_LINKS control.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 5 Jul 2016 23:53:19 +0000 (11:53 +1200)]
repl_meta_data: free context on error in replmd_modify_la_delete()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 30 Jun 2016 03:43:33 +0000 (15:43 +1200)]
replmd_modify_delete: check talloc_new()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 1 Jun 2016 21:25:00 +0000 (09:25 +1200)]
s4/dsdb/repl_meta_data: use local bool version of flag
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 14 Jul 2016 00:27:32 +0000 (12:27 +1200)]
match_rules: Make cleanup faster and more efficient
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Thu, 14 Jul 2016 00:28:58 +0000 (12:28 +1200)]
match_rules: Fix a duplicated check
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Wed, 13 Jul 2016 05:41:51 +0000 (17:41 +1200)]
dbcheck: Script swallows input when given a carriage return
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Michael Adam [Thu, 14 Jul 2016 08:01:15 +0000 (10:01 +0200)]
build: avoid -Wtautological-compare errors from gcc6+ by disabling it globally
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 15 04:31:27 CEST 2016 on sn-devel-144
Michael Adam [Thu, 14 Jul 2016 07:58:28 +0000 (09:58 +0200)]
Revert "lib:dlinklist: avoid -Wtautological-compare errors with gcc6"
This reverts commit
5d85fd85467eb1f8941641d5f71d75e7d5c7234c.
Breaks compile for older (<= 4.4) gccs.
Needs to be done differently.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Michael Adam [Thu, 14 Jul 2016 07:58:15 +0000 (09:58 +0200)]
Revert "tevent: avoid -Wtautological-compare errors with gcc6"
This reverts commit
2991f7709973fdcc2c0b83bbe15dda3f1ceae9b3.
Breaks compile for older (<= 4.4) gccs.
Needs to be done differently.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Michael Adam [Thu, 14 Jul 2016 07:57:32 +0000 (09:57 +0200)]
Revert "ldb:dlinklist: avoid -Wtautological-compare errors with gcc6"
This reverts commit
7c9505e651287c5d4747b222af1fda970c562a00.
Breaks compile for older (<= 4.4) gccs.
Needs to be done differently.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 22 Jul 2015 09:19:08 +0000 (11:19 +0200)]
tdb: Don't malloc for every record in traverse
This gains a few percent in tdbbackup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jul 15 00:52:00 CEST 2016 on sn-devel-144
Volker Lendecke [Thu, 23 Jun 2016 11:24:02 +0000 (13:24 +0200)]
lib: Allow NULL blob for messaging_send()
... something I've wanted to do for ages :-)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 14 20:50:15 CEST 2016 on sn-devel-144
Volker Lendecke [Tue, 26 Apr 2016 14:24:33 +0000 (16:24 +0200)]
lib: Avoid a "procid_is_local" call
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Mon, 18 Apr 2016 14:40:22 +0000 (16:40 +0200)]
lib: Print own pid in messaging_init
This turned out to be some valuable debugging aid for me
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Ira Cooper [Wed, 13 Jul 2016 10:37:19 +0000 (12:37 +0200)]
ldb:dlinklist: avoid -Wtautological-compare errors with gcc6
We expect these macros to generate tautological compares
intentionally, so disabling the warning is just fine.
This lets --pick-developer work with gcc6 and newer.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 14 05:44:21 CEST 2016 on sn-devel-144
Michael Adam [Wed, 13 Jul 2016 10:36:21 +0000 (12:36 +0200)]
tevent: avoid -Wtautological-compare errors with gcc6
We expect these macros to generate tautological compares
intentionally, so disabling the warning is just fine.
This lets --picky-developer work with gcc6 and newer.
Pair-Programmed-With: Ira Cooper <ira@samba.org>
Signed-off-by: Ira Cooper <ira@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ira Cooper [Wed, 13 Jul 2016 10:35:13 +0000 (12:35 +0200)]
lib:dlinklist: avoid -Wtautological-compare errors with gcc6
We expect these macros to generate tautological compares
intentionally, so disabling the warning is just fine.
This lets --picky-developer work with gcc6 and newer.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Wed, 13 Jul 2016 20:09:48 +0000 (13:09 -0700)]
selftest: Add tunable for smb2.maxfid limit
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Michael Adam [Wed, 13 Jul 2016 11:22:54 +0000 (13:22 +0200)]
rpc_server: add mssing '#pragma GCC diagnostic push'
for completeness for later pop.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jul 14 02:02:33 CEST 2016 on sn-devel-144
Stefan Metzmacher [Mon, 11 Jul 2016 13:25:31 +0000 (15:25 +0200)]
python/remove_dc: handle dnsNode objects without dnsRecord attribute
If we have dnsNode objects without dnsRecord attribute values we trigger
the following error triggered by 'samba-tool domain demote --remove-other-dead-server=server2'
ERROR(<type 'exceptions.TypeError'>): uncaught exception - __ndr_unpack__()
argument 1 must be string or read-only buffer, not dnsp.DnssrvRpcRecord
File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175,
in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 720, in
run
remove_dc.remove_dc(samdb, logger, remove_other_dead_server)
File "/usr/lib64/python2.6/site-packages/samba/remove_dc.py", line 423, in
remove_dc
remove_dns_account=True)
File "/usr/lib64/python2.6/site-packages/samba/remove_dc.py", line 351, in
offline_remove_ntds_dc
remove_dns_account=remove_dns_account)
File "/usr/lib64/python2.6/site-packages/samba/remove_dc.py", line 266, in
offline_remove_server
remove_dns_references(samdb, logger, dnsHostName)
File "/usr/lib64/python2.6/site-packages/samba/remove_dc.py", line 186, in
remove_dns_references
for v in values if not to_remove(v) ]
File "/usr/lib64/python2.6/site-packages/samba/remove_dc.py", line 160, in
to_remove
dnsRecord = ndr_unpack(dnsp.DnssrvRpcRecord, value)
File "/usr/lib64/python2.6/site-packages/samba/ndr.py", line 45, in ndr_unpack
object.__ndr_unpack__(data, allow_remaining=allow_remaining)
A transaction is still active in ldb context [0xe1f320] on
tdb:///var/lib/samba/private/sam.ldb
"next" is used in perl not in python!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12018
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 13 10:10:30 CEST 2016 on sn-devel-144
Volker Lendecke [Tue, 12 Jul 2016 16:28:23 +0000 (18:28 +0200)]
dsdb: Fix CID
1363810: Null pointer dereferences
The if-condition explicitly tests for new_schema==NULL, so this seems to be a
valid error case. The DEBUG statement would segfault in this case.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 13 06:34:33 CEST 2016 on sn-devel-144
Christof Schmitt [Mon, 11 Jul 2016 18:32:19 +0000 (11:32 -0700)]
smbtorture: Add smb2.maxfid
This is the same as base.maxfid, but for the SMB2 protocol: Keep opening
file handles until an error is returned, print the number of file
handles opened and finally close the file handles again.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Christof Schmitt [Mon, 11 Jul 2016 17:49:34 +0000 (10:49 -0700)]
selftest: Disable full audit logging in selftest
Commit
6eba42f activated the full_audit and time_audit modules for the
simpleserver config to trigger the check that all VFS functions are
implemented in these two modules. This resulted in all operations being
logged to syslog during a test run.
Change the full_audit configuration to keep loading the modules, but not
log anything from full_audit to not slow down the test or spam the logs.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Douglas Bagnall [Fri, 3 Jun 2016 02:39:21 +0000 (14:39 +1200)]
Remove unused stf directory
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 11 Jul 2016 04:05:49 +0000 (16:05 +1200)]
dsdb: Improve debugging during SD recursion failure
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Jul 13 02:59:25 CEST 2016 on sn-devel-144
Andrew Bartlett [Fri, 8 Jul 2016 19:47:15 +0000 (07:47 +1200)]
dsdb: Avoid search on * in replmd_replicated_apply_next()
A search on * can be quite expensive if we have to post-process any of the results
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Sat, 9 Jul 2016 04:38:14 +0000 (16:38 +1200)]
samba-tool drs replicate: Allow replication call to take as long as required
This matches the behaviour in the drsuapi server for DsReplicaSync
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Andrew Bartlett [Sat, 9 Jul 2016 04:36:52 +0000 (16:36 +1200)]
pyrpc: Allow control of RPC timeout for IRPC
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Garming Sam [Tue, 12 Jul 2016 05:10:15 +0000 (17:10 +1200)]
tests: Allow alternative error code for backupkey test
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Michael Adam [Tue, 12 Jul 2016 08:23:24 +0000 (10:23 +0200)]
libads: improve debug messages in sitename_fetch()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jul 12 21:23:48 CEST 2016 on sn-devel-144
Michael Adam [Tue, 12 Jul 2016 11:16:27 +0000 (13:16 +0200)]
selftest: check for smbd on a 1-second basis.
Chance to reduce the overall time spent in checking for smbd
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Wed, 15 Jun 2016 23:00:13 +0000 (01:00 +0200)]
selftest: check for winbind on 1-second basis
There is a chance to reduce the overall time spent checking.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Michael Adam [Tue, 12 Jul 2016 08:43:45 +0000 (10:43 +0200)]
libsmb:namequery: fix typo in comment in get_dc_list()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Nikolai Kondrashov [Wed, 29 Jun 2016 12:05:08 +0000 (15:05 +0300)]
tevent: Clarify apparently useless conditions
Comment on two similar conditions in tevent_standard.c, which,
otherwise, at a first glance, seem useless, i.e. always true.
The conditions checking glue->epoll_ops for being non-NULL, imply that
it *can* be NULL. A casual reader would not generally expect a "member"
function to modify its container's pointer in a container higher up, and
would assume that glue->epoll_ops could be NULL before the call,
resulting in a near-NULL pointer dereference.
However, in this case epoll_ops is indeed cleared in those "member"
functions, in the case of an epoll interface failure, to signify
fallback to poll interface.
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Jul 12 13:56:41 CEST 2016 on sn-devel-144
Rowland Penny [Tue, 5 Jul 2016 06:49:00 +0000 (07:49 +0100)]
Fix typo in python/samba/provision/__init__.py
Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 12 06:58:47 CEST 2016 on sn-devel-144
Stefan Metzmacher [Wed, 6 Jul 2016 10:44:11 +0000 (12:44 +0200)]
libads: ensure the right ccache is used during spnego bind
When doing spnego sasl bind:
1. Try working without kinit only if a password is not
provided
2. When using kinit, ensure the KRB5CCNAME env var is set
to a private memory ccache, so that the bind is on behalf
of the requested user.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12007
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 12 03:23:33 CEST 2016 on sn-devel-144