Re: [Samba] Yet another 3 vs 4 question
On Wed, 2012-02-29 at 16:12 -0600, Donny Brooks wrote: Now for the 3 to 4 questions: Is there a way to go from 3 to 4 without having to touch all the pc's? We are wanting to move the PDC from the machine it is currently on onto new hardware (new IP, dns name, etc). Is this easily doable in 4? If so would it be better to migrate to the new machine before doing the upgrade to 4 or after? You can upgrade on the same machine or another. Just make sure that the users and groups that you wish to upgrade are on the new machine first. The upgrade command (no client interaction required) is samba-tool domain samba3upgrade Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Proposal to remove security=share in Samba 4.0
Hi Andrew, After feedback from my previous proposal, I am proposing to totally remove security=share from Samba 4.0. security=share has been deprecated since Samba 3.6. The attached patch shows the removal (a lot of complex code is going away, which I think is a very good thing). Naturally, full user-name/password authentication remain available in security=user and above. The rationale is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, I want to close the door on one of the most arcane areas of Samba authentication. If you have any concerns about this, please let me know, Please add a tombstone like we have for NT_STATUS_NOPROBLEMO to SEC_SHARE :-) And wait a few more days for comments... metze signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows and nfs4 acls
On 03/01/2012 01:06 AM, Ali Bendriss wrote: We want a folder where files are created group rw from a base filesystem: ext4 (rw,noatime,commit=120,errors=remount-ro,user_xattr,commit=0) Hi, I can't see the acl mount option on your options list. Have you tried setting it ? -- Ali Hi Thanks for the hint. It pointed us in the rigt direction. It must be a default beacuse adding it to fstab makes no difference. There's something about acl and xattr being mutually exclusive, or exclusive to when the fs was built and when it is mounted. Anyway, it seems that on openSUSE, the default for any nfs command is the highest available number. Meaning that even if you specify nfs3, the mount is still nfs4. You have to specifically tell it in /etc/sysconfig/nfs. Not an easy one to spot. Cheers, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem to Replicate
Hello list, Iam using Samba4 alpha18 with Debian Squeeze. Mi primary domain have Windows Server 2003 and my Secundary Domain have Samba4. When i create a user in active directory user and computer in Windows Server, i can see the user in active directory user and computer in samba4, and when i create a user in samba4 i can see this user en active directory windows server. the principal problem is in Active Directory Sites and Services. When a replicate from Windows to Samba 4 sometime is succefull, and sometime give some error. but when i replicate from samba4 to windows server, the replicate take very much time, so so 6 hours. somebody have some procedure to make replication between windows and samba4. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Coredump when trying to mount share on Linux
On Tue, Feb 28, 2012 at 2:15 AM, Dylan Semler dylan.q.pub...@gmail.com wrote: Hello, I'm looking for help troubleshooting my samba setup. I've tried to make it as basic as possible but I cannot get a working setup. I have a Linux machine (Fedora 16) and am attempting to mount a share on the same machine that it's hosted: Sorry, can anyone provide direction for debugging this? Is it common for samba to crash like this or does the crash imply a configuration error? Is there a simpler setup that I should start with for testing? Is this not the correct place for troubleshooting questions like this? Thanks, Dylan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows and nfs4 acls
Anyway, it seems that on openSUSE, the default for any nfs command is the highest available number. Meaning that even if you specify nfs3, the mount is still nfs4. You have to specifically tell it in /etc/sysconfig/nfs. Not an easy one to spot. ~~~ Hello, In /etc/fstab I use 'nfsvers=3' to force nfs 3 mounts. For example; hostname:/nfs3/share_name /mnt/share_namenfs nfsvers=3,tcp 0 0 That worked for me. Best regards, James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows and nfs4 acls
On 03/01/2012 08:13 PM, James D. Parra wrote: Anyway, it seems that on openSUSE, the default for any nfs command is the highest available number. Meaning that even if you specify nfs3, the mount is still nfs4. You have to specifically tell it in /etc/sysconfig/nfs. Not an easy one to spot. ~~~ Hello, In /etc/fstab I use 'nfsvers=3' to force nfs 3 mounts. For example; hostname:/nfs3/share_name /mnt/share_namenfs nfsvers=3,tcp 0 0 That worked for me. Best regards, James Thanks James. Got it. But what a pity about the incompatible-with-everything-else nfs4 acls. Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can ntlm_auth version 3.5.10 be used to perform ntlmv2 authentication against a w2008 DC?
Can ntlm_auth version 3.5.10 be used to perform ntlmv2 authentication against a w2008 domain controller, where the policy is set to only allow ntlmv2. I am using freeradius2 which then calls ntlm_auth passing the nt-response and challenge generated as part of the peap mschapv2 exchange. However it does not seem to want to work. The version of samba I am using is samba3x-3.5.10. Glenn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Proposal to remove security=share in Samba 4.0
On Thu, 2012-03-01 at 14:55 +0100, Stefan (metze) Metzmacher wrote: Hi Andrew, After feedback from my previous proposal, I am proposing to totally remove security=share from Samba 4.0. security=share has been deprecated since Samba 3.6. The attached patch shows the removal (a lot of complex code is going away, which I think is a very good thing). Naturally, full user-name/password authentication remain available in security=user and above. The rationale is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, I want to close the door on one of the most arcane areas of Samba authentication. If you have any concerns about this, please let me know, Please add a tombstone like we have for NT_STATUS_NOPROBLEMO to SEC_SHARE :-) I won't repost it to the list, but rest assured that a suitable memorial will be inscribed. :-) And wait a few more days for comments... Certainly, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB Share
On Thursday 01 March 2012 18:27:18 Gonçalo Girão wrote: Hello, I have successful installed samba on my RHEL with RPM. Edited smb.conf and started smb service. I can access a share via win (or mac) but doesn't list any files and i cannot copy files or create folders. Can you help me please? Gonçalo Girão IT Hi Gonçalo, samba usage related questions should not be directed to the development oriented samba-technical mailing list, so i added samba@lists.samba.org These days it's often much more effective to discuss those configuration questions in interactive IRC channels. There is a #samba IRC channel on irc.freenode.net So setup an IRC-client and meet the samba users on freenode ... :-) (there should be good tutorials for any OS to setup an IRC client) Cheers, Günter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Coredump when trying to mount share on Linux
On 03/01/2012 09:00 AM, Dylan Semler wrote: Sorry, can anyone provide direction for debugging this? Is it common for samba to crash like this or does the crash imply a configuration error? Is there a simpler setup that I should start with for testing? Is this not the correct place for troubleshooting questions like this? Maybe it makes more sense to report that crash in Bugzilla together with the Samba version being used. Tracking bugs over mailinglist is less efficient than in a bugtracking system. Cheers, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] smbd crashes repeatedly
On 02/29/2012 04:52 AM, steen.l.me...@ibsen.dk wrote: Samba 3.6.3 on arch linux x86_64 member of an NT4 domain with winbindd Clients' shares become temporary unavailable after unsuccessful open of files. Happens after server has run for some time. I'm unsure if some configuration error could be involved (have researched for some hours) or it is a bug-file candidate? Please file a bug listing exact version information, configuration and ideally a level 10 log leading up to the crash. Cheers, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] allow trusted domains
Victor Sudakov wrote: My question: if BERYLIUM trusts ANOTHERDOMAIN, and ANOTHERDOMAIN\WambatW tries to open a connection to my Samba server, what user will be looked up in /etc/passwd? If nobody knows the answer, please tell me at least, what log I can study to figure out, which Windows user is mapped to which Unix user by smbd? Eventually, I would like to map all users from trusted domains to the guest account, it that possible? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 00a5366 s4-provision: Use state directory from lp, as it is always set from 8b01b88 Trivial Comment fix: Supply a missing word in a comment http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 00a5366fdbb58905ebc66bfe58e707a3b9c92b11 Author: Amitay Isaacs ami...@gmail.com Date: Thu Mar 1 19:37:25 2012 +1100 s4-provision: Use state directory from lp, as it is always set This fixes new provisions when --targetdir is not provided. Autobuild-User: Amitay Isaacs ami...@samba.org Autobuild-Date: Thu Mar 1 11:41:02 CET 2012 on sn-devel-104 --- Summary of changes: .../scripting/python/samba/provision/__init__.py |3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/scripting/python/samba/provision/__init__.py b/source4/scripting/python/samba/provision/__init__.py index 48dd867..d00c3de 100644 --- a/source4/scripting/python/samba/provision/__init__.py +++ b/source4/scripting/python/samba/provision/__init__.py @@ -645,8 +645,7 @@ def make_smbconf(smbconf, hostname, domain, realm, targetdir, shares = {} if serverrole == domain controller: -shares[sysvol] = os.path.join(global_settings[state directory], -sysvol) +shares[sysvol] = os.path.join(lp.get(state directory), sysvol) shares[netlogon] = os.path.join(shares[sysvol], realm.lower(), scripts) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 9c11c0c s4-libnet: Remove set but unused variables via 1a5eafb s4-libnet: Move to talloc_get_type_abort() via 31bf81a s4:torture/smb2/ioctl.c - quiet format specifier warnings on 32 bit via 8ea7956 s3-selftest: make ntlm_auth test more robust to bad input via eca3a14 s3-selftest: Add more tests for ntlm_auth via 74c6d2b s3-ntlm_auth fix up gss-spnego-client so as to work with gss-spnego via 4dae0e7 s3-ntlm_auth: Wrap kerberos token in GSSAPI via 5b700cb s3-ntlm_auth: Add --target-service and --target-hostname options via 6090a15 build: look for backtrace_symbols in libexec via b2a6b2f build: link heimdal krb5 against execinfo if found from 00a5366 s4-provision: Use state directory from lp, as it is always set http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 9c11c0cde04efd0d101a09eb93fed6f43242 Author: Andrew Bartlett abart...@samba.org Date: Thu Mar 1 21:04:19 2012 +1100 s4-libnet: Remove set but unused variables Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Thu Mar 1 13:40:12 CET 2012 on sn-devel-104 commit 1a5eafba13fa54dd44626625886d1e7a4adf5a2c Author: Andrew Bartlett abart...@samba.org Date: Thu Mar 1 21:02:24 2012 +1100 s4-libnet: Move to talloc_get_type_abort() The NULL pointer dereference from talloc_get_type() might be free, but the information on the actual and expected types from talloc_get_type_abort() is priceless! :-) Andrew Bartlett commit 31bf81a03c222f8c42996aebb127a31d23dc799e Author: Matthias Dieter Wallnöfer m...@samba.org Date: Sat Feb 25 18:24:37 2012 +0100 s4:torture/smb2/ioctl.c - quiet format specifier warnings on 32 bit Achieve this by using platform independent casts. commit 8ea795672d8063db2f474a4ac11a1b94f386096d Author: Andrew Bartlett abart...@samba.org Date: Thu Mar 1 17:44:48 2012 +1100 s3-selftest: make ntlm_auth test more robust to bad input If we do not know the helper protocol, make sure to error. Andrew Bartlett commit eca3a14870f6632957a0ffeba1309d5da67cb9a1 Author: Andrew Bartlett abart...@samba.org Date: Thu Mar 1 16:57:46 2012 +1100 s3-selftest: Add more tests for ntlm_auth commit 74c6d2bcf44acfe3d275be0f96bd0026cdeeab8c Author: Andrew Bartlett abart...@samba.org Date: Thu Mar 1 16:57:04 2012 +1100 s3-ntlm_auth fix up gss-spnego-client so as to work with gss-spnego The SPNEGO code changed since this was last tested. Andrew Bartlett commit 4dae0e7ec5add0c2000484a7dc6ca6f147e6ecb9 Author: Andrew Bartlett abart...@samba.org Date: Sat Feb 25 14:17:23 2012 +1100 s3-ntlm_auth: Wrap kerberos token in GSSAPI While windows will accept this ticket without the wrapping, it is nicer to follow the standard and wrap it up in GSSAPI. This should allow the ntlm_auth gss-spnego-client to talk to the ntlm_auth gss-spengo server. Reported by Christof Schmitt christof.schm...@us.ibm.com Andrew Bartlett commit 5b700cb0e3bab1f9b0452db108d9150d5067c55d Author: Andrew Bartlett abart...@samba.org Date: Sat Feb 25 14:15:17 2012 +1100 s3-ntlm_auth: Add --target-service and --target-hostname options This will allow the gss-spnego-client protocol to work with modern SPNEGO servers that do not send the principal in the mechListMIC. Andrew Bartlett commit 6090a155f0d11effad565ffa37af9a26fff5e715 Author: Andrew Bartlett abart...@samba.org Date: Thu Mar 1 12:57:12 2012 +1100 build: look for backtrace_symbols in libexec commit b2a6b2f750afaf5ea326b39fd4223cb4ab7d7732 Author: Andrew Bartlett abart...@samba.org Date: Thu Mar 1 18:13:28 2012 +1100 build: link heimdal krb5 against execinfo if found This is for FreeBSD, where backtrace symbols are in execinfo --- Summary of changes: lib/util/wscript_configure|2 +- source3/script/tests/test_ntlm_auth_s3.sh |3 + source3/torture/test_ntlm_auth.py | 98 +++-- source3/utils/ntlm_auth.c | 58 - source3/wscript |2 +- source4/heimdal_build/wscript_build |2 +- source4/libnet/libnet_domain.c| 38 ++-- source4/libnet/libnet_group.c | 38 +-- source4/libnet/libnet_user.c | 60 +- source4/libnet/userinfo.c | 10 ++-- source4/torture/smb2/ioctl.c | 11 ++-- 11 files changed, 203 insertions(+), 119 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/wscript_configure b/lib/util/wscript_configure index fea8ddf..fdaf67a 100644 --- a/lib/util/wscript_configure +++
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f5f17b1 dlz_bind9: Match PTR records as DNS names and not just strings via 78446b4 s4-dns: Fix handling of TXT DNS Record via e5409ad upgradedns: Fix import of TXT DNS records via cf139b4 s4-rpc: dnsserver: Update data type for TXT DNS records via 0c77422 samba-tool: dns: Add support for handling TXT records via f025d78 samba-tool: dns: Copy string data when creating DNS_RPC_RECORD via bcaa278 provision: dns: TXT Records need a list of strings as input via a0d6904 ndr: dnsserver: Add pull and push functions for DNS_RPC_RECORD_STRING via e15fc28 idl: dnsserver: Add DNS_RPC_RECORD_STRING data type for TXT DNS record via 0c8a10e dlz_bind9: Fix handling of TXT records with multiple quoted strings via 7b8cd6f ndr: Add NDR pull, push, print functions for dnsp_string_list via db79126 idl: dnsp: Add dnsp_string_list data type for TXT DNS record via c467634 ndr: Fix NDR push function for dnsp_string via ad1ef79 ndr: Fix the error messages, add correct data type name via f5b041f dlz_bind9: This fixes the problem with adding/deleting rdataset from 9c11c0c s4-libnet: Remove set but unused variables http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f5f17b19af0ce46539f150c5dbf232a7f49bccc7 Author: Amitay Isaacs ami...@gmail.com Date: Fri Mar 2 00:23:00 2012 +1100 dlz_bind9: Match PTR records as DNS names and not just strings This fixes the dynamic update of PTR records. Autobuild-User: Amitay Isaacs ami...@samba.org Autobuild-Date: Thu Mar 1 15:58:05 CET 2012 on sn-devel-104 commit 78446b42b7bed565dff75db73e8efcd3835808c0 Author: Amitay Isaacs ami...@gmail.com Date: Tue Feb 28 17:01:27 2012 +1100 s4-dns: Fix handling of TXT DNS Record commit e5409ad0ca0517118c261fa924221fd18afaf66d Author: Amitay Isaacs ami...@gmail.com Date: Tue Feb 28 18:27:04 2012 +1100 upgradedns: Fix import of TXT DNS records commit cf139b4efcf13c12b20f63969c0744771a0d8e9a Author: Amitay Isaacs ami...@gmail.com Date: Tue Feb 28 16:35:39 2012 +1100 s4-rpc: dnsserver: Update data type for TXT DNS records commit 0c774220412c4b56c00d276ef4bfc50336a99284 Author: Amitay Isaacs ami...@gmail.com Date: Tue Feb 28 15:14:49 2012 +1100 samba-tool: dns: Add support for handling TXT records commit f025d788d011403ef6740e777aef5ee289b35b0c Author: Amitay Isaacs ami...@gmail.com Date: Tue Feb 28 15:12:44 2012 +1100 samba-tool: dns: Copy string data when creating DNS_RPC_RECORD commit bcaa278e32a1fb334253638f24d6f23378c6119c Author: Amitay Isaacs ami...@gmail.com Date: Tue Feb 28 14:59:39 2012 +1100 provision: dns: TXT Records need a list of strings as input commit a0d6904ed30b7edd41715c0e8c8517e1486b38e4 Author: Amitay Isaacs ami...@gmail.com Date: Tue Feb 28 14:57:23 2012 +1100 ndr: dnsserver: Add pull and push functions for DNS_RPC_RECORD_STRING commit e15fc28e6bdf4488940260c8a26459845283f617 Author: Amitay Isaacs ami...@gmail.com Date: Tue Feb 28 14:56:37 2012 +1100 idl: dnsserver: Add DNS_RPC_RECORD_STRING data type for TXT DNS record commit 0c8a10ecb0f5eca08ca58f86c18aa1bae25d1353 Author: Amitay Isaacs ami...@gmail.com Date: Tue Feb 28 14:14:07 2012 +1100 dlz_bind9: Fix handling of TXT records with multiple quoted strings commit 7b8cd6fcf39d047f10fe31be09f74bd1287975a7 Author: Amitay Isaacs ami...@gmail.com Date: Tue Feb 28 15:07:10 2012 +1100 ndr: Add NDR pull, push, print functions for dnsp_string_list commit db791262888a91d906526c6503e774117c5292f6 Author: Amitay Isaacs ami...@gmail.com Date: Tue Feb 28 15:06:12 2012 +1100 idl: dnsp: Add dnsp_string_list data type for TXT DNS record commit c46763419aac3165f0eafbbc786cc929129c5109 Author: Amitay Isaacs ami...@gmail.com Date: Tue Feb 28 13:58:48 2012 +1100 ndr: Fix NDR push function for dnsp_string Push the actual length of the string not including null-termination. commit ad1ef7948668d17c03009fad10d2d3fd01cacb77 Author: Amitay Isaacs ami...@gmail.com Date: Tue Feb 28 14:58:16 2012 +1100 ndr: Fix the error messages, add correct data type name commit f5b041fc04f158d0462995d592359fa6bd74b2ff Author: Amitay Isaacs ami...@gmail.com Date: Mon Feb 27 17:09:10 2012 +1100 dlz_bind9: This fixes the problem with adding/deleting rdataset Fix commit 169db333033b72b6f9ac1e7b23f0f2c151218c1f. This change allowed for LDB records without dnsRecord attribute to exist to prevent large number of deleted records. This change fixes the handling of missing dnsRecord attribute and correctly deleting dnsRecord attribute. --- Summary of changes: librpc/idl/dnsp.idl|7 +-
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e29a9f4 pyldb: Avoid using PyErr_LDB_ERROR_IS_ERR_RAISE where PyErr_SetLdbError suffices. from f5f17b1 dlz_bind9: Match PTR records as DNS names and not just strings http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e29a9f4af76f15030ba316690bdbb55806081fde Author: Jelmer Vernooij jel...@samba.org Date: Thu Mar 1 21:26:27 2012 +0100 pyldb: Avoid using PyErr_LDB_ERROR_IS_ERR_RAISE where PyErr_SetLdbError suffices. Autobuild-User: Jelmer Vernooij jel...@samba.org Autobuild-Date: Thu Mar 1 23:06:55 CET 2012 on sn-devel-104 --- Summary of changes: lib/ldb/pyldb.c | 29 - 1 files changed, 16 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c index 2f99d14..a2a5dff 100644 --- a/lib/ldb/pyldb.c +++ b/lib/ldb/pyldb.c @@ -922,7 +922,8 @@ static PyObject *py_ldb_connect(PyLdbObject *self, PyObject *args, PyObject *kwa ret = ldb_connect(pyldb_Ldb_AsLdbContext(self), url, flags, options); talloc_free(options); - PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ret, pyldb_Ldb_AsLdbContext(self)); + PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ret, + pyldb_Ldb_AsLdbContext(self)); Py_RETURN_NONE; } @@ -970,7 +971,7 @@ static PyObject *py_ldb_modify(PyLdbObject *self, PyObject *args, PyObject *kwar if (validate) { ret = ldb_msg_sanity_check(ldb_ctx, msg); if (ret != LDB_SUCCESS) { - PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ret, ldb_ctx); + PyErr_SetLdbError(PyExc_LdbError, ret, ldb_ctx); talloc_free(mem_ctx); return NULL; } @@ -990,7 +991,8 @@ static PyObject *py_ldb_modify(PyLdbObject *self, PyObject *args, PyObject *kwar ret = ldb_transaction_start(ldb_ctx); if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); - PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ret, ldb_ctx); + PyErr_SetLdbError(PyExc_LdbError, ret, ldb_ctx); + return NULL; } ret = ldb_request(ldb_ctx, req); @@ -1117,7 +1119,7 @@ static PyObject *py_ldb_add(PyLdbObject *self, PyObject *args, PyObject *kwargs) ret = ldb_msg_sanity_check(ldb_ctx, msg); if (ret != LDB_SUCCESS) { - PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ret, ldb_ctx); + PyErr_SetLdbError(PyExc_LdbError, ret, ldb_ctx); talloc_free(mem_ctx); return NULL; } @@ -1136,7 +1138,8 @@ static PyObject *py_ldb_add(PyLdbObject *self, PyObject *args, PyObject *kwargs) ret = ldb_transaction_start(ldb_ctx); if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); - PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ret, ldb_ctx); + PyErr_SetLdbError(PyExc_LdbError, ret, ldb_ctx); + return NULL; } ret = ldb_request(ldb_ctx, req); @@ -1207,7 +1210,8 @@ static PyObject *py_ldb_delete(PyLdbObject *self, PyObject *args, PyObject *kwar ret = ldb_transaction_start(ldb_ctx); if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); - PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ret, ldb_ctx); + PyErr_SetLdbError(PyExc_LdbError, ret, ldb_ctx); + return NULL; } ret = ldb_request(ldb_ctx, req); @@ -1286,7 +1290,8 @@ static PyObject *py_ldb_rename(PyLdbObject *self, PyObject *args, PyObject *kwar ret = ldb_transaction_start(ldb_ctx); if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); - PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ret, ldb_ctx); + PyErr_SetLdbError(PyExc_LdbError, ret, ldb_ctx); + return NULL; } ret = ldb_request(ldb_ctx, req); @@ -1565,7 +1570,7 @@ static PyObject *py_ldb_search(PyLdbObject *self, PyObject *args, PyObject *kwar if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); - PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ret, ldb_ctx); + PyErr_SetLdbError(PyExc_LdbError, ret, ldb_ctx); return NULL; } @@ -1579,7 +1584,7 @@ static PyObject *py_ldb_search(PyLdbObject *self, PyObject *args, PyObject *kwar if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); - PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ret, ldb_ctx); + PyErr_SetLdbError(PyExc_LdbError, ret, ldb_ctx); return NULL; } @@ -1649,10 +1654,8 @@ static PyObject
[SCM] CTDB repository - branch 1.2.40 updated - ctdb-1.9.1-546-g0a52799
The branch, 1.2.40 has been updated via 0a52799f85de9c9dc0ac8ae62e7f2829a30eb8bb (commit) via ce57fcab99fa13548ae3693f471c7ecde08f67f3 (commit) via dbf2c5b25833bf05cc3d1b9a9ee2186143386f35 (commit) via 1083ef705cb67185f6c199c01850e839d4f3c8bb (commit) from fd33e6ff1e349e3d6d1d2e78ab14942c97aba731 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2.40 - Log - commit 0a52799f85de9c9dc0ac8ae62e7f2829a30eb8bb Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Fri Mar 2 09:43:39 2012 +1100 READONLY: when updating a remote node to revoke a delegation, make sure we dont create thje record if it doesnt exist commit ce57fcab99fa13548ae3693f471c7ecde08f67f3 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Mon Feb 13 10:27:59 2012 +1100 READONLY: allow specifying the db name for setdbreadonly instead of just the hash commit dbf2c5b25833bf05cc3d1b9a9ee2186143386f35 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Fri Mar 2 09:04:39 2012 +1100 Niceify the readonlyrecord API. Dont force clients to be exposed to the fetch_with_header function We dont strictly need to force clients to use CTDB_FETCH_WITH_HEADER instead of CTDB_FETCH when they ask for readonly records. Have ctdbd internally remap this internally to FETCH_WITH_HEADER and map the reply back to CTDB_FETCH_FUNC or CTDB_FETCH_WITH_HEADER_FUNC based on what the client initially asked for. This removes the need for the client to know about the CTDB_FETCH_WITH_HEADER_FUNC function and simplifies the client code. Clients that do not care what the header after the request is can just continue using the old CTDB_FETCH_FUNC call and ctdbd will do all the difficult stuff. commit 1083ef705cb67185f6c199c01850e839d4f3c8bb Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Fri Mar 2 08:53:16 2012 +1100 READONLY: skip vacuuming or deleting records with readonly delegations. these records are hot. wait until they have been revoked before we recall them. --- Summary of changes: doc/readonlyrecords.txt |7 +-- libctdb/ctdb.c |8 server/ctdb_call.c |4 server/ctdb_daemon.c | 40 ++-- server/ctdb_persistent.c | 17 + server/ctdb_recover.c| 14 ++ server/ctdb_vacuum.c |5 + tools/ctdb.c | 33 +++-- 8 files changed, 118 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/doc/readonlyrecords.txt b/doc/readonlyrecords.txt index acdab2e..f8f1095 100644 --- a/doc/readonlyrecords.txt +++ b/doc/readonlyrecords.txt @@ -89,7 +89,10 @@ This new database is used for tracking delegations for the records. A record in This tracking database is lockless, using TDB_NOLOCK, and is only ever accessed by the main ctdbd daemon. The lockless nature and the fact that no other process ever access this TDB means we are guranteed non-blocking access to records in the trcking database. -The ctdb_call PDU is allocated with two new flags WANT_READONLY and WITH_HEADER. +The ctdb_call PDU is allocated with a new flags WANT_READONLY and possibly also a new callid: CTDB_FETCH_WITH_HEADER_FUNC. +This new function returns not only the record, as CTDB_FETCH_FUNC does, but also returns the HEADER prepended to the record. +This function is optional, clients that do not care what the header is can continue using just CTDB_FETCH_FUNC + This first flag is used to explicitely requesting a read-only record from the DMASTER/LMASTER. The second flag is used to request that the fetch operation will return not only the data for the record but also the record header. @@ -137,7 +140,7 @@ This will change to instead do goto finished else unlock record -ask ctdb for read-only copy (WANT_READONLY|WITH_HEADER) +ask ctdb for read-only copy (WANT_READONLY[|WITH_HEADER]) if failed to get read-only copy (*A) ask ctdb to migrate the record onto the node goto try_again diff --git a/libctdb/ctdb.c b/libctdb/ctdb.c index 36cc113..46f4953 100644 --- a/libctdb/ctdb.c +++ b/libctdb/ctdb.c @@ -819,13 +819,13 @@ static void readrecordlock_retry(struct ctdb_connection *ctdb, struct ctdb_reply_call *reply; TDB_DATA data; - /* OK, we've received reply to fetch-with-header migration */ - reply = unpack_reply_call(ctdb, req, CTDB_FETCH_WITH_HEADER_FUNC); + /* OK, we've received reply to fetch migration */ + reply = unpack_reply_call(ctdb, req, CTDB_FETCH_FUNC); if (!reply || reply-status != 0) { if (reply) { DEBUG(ctdb,
[SCM] CTDB repository - branch 1.2.40 updated - ctdb-1.9.1-547-gc51154b
The branch, 1.2.40 has been updated via c51154b79be94198324c321037045bb85cd9 (commit) from 0a52799f85de9c9dc0ac8ae62e7f2829a30eb8bb (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2.40 - Log - commit c51154b79be94198324c321037045bb85cd9 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Fri Mar 2 10:52:00 2012 +1100 READONLY: only send a control to schedule fast-vacuuming from child context iff we have a connection open to the main daemon there are some child processes where we do not create a connection to the main daemon (switch_from_server_to_client()) because it is expensive to set up and we normally might not need to talk to the daemon at all via a domainsocket. but we might want to still call to ctdb_ltdb_store() from such chil processes. --- Summary of changes: client/ctdb_client.c |4 +++- common/ctdb_util.c |1 + include/ctdb_private.h |3 +++ server/ctdb_vacuum.c |8 4 files changed, 15 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/client/ctdb_client.c b/client/ctdb_client.c index 487989c..8b9df42 100644 --- a/client/ctdb_client.c +++ b/client/ctdb_client.c @@ -4087,7 +4087,9 @@ int switch_from_server_to_client(struct ctdb_context *ctdb, const char *fmt, ... return -1; } -return 0; + ctdb-can_send_controls = true; + + return 0; } /* diff --git a/common/ctdb_util.c b/common/ctdb_util.c index 1ff4c1f..061c16d 100644 --- a/common/ctdb_util.c +++ b/common/ctdb_util.c @@ -346,6 +346,7 @@ pid_t ctdb_fork(struct ctdb_context *ctdb) if (ctdb-do_setsched) { ctdb_restore_scheduler(ctdb); } + ctdb-can_send_controls = false; } return pid; } diff --git a/include/ctdb_private.h b/include/ctdb_private.h index 7d0a6d8..8180722 100644 --- a/include/ctdb_private.h +++ b/include/ctdb_private.h @@ -499,6 +499,9 @@ struct ctdb_context { /* list of event script callback functions that are active */ struct event_script_callback *script_callbacks; + + /* if we are a child process, do we have a domain socket to send controls on */ + bool can_send_controls; }; struct ctdb_db_context { diff --git a/server/ctdb_vacuum.c b/server/ctdb_vacuum.c index 181393b..bb71be7 100644 --- a/server/ctdb_vacuum.c +++ b/server/ctdb_vacuum.c @@ -1371,6 +1371,14 @@ int32_t ctdb_local_schedule_for_deletion(struct ctdb_db_context *ctdb_db, return ret; } + /* if we dont have a connection to the daemon we can not send + a control. For example sometimes from update_record control child + process. + */ + if (!ctdb_db-ctdb-can_send_controls) { + return -1; + } + /* child process: send the main daemon a control */ indata.dsize = offsetof(struct ctdb_control_schedule_for_deletion, key) + key.dsize; -- CTDB repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f1452a2 s3-libsmb: Initialise ticket to ensure we do not invalid memory via 049375e Move to talloc from malloc. via e735b52 Fix mixup between talloc/malloc. from e29a9f4 pyldb: Avoid using PyErr_LDB_ERROR_IS_ERR_RAISE where PyErr_SetLdbError suffices. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f1452a296429b79755235f4a480f0d5ea38ce178 Author: Andrew Bartlett abart...@samba.org Date: Thu Mar 1 16:55:04 2012 +1100 s3-libsmb: Initialise ticket to ensure we do not invalid memory The free is however a talloc_free(), which has additional protection against freeing the wrong thing. Andrew Bartlett Signed-off-by: Jeremy Allison j...@samba.org Autobuild-User: Jeremy Allison j...@samba.org Autobuild-Date: Fri Mar 2 01:45:19 CET 2012 on sn-devel-104 commit 049375ec51ef404e61963e1f6ba10c116fde9767 Author: Jeremy Allison j...@samba.org Date: Thu Mar 1 12:35:27 2012 -0800 Move to talloc from malloc. commit e735b5225402b930ccc8c7c8fa03b988c3371a11 Author: Jeremy Allison j...@samba.org Date: Thu Mar 1 10:57:17 2012 -0800 Fix mixup between talloc/malloc. --- Summary of changes: source3/libsmb/clifile.c | 12 source3/libsmb/clispnego.c |1 + 2 files changed, 9 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c index 168dd4b..0c8a340 100644 --- a/source3/libsmb/clifile.c +++ b/source3/libsmb/clifile.c @@ -4185,7 +4185,9 @@ static NTSTATUS cli_set_ea(struct cli_state *cli, uint16_t setup_val, if (ea_namelen == 0 ea_len == 0) { data_len = 4; - data = (uint8_t *)SMB_MALLOC(data_len); + data = talloc_array(talloc_tos(), + uint8_t, + data_len); if (!data) { return NT_STATUS_NO_MEMORY; } @@ -4193,7 +4195,9 @@ static NTSTATUS cli_set_ea(struct cli_state *cli, uint16_t setup_val, SIVAL(p,0,data_len); } else { data_len = 4 + 4 + ea_namelen + 1 + ea_len; - data = (uint8_t *)SMB_MALLOC(data_len); + data = talloc_array(talloc_tos(), + uint8_t, + data_len); if (!data) { return NT_STATUS_NO_MEMORY; } @@ -4215,7 +4219,7 @@ static NTSTATUS cli_set_ea(struct cli_state *cli, uint16_t setup_val, NULL, 0, NULL, /* rsetup */ NULL, 0, NULL, /* rparam */ NULL, 0, NULL); /* rdata */ - SAFE_FREE(data); + talloc_free(data); return status; } @@ -4247,7 +4251,7 @@ NTSTATUS cli_set_ea_path(struct cli_state *cli, const char *path, status = cli_set_ea(cli, TRANSACT2_SETPATHINFO, param, param_len, ea_name, ea_val, ea_len); - SAFE_FREE(frame); + talloc_free(frame); return status; } diff --git a/source3/libsmb/clispnego.c b/source3/libsmb/clispnego.c index 2cc2a2a..bf3fac6 100644 --- a/source3/libsmb/clispnego.c +++ b/source3/libsmb/clispnego.c @@ -255,6 +255,7 @@ bool spnego_parse_krb5_wrap(TALLOC_CTX *ctx, DATA_BLOB blob, DATA_BLOB *ticket, bool ret; ASN1_DATA *data; int data_remaining; + *ticket = data_blob_null; data = asn1_init(talloc_tos()); if (data == NULL) { -- Samba Shared Repository
[SCM] CTDB repository - branch 1.13 updated - ctdb-1.13-1-g0c0e887
The branch, 1.13 has been updated via 0c0e887912ca37682312091f4b89ff5167b254d9 (commit) from 05e75dea9eaa0decc2909e0c2cf1715c81374200 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.13 - Log - commit 0c0e887912ca37682312091f4b89ff5167b254d9 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Fri Mar 2 12:57:23 2012 +1100 READONLY: when updating a remote node to revoke a delegation, make sure we dont create the record if it doesnt already exist --- Summary of changes: server/ctdb_call.c |1 + server/ctdb_update_record.c | 17 + 2 files changed, 18 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/server/ctdb_call.c b/server/ctdb_call.c index 9922233..50f4cb2 100644 --- a/server/ctdb_call.c +++ b/server/ctdb_call.c @@ -1300,6 +1300,7 @@ int ctdb_start_revoke_ro_record(struct ctdb_context *ctdb, struct ctdb_db_contex int ret; header-flags = ~(CTDB_REC_RO_REVOKING_READONLY|CTDB_REC_RO_HAVE_DELEGATIONS|CTDB_REC_RO_HAVE_READONLY); + header-flags |= CTDB_REC_FLAG_MIGRATED_WITH_DATA; header-rsn -= 1; if ((rc = talloc_zero(ctdb_db, struct revokechild_handle)) == NULL) { diff --git a/server/ctdb_update_record.c b/server/ctdb_update_record.c index 4413597..f8be8e8 100644 --- a/server/ctdb_update_record.c +++ b/server/ctdb_update_record.c @@ -28,8 +28,11 @@ struct ctdb_persistent_write_state { struct ctdb_db_context *ctdb_db; struct ctdb_marshall_buffer *m; struct ctdb_req_control *c; + uint32_t flags; }; +/* dont create/update records that does not exist locally */ +#define UPDATE_FLAGS_REPLACE_ONLY 1 /* called from a child process to write the data @@ -62,6 +65,19 @@ static int ctdb_persistent_store(struct ctdb_persistent_write_state *state) goto failed; } + /* we must check if the record exists or not because + ctdb_ltdb_fetch will unconditionally create a record +*/ + if (state-flags UPDATE_FLAGS_REPLACE_ONLY) { + TDB_DATA rec; + rec = tdb_fetch(state-ctdb_db-ltdb-tdb, key); + if (rec.dsize == 0) { + talloc_free(tmp_ctx); + continue; + } + free(rec.dptr); + } + /* fetch the old header and ensure the rsn is less than the new rsn */ ret = ctdb_ltdb_fetch(state-ctdb_db, key, oldheader, tmp_ctx, olddata); if (ret != 0) { @@ -309,6 +325,7 @@ int32_t ctdb_control_update_record(struct ctdb_context *ctdb, state-ctdb_db = ctdb_db; state-c = c; state-m = m; + state-flags = UPDATE_FLAGS_REPLACE_ONLY; /* create a child process to take out a transaction and write the data. -- CTDB repository
[SCM] CTDB repository - branch master updated - ctdb-1.13-1-gfb00e12
The branch, master has been updated via fb00e1290fcea3386132a46c883994019a43799a (commit) from 05e75dea9eaa0decc2909e0c2cf1715c81374200 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master - Log - commit fb00e1290fcea3386132a46c883994019a43799a Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Fri Mar 2 12:57:23 2012 +1100 READONLY: when updating a remote node to revoke a delegation, make sure we dont create the record if it doesnt already exist --- Summary of changes: server/ctdb_call.c |1 + server/ctdb_update_record.c | 17 + 2 files changed, 18 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/server/ctdb_call.c b/server/ctdb_call.c index 9922233..50f4cb2 100644 --- a/server/ctdb_call.c +++ b/server/ctdb_call.c @@ -1300,6 +1300,7 @@ int ctdb_start_revoke_ro_record(struct ctdb_context *ctdb, struct ctdb_db_contex int ret; header-flags = ~(CTDB_REC_RO_REVOKING_READONLY|CTDB_REC_RO_HAVE_DELEGATIONS|CTDB_REC_RO_HAVE_READONLY); + header-flags |= CTDB_REC_FLAG_MIGRATED_WITH_DATA; header-rsn -= 1; if ((rc = talloc_zero(ctdb_db, struct revokechild_handle)) == NULL) { diff --git a/server/ctdb_update_record.c b/server/ctdb_update_record.c index 4413597..f8be8e8 100644 --- a/server/ctdb_update_record.c +++ b/server/ctdb_update_record.c @@ -28,8 +28,11 @@ struct ctdb_persistent_write_state { struct ctdb_db_context *ctdb_db; struct ctdb_marshall_buffer *m; struct ctdb_req_control *c; + uint32_t flags; }; +/* dont create/update records that does not exist locally */ +#define UPDATE_FLAGS_REPLACE_ONLY 1 /* called from a child process to write the data @@ -62,6 +65,19 @@ static int ctdb_persistent_store(struct ctdb_persistent_write_state *state) goto failed; } + /* we must check if the record exists or not because + ctdb_ltdb_fetch will unconditionally create a record +*/ + if (state-flags UPDATE_FLAGS_REPLACE_ONLY) { + TDB_DATA rec; + rec = tdb_fetch(state-ctdb_db-ltdb-tdb, key); + if (rec.dsize == 0) { + talloc_free(tmp_ctx); + continue; + } + free(rec.dptr); + } + /* fetch the old header and ensure the rsn is less than the new rsn */ ret = ctdb_ltdb_fetch(state-ctdb_db, key, oldheader, tmp_ctx, olddata); if (ret != 0) { @@ -309,6 +325,7 @@ int32_t ctdb_control_update_record(struct ctdb_context *ctdb, state-ctdb_db = ctdb_db; state-c = c; state-m = m; + state-flags = UPDATE_FLAGS_REPLACE_ONLY; /* create a child process to take out a transaction and write the data. -- CTDB repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 10700f6 selftest: Establish a registry of socket wrapper IPs from f1452a2 s3-libsmb: Initialise ticket to ensure we do not invalid memory http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 10700f69b2ec552939471fb43f0913511860af6f Author: Andrew Bartlett abart...@samba.org Date: Fri Mar 2 11:44:56 2012 +1100 selftest: Establish a registry of socket wrapper IPs This fixes a bug where chgdcpass was on the same IP as localsubdc, and will avoid similar mistakes in future. Andrew Bartlett Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Fri Mar 2 03:48:05 CET 2012 on sn-devel-104 --- Summary of changes: selftest/target/Samba.pm | 38 ++ selftest/target/Samba3.pm | 20 +++- selftest/target/Samba4.pm | 27 +++ 3 files changed, 56 insertions(+), 29 deletions(-) Changeset truncated at 500 lines: diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm index 445cbb2..06b6472 100644 --- a/selftest/target/Samba.pm +++ b/selftest/target/Samba.pm @@ -134,4 +134,42 @@ sub mk_realms_stanza() return $realms_stanza; } +sub get_interface($) +{ +my ($netbiosname) = @_; +$netbiosname = lc($netbiosname); + +my %interfaces = (); +$interfaces{locals3dc2} = 2; +$interfaces{localmember3} = 3; +$interfaces{localshare4} = 4; +$interfaces{localserver5} = 5; +$interfaces{localktest6} = 6; +$interfaces{maptoguest} = 7; + +# 11-16 used by selftest.pl for client interfaces + +$interfaces{localdc} = 21; +$interfaces{localvampiredc} = 22; +$interfaces{s4member} = 23; +$interfaces{localrpcproxy} = 24; +$interfaces{dc5} = 25; +$interfaces{dc6} = 26; +$interfaces{dc7} = 27; +$interfaces{rodc} = 28; +$interfaces{localadmember} = 29; +$interfaces{plugindc} = 30; +$interfaces{localsubdc} = 31; +$interfaces{chgdcpass} = 32; + +# update lib/socket_wrapper/socket_wrapper.c +# #define MAX_WRAPPED_INTERFACES 32 +# if you wish to have more than 32 interfaces + +if (not defined($interfaces{$netbiosname})) { + die(); +} + +return $interfaces{$netbiosname}; +} 1; diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 9d74e7d..0ea63db 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -151,7 +151,6 @@ sub setup_s3dc($$) my $vars = $self-provision($path, LOCALS3DC2, - 2, locals3dc2pass, $s3dc_options); @@ -187,7 +186,6 @@ sub setup_member($$$) ; my $ret = $self-provision($prefix, LOCALMEMBER3, - 3, localmember3pass, $member_options); @@ -221,14 +219,14 @@ sub setup_member($$$) sub setup_admember() { - my ($self, $prefix, $dcvars, $iface) = @_; + my ($self, $prefix, $dcvars) = @_; # If we didn't build with ADS, pretend this env was never available if (not $self-have_ads()) { return UNKNOWN; } - print PROVISIONING S3 AD MEMBER$iface...; + print PROVISIONING S3 AD MEMBER...; my $member_options = security = ads @@ -238,9 +236,8 @@ sub setup_admember() ; my $ret = $self-provision($prefix, - LOCALADMEMBER$iface, - $iface, - loCalMember${iface}Pass, + LOCALADMEMBER, + loCalMemberPass, $member_options); $ret or return undef; @@ -308,7 +305,6 @@ sub setup_secshare($$) my $vars = $self-provision($path, LOCALSHARE4, - 4, local4pass, $secshare_options); @@ -338,7 +334,6 @@ sub setup_secserver($$$) my $ret = $self-provision($prefix, LOCALSERVER5, - 5, localserver5pass, $secserver_options); @@ -380,7 +375,6 @@ sub setup_ktest($$$) my $ret = $self-provision($prefix, LOCALKTEST6, - 6, localktest6pass, $ktest_options); @@ -467,7 +461,6 @@ map to guest = bad user my $vars
[SCM] CTDB repository - branch 1.2.40 updated - ctdb-1.9.1-549-g545c343
The branch, 1.2.40 has been updated via 545c343b19258fce01562b15f274eaf1a1deafc8 (commit) via 9bde066f6eb46124168e5686fc41a323e67401e8 (commit) from c51154b79be94198324c321037045bb85cd9 (commit) http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=1.2.40 - Log - commit 545c343b19258fce01562b15f274eaf1a1deafc8 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Feb 8 13:42:30 2012 +1100 STATISTICS: add total counts for number of delegations and number of revokes Everytime we give a delegation to another node we count this as one delegation. If the same record is delegated to several nodes we count one for each node. Everytime a record has all its delegations revoked we count this as one revoke. commit 9bde066f6eb46124168e5686fc41a323e67401e8 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Fri Mar 2 14:12:37 2012 +1100 READONLY: readonly fetch collapse. Make sure we only keep one single readonly fetch for a record in flight at a time. --- Summary of changes: include/ctdb_private.h|4 + include/ctdb_protocol.h |2 + server/ctdb_call.c|2 + server/ctdb_daemon.c | 209 + server/ctdb_ltdb_server.c | 10 ++ tools/ctdb.c |2 + 6 files changed, 229 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/include/ctdb_private.h b/include/ctdb_private.h index 8180722..86b664b 100644 --- a/include/ctdb_private.h +++ b/include/ctdb_private.h @@ -533,6 +533,10 @@ struct ctdb_db_context { struct ctdb_ltdb_header *header, TDB_DATA data); + /* used to track which records we are currently fetching with readonly + requests so we can avoid sending duplicates + */ + struct trbt_tree *deferred_ro_fetch; }; diff --git a/include/ctdb_protocol.h b/include/ctdb_protocol.h index efcc2cf..c874148 100644 --- a/include/ctdb_protocol.h +++ b/include/ctdb_protocol.h @@ -634,6 +634,8 @@ struct ctdb_statistics { uint32_t num_recoveries; struct timeval statistics_start_time; struct timeval statistics_current_time; + uint32_t total_ro_delegations; + uint32_t total_ro_revokes; }; /* diff --git a/server/ctdb_call.c b/server/ctdb_call.c index 2657f8b..1ece85a 100644 --- a/server/ctdb_call.c +++ b/server/ctdb_call.c @@ -513,6 +513,7 @@ void ctdb_request_call(struct ctdb_context *ctdb, struct ctdb_req_header *hdr) if (header.flags CTDB_REC_RO_REVOKE_COMPLETE) { header.flags = ~(CTDB_REC_RO_HAVE_DELEGATIONS|CTDB_REC_RO_HAVE_READONLY|CTDB_REC_RO_REVOKING_READONLY|CTDB_REC_RO_REVOKE_COMPLETE); + CTDB_INCREMENT_STAT(ctdb, total_ro_revokes); if (ctdb_ltdb_store(ctdb_db, call-key, header, data) != 0) { ctdb_fatal(ctdb, Failed to write header with cleared REVOKE flag); } @@ -619,6 +620,7 @@ void ctdb_request_call(struct ctdb_context *ctdb, struct ctdb_req_header *hdr) } ctdb_queue_packet(ctdb, r-hdr); + CTDB_INCREMENT_STAT(ctdb, total_ro_delegations); talloc_free(r); return; diff --git a/server/ctdb_daemon.c b/server/ctdb_daemon.c index c4f46b1..b09aaf3 100644 --- a/server/ctdb_daemon.c +++ b/server/ctdb_daemon.c @@ -27,6 +27,7 @@ #include system/wait.h #include ../include/ctdb_client.h #include ../include/ctdb_private.h +#include ../common/rb_tree.h #include sys/socket.h struct ctdb_client_pid_list { @@ -384,6 +385,192 @@ static void daemon_incoming_packet_wrap(void *p, struct ctdb_req_header *hdr) } +struct ctdb_deferred_fetch_call { + struct ctdb_deferred_fetch_call *next, *prev; + struct ctdb_req_call *c; + struct ctdb_daemon_packet_wrap *w; +}; + +struct ctdb_deferred_fetch_queue { + struct ctdb_deferred_fetch_call *deferred_calls; +}; + +struct ctdb_deferred_requeue { + struct ctdb_deferred_fetch_call *dfc; + struct ctdb_client *client; +}; + + +/* called from a timer event and starts reprocessing the deferred call.*/ +static void reprocess_deferred_call(struct event_context *ev, struct timed_event *te, + struct timeval t, void *private_data) +{ + struct ctdb_deferred_requeue *dfr = (struct ctdb_deferred_requeue *)private_data; + struct ctdb_client *client = dfr-client; + + talloc_steal(client, dfr-dfc-c); + daemon_incoming_packet(client, (struct ctdb_req_header *)dfr-dfc-c); + talloc_free(dfr); +} + +/* the referral context is destroyed either after a timeout or when the initial + fetch-lock has finished. + at this stage, immediately start reprocessing the queued up deferred +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ebe04fc pyldb: Fix some more long lines, fix formatting. via fd7ba79 selftest: Move manual page into a separate file. from 10700f6 selftest: Establish a registry of socket wrapper IPs http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ebe04fc652f78ccbf765d9afe1ecc67c5e302eed Author: Jelmer Vernooij jel...@samba.org Date: Fri Mar 2 03:46:13 2012 +0100 pyldb: Fix some more long lines, fix formatting. Autobuild-User: Jelmer Vernooij jel...@samba.org Autobuild-Date: Fri Mar 2 05:26:56 CET 2012 on sn-devel-104 commit fd7ba79abac41eee221c6e24c2a762e651a41d65 Author: Jelmer Vernooij jel...@samba.org Date: Fri Mar 2 03:30:51 2012 +0100 selftest: Move manual page into a separate file. (Generated using pod2man from selftest.pl itself) --- Summary of changes: lib/ldb/pyldb.c| 51 +--- selftest/selftest.pl | 101 selftest/selftest.pl.1 | 78 + 3 files changed, 115 insertions(+), 115 deletions(-) create mode 100644 selftest/selftest.pl.1 Changeset truncated at 500 lines: diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c index a2a5dff..ea7b695 100644 --- a/lib/ldb/pyldb.c +++ b/lib/ldb/pyldb.c @@ -707,16 +707,20 @@ static void py_ldb_debug(void *context, enum ldb_debug_level level, const char * PyObject_CallFunction(fn, discard_const_p(char, (i,O)), level, PyString_FromFormatV(fmt, ap)); } -static PyObject *py_ldb_set_debug(PyLdbObject *self, PyObject *args) +static PyObject *py_ldb_set_debug(PyObject *self, PyObject *args) { PyObject *cb; + struct ldb_context *ldb_ctx; if (!PyArg_ParseTuple(args, O, cb)) return NULL; Py_INCREF(cb); /* FIXME: Where do we DECREF cb ? */ - PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ldb_set_debug(self-ldb_ctx, py_ldb_debug, cb), pyldb_Ldb_AsLdbContext(self)); + ldb_ctx = pyldb_Ldb_AsLdbContext(self); + PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, + ldb_set_debug(ldb_ctx, py_ldb_debug, cb), + ldb_ctx); Py_RETURN_NONE; } @@ -745,31 +749,46 @@ static PyObject *py_ldb_set_modules_dir(PyTypeObject *self, PyObject *args) static PyObject *py_ldb_transaction_start(PyLdbObject *self) { - PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ldb_transaction_start(pyldb_Ldb_AsLdbContext(self)), pyldb_Ldb_AsLdbContext(self)); + struct ldb_context *ldb_ctx = pyldb_Ldb_AsLdbContext(self); + int ldb_err; + ldb_err = ldb_transaction_start(ldb_ctx); + PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ldb_err, ldb_ctx); Py_RETURN_NONE; } static PyObject *py_ldb_transaction_commit(PyLdbObject *self) { - PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ldb_transaction_commit(pyldb_Ldb_AsLdbContext(self)), pyldb_Ldb_AsLdbContext(self)); + struct ldb_context *ldb_ctx = pyldb_Ldb_AsLdbContext(self); + int ldb_err; + ldb_err = ldb_transaction_commit(ldb_ctx); + PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ldb_err, ldb_ctx); Py_RETURN_NONE; } static PyObject *py_ldb_transaction_prepare_commit(PyLdbObject *self) { - PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ldb_transaction_prepare_commit(pyldb_Ldb_AsLdbContext(self)), pyldb_Ldb_AsLdbContext(self)); + struct ldb_context *ldb_ctx = pyldb_Ldb_AsLdbContext(self); + int ldb_err; + ldb_err = ldb_transaction_prepare_commit(ldb_ctx); + PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ldb_err, ldb_ctx); Py_RETURN_NONE; } static PyObject *py_ldb_transaction_cancel(PyLdbObject *self) { - PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ldb_transaction_cancel(pyldb_Ldb_AsLdbContext(self)), pyldb_Ldb_AsLdbContext(self)); + struct ldb_context *ldb_ctx = pyldb_Ldb_AsLdbContext(self); + int ldb_err; + ldb_err = ldb_transaction_cancel(ldb_ctx); + PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ldb_err, ldb_ctx); Py_RETURN_NONE; } static PyObject *py_ldb_setup_wellknown_attributes(PyLdbObject *self) { - PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ldb_setup_wellknown_attributes(pyldb_Ldb_AsLdbContext(self)), pyldb_Ldb_AsLdbContext(self)); + struct ldb_context *ldb_ctx = pyldb_Ldb_AsLdbContext(self); + int ldb_err; + ldb_err = ldb_setup_wellknown_attributes(ldb_ctx); + PyErr_LDB_ERROR_IS_ERR_RAISE(PyExc_LdbError, ldb_err, ldb_ctx); Py_RETURN_NONE; } @@ -905,6 +924,7 @@ static PyObject *py_ldb_connect(PyLdbObject *self, PyObject *args, PyObject *kwa int ret; const char **options; const char * const kwnames[] = { url, flags, options, NULL }; + struct
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via cfa33c4 s3-selftest: Add tests for ntlm_auth gss-spnego client and server via 19cfa3e s3-rpcclient: Ensure interfaces are loaded after smb.conf from ebe04fc pyldb: Fix some more long lines, fix formatting. http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit cfa33c45675c55689018ee700e07c81566904ea6 Author: Andrew Bartlett abart...@samba.org Date: Thu Mar 1 17:26:32 2012 +1100 s3-selftest: Add tests for ntlm_auth gss-spnego client and server Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Fri Mar 2 07:05:44 CET 2012 on sn-devel-104 commit 19cfa3e604b5bb8ffa155182d6c24a2fe883e6da Author: Andrew Bartlett abart...@samba.org Date: Fri Mar 2 13:07:09 2012 +1100 s3-rpcclient: Ensure interfaces are loaded after smb.conf This ensures that the interfaces line in the smb.conf is honoured. Andrew Bartlett --- Summary of changes: source3/rpcclient/rpcclient.c |5 ++- source3/script/tests/test_ntlm_auth_krb5.sh | 31 +++ source3/selftest/tests.py |5 source3/torture/test_ntlm_auth.py | 10 4 files changed, 49 insertions(+), 2 deletions(-) create mode 100755 source3/script/tests/test_ntlm_auth_krb5.sh Changeset truncated at 500 lines: diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index ff4354f..43df672 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -956,8 +956,6 @@ out_free: poptFreeContext(pc); - load_interfaces(); - if (!init_names()) { result = 1; goto done; @@ -968,6 +966,9 @@ out_free: if (!lp_load_global(get_dyn_CONFIGFILE())) fprintf(stderr, Can't load %s\n, get_dyn_CONFIGFILE()); + /* We must load interfaces after we load the smb.conf */ + load_interfaces(); + /* * Get password * from stdin if necessary diff --git a/source3/script/tests/test_ntlm_auth_krb5.sh b/source3/script/tests/test_ntlm_auth_krb5.sh new file mode 100755 index 000..5989d01 --- /dev/null +++ b/source3/script/tests/test_ntlm_auth_krb5.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +if [ $# -lt 2 ]; then +cat EOF +Usage: test_ntlm_auth_s3.sh PYTHON SRC3DIR NTLM_AUTH CCACHE SERVER +EOF +exit 1; +fi + +PYTHON=$1 +SRC3DIR=$2 +NTLM_AUTH=$3 +CCACHE=$4 +SERVER=$5 +shift 5 +ADDARGS=$* + +incdir=`dirname $0`/../../../testprogs/blackbox +. $incdir/subunit.sh + +failed=0 + +KRB5CCNAME=$CCACHE +export KRB5CCNAME + +# --server-use-winbindd is set so we know it isn't cheating and using the hard-coded passwords + +testit ntlm_auth with krb5 gss-spnego-client and gss-spnego server $PYTHON $SRC3DIR/torture/test_ntlm_auth.py $NTLM_AUTH $ADDARGS --target-hostname=$SERVER --target-service=host --client-helper=gss-spnego-client --server-helper=gss-spnego --server-use-winbindd || failed=`expr $failed + 1` + + +testok $0 $failed diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index eab1356..778c1ad 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -140,6 +140,11 @@ for env in [s3dc, member, s3member]: plantestsuite(samba3.ntlm_auth.(%s:local) % env, %s:local % env, [os.path.join(samba3srcdir, script/tests/test_ntlm_auth_s3.sh), valgrindify(python), samba3srcdir, binpath('ntlm_auth3'), '$DOMAIN', '$DC_USERNAME', '$DC_PASSWORD', configuration]) +plantestsuite(samba3.ntlm_auth.krb5(ktest:local) old ccache, ktest:local, [os.path.join(samba3srcdir, script/tests/test_ntlm_auth_krb5.sh), valgrindify(python), samba3srcdir, binpath('ntlm_auth3'), '$PREFIX/ktest/krb5_ccache-2', '$SERVER', configuration]) + +plantestsuite(samba3.ntlm_auth.krb5(ktest:local), ktest:local, [os.path.join(samba3srcdir, script/tests/test_ntlm_auth_krb5.sh), valgrindify(python), samba3srcdir, binpath('ntlm_auth3'), '$PREFIX/ktest/krb5_ccache-3', '$SERVER', configuration]) + + for env in [secserver]: plantestsuite(samba3.blackbox.smbclient_auth.plain (%s) domain creds % env, env, [os.path.join(samba3srcdir, script/tests/test_smbclient_auth.sh), '$SERVER', '$SERVER_IP', '$DOMAIN$DC_USERNAME', '$DC_PASSWORD', binpath('smbclient3'), configuration + --option=clientntlmv2auth=no]) diff --git a/source3/torture/test_ntlm_auth.py b/source3/torture/test_ntlm_auth.py index 1ee5b83..cb181be 100755 --- a/source3/torture/test_ntlm_auth.py +++ b/source3/torture/test_ntlm_auth.py @@ -81,6 +81,12 @@ def parseCommandLine(): parser.add_option(--client-helper, dest=client_helper,\ help=Helper mode for the ntlm_auth client. [default: ntlmssp-client-1]) + parser.add_option(--target-hostname, dest=target_hostname,\ +
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 89b4138 s3:rpc_server: initialize struct schannel_state to zero via 083d80c s3:rpc_client: initialize struct schannel_state to zero via 93261a1 s4:auth/gensec/schannel: initialize struct schannel_state to zero via f7acb36 s4:auth/gensec/schannel: make a copy of netlogon_creds_CredentialState in the client from cfa33c4 s3-selftest: Add tests for ntlm_auth gss-spnego client and server http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 89b413895b37004ce41c30a6fcbd76ab19a23d4b Author: Stefan Metzmacher me...@samba.org Date: Mon Feb 27 15:20:45 2012 +0100 s3:rpc_server: initialize struct schannel_state to zero metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Fri Mar 2 08:48:23 CET 2012 on sn-devel-104 commit 083d80c502eaff8983ff4536c2ba86e547c6dc29 Author: Stefan Metzmacher me...@samba.org Date: Mon Feb 27 15:20:45 2012 +0100 s3:rpc_client: initialize struct schannel_state to zero metze commit 93261a118447d06581ed154bf11ca574038d7a00 Author: Stefan Metzmacher me...@samba.org Date: Mon Feb 27 15:20:45 2012 +0100 s4:auth/gensec/schannel: initialize struct schannel_state to zero metze commit f7acb36784fbc8fed72c70d51ef0fbb8493edf8f Author: Stefan Metzmacher me...@samba.org Date: Mon Feb 27 15:18:56 2012 +0100 s4:auth/gensec/schannel: make a copy of netlogon_creds_CredentialState in the client This is really a copy for the lifetime of the rpc connection. metze --- Summary of changes: source3/rpc_client/cli_pipe.c |3 +-- source3/rpc_server/srv_pipe.c |3 +-- source4/auth/gensec/schannel.c | 12 +--- 3 files changed, 11 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/rpc_client/cli_pipe.c b/source3/rpc_client/cli_pipe.c index 7740fbc..12f911b 100644 --- a/source3/rpc_client/cli_pipe.c +++ b/source3/rpc_client/cli_pipe.c @@ -2243,13 +2243,12 @@ NTSTATUS rpccli_schannel_bind_data(TALLOC_CTX *mem_ctx, const char *domain, goto fail; } - schannel_auth = talloc(result, struct schannel_state); + schannel_auth = talloc_zero(result, struct schannel_state); if (schannel_auth == NULL) { goto fail; } schannel_auth-state = SCHANNEL_STATE_START; - schannel_auth-seq_num = 0; schannel_auth-initiator = true; schannel_auth-creds = netlogon_creds_copy(result, creds); diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 9be2bc8..4330a7d 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -479,14 +479,13 @@ static bool pipe_schannel_auth_bind(struct pipes_struct *p, return False; } - schannel_auth = talloc(p, struct schannel_state); + schannel_auth = talloc_zero(p, struct schannel_state); if (!schannel_auth) { TALLOC_FREE(creds); return False; } schannel_auth-state = SCHANNEL_STATE_START; - schannel_auth-seq_num = 0; schannel_auth-initiator = false; schannel_auth-creds = creds; diff --git a/source4/auth/gensec/schannel.c b/source4/auth/gensec/schannel.c index 51be445..2465e53 100644 --- a/source4/auth/gensec/schannel.c +++ b/source4/auth/gensec/schannel.c @@ -73,7 +73,14 @@ static NTSTATUS schannel_update(struct gensec_security *gensec_security, TALLOC_ return NT_STATUS_OK; } - state-creds = talloc_reference(state, cli_credentials_get_netlogon_creds(gensec_security-credentials)); + state-creds = cli_credentials_get_netlogon_creds(gensec_security-credentials); + if (state-creds == NULL) { + return NT_STATUS_INVALID_PARAMETER_MIX; + } + state-creds = netlogon_creds_copy(state, state-creds); + if (state-creds == NULL) { + return NT_STATUS_NO_MEMORY; + } bind_schannel.MessageType = NL_NEGOTIATE_REQUEST; #if 0 @@ -229,13 +236,12 @@ static NTSTATUS schannel_start(struct gensec_security *gensec_security) { struct schannel_state *state; - state = talloc(gensec_security, struct schannel_state); + state = talloc_zero(gensec_security, struct schannel_state); if (!state) { return NT_STATUS_NO_MEMORY; } state-state = SCHANNEL_STATE_START; - state-seq_num = 0; gensec_security-private_data = state; return NT_STATUS_OK; -- Samba Shared Repository