1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

101485 Commits

Author SHA1 Message Date
Martin Schwenke
411ccb98c3 ctdb/tools: Update ctdb CLI tool to call ctdb_natgw
The "natgwlist" command is no longer marked "auto all" and is also
marked "without daemon".  That latter is not strictly true because
ctdb_natgw needs the daemon so a subsequent invocation of "ctdb
nodestatus" will work.  However, "without daemon" is used here because
the top-level "ctdb natgwlist" does not need to open a connection to
the daemon.  It just needs to invoke ctdb_natgw.

Update tests to suit.

It would make sense to make "ctdb natgw" generally call out to
ctdb_natgw, passing all argument.  However, that can be done later.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-25 07:18:25 +01:00
Martin Schwenke
e515968a51 ctdb-tests: Drop some unnecessary NAT gateway tests
These tests deal only with timeouts that can occur retrieving
capabilities.  The NAT gateway capability is going away so drop the
tests now to simplify future commits.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-25 07:18:25 +01:00
Martin Schwenke
bae9feacf2 ctdb: Call out to ctdb_natgw helper from 11.natgw
To keep this commit comprehensible, 11.natgw and the CTDB CLI tool are
temporarily inconsistent.  The tool will be made consistent in a
subsequent commit.

ctdb_natgw_slave_only() is reimplemented to check for the option in
the appropriate line in $CTDB_NATGW_NODES.

Update unit tests and documentation.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-25 07:18:25 +01:00
Martin Schwenke
f1265f0ebe ctdb-tests: NAT gateway slave-only changes
Handle the "slave-only" option in the unit test setup.  Reindent
function while touching it.

Also drop a test that no longer makes sense.  Specifying both "master"
and "slave-only' is now much more obvious, since they need to be on
the same line, and is now punishable by undefined behaviour.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-25 07:18:25 +01:00
Martin Schwenke
7095c9bcd0 ctdb-scripts: New function ctdb_natgw_slave_only()
This allows future changes to be more self-contained.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-25 07:18:25 +01:00
Martin Schwenke
3a2eebfe19 ctdb-tests: Test ctdb CLI tool via a stub
Some features, such NAT gateway and LVS support, can be implemented
without daemon and (internal) ctdb CLI tool support.  These are
non-core features that don't need incredible performance and they
don't need to be in the core code.  They can easily be reimplemented
in scripts, along with some configuration changes.

For continuity, the ctdb CLI tool code will call out to helper scripts
so that the current status information can still be provided.  Those
helper scripts may then reinvoke the ctdb CLI tool to gather
information.

So, redo the tool testing using a "ctdb" stub command.  This will
swallow standard input and feed it to the test program each time the
"ctdb" stub is called.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-25 07:18:25 +01:00
Martin Schwenke
1538fc4585 ctdb-tools: Add standalone ctdb_natgw tool script
This is intended to replace the use of "ctdb natgwlist" in 11.natgw
and provide different views of the NAT gateway status.

It replaces the use of CTDB_NATGW_SLAVE_ONLY=yes with a "slave-only"
keyword in the NAT gateway nodes file.  This means the nodes file must
be consistent on all nodes in a NAT gateway group.

Note that this script is not yet integrated, so there are no behaviour
or documentation changes.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-25 07:18:25 +01:00
Martin Schwenke
d71f747f5c ctdb-scripts: Tests for monitoring of CTDB_NATGW_PUBLIC_IFACE
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-25 07:18:25 +01:00
Martin Schwenke
638117c01a ctdb-scripts: Move monitoring of CTDB_NATGW_PUBLIC_IFACE to 11.natgw
The NAT gateway code should be self-contained.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-25 07:18:25 +01:00
Martin Schwenke
df5845c641 ctdb-scripts: CTDB_PARTIALLY_ONLINE_INTERFACES incompatible with NAT gateway
This has always been the case.  Now it is documented and enforced.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-25 07:18:25 +01:00
Martin Schwenke
06901f4aeb ctdb-scripts: Rename variable: fail -> down_interfaces_found
Now its name describes its usage and the code reads better.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-25 07:18:24 +01:00
Martin Schwenke
d0f2143fe8 ctdb-scripts: Drop functions mark_up() and mark_down()
Each is now used in only one place and the logic is more obvious
without them.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-25 07:18:24 +01:00
Martin Schwenke
85316c0415 ctdb-scripts: Move interface monitoring code to functions file
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-25 07:18:24 +01:00
Martin Schwenke
fe64e76aa0 ctdb-scripts: Rename get_real_iface() -> interface_get_real()
Now suitably named for move to functions file.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-25 07:18:24 +01:00
Martin Schwenke
6f212aacf8 ctdb-scripts: Refactor function interface_monitor() to monitor one interface
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-01-25 07:18:24 +01:00
Ralph Boehme
cd86f20e24 s4:torture: add SMB2 test for directory creation initial allocation size
Test that directory creation with an initial allocation size > 0
succeeds.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11684

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun Jan 24 01:20:52 CET 2016 on sn-devel-144
2016-01-24 01:20:52 +01:00
Ralph Boehme
78ccbb0717 s3:smbd: Ignore initial allocation size for directory creation
We reject directory creation with an initial allocation size > 0 with
NT_STATUS_ACCESS_DENIED. Windows servers ignore the initial allocation
size on directories.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11684

Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-23 22:11:18 +01:00
Michael Adam
a1a8746174 s3:smb2_sesssetup: implement SMB3 session bind (disabled)
This is disabled for now. It will be possible to enabled it
via a config switch once the underpinnings are complete.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Sat Jan 23 03:22:18 CET 2016 on sn-devel-144
2016-01-23 03:22:18 +01:00
Stefan Metzmacher
edd781d5a8 s3:smb2_sesssetup: treat BINDING in smbd_smb2_session_setup_auth_return
This adds smbd_smb2_bind_auth_return(), a
variant of auth_return for session binding.

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
2016-01-23 00:08:36 +01:00
Michael Adam
91770e3fa7 s3:smb2_negprot: announce multi channel support (disabled)
This disabled for now. Will be enabled by config setting
once underpinnings are ready.

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-01-23 00:08:36 +01:00
Michael Adam
d60ffcfe44 smbXsrv: introduce bool smbXsrv_client->server_multi_channel_enabled
defaulting to false.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-01-23 00:08:36 +01:00
Uri Simchoni
3e084695da build: fix ldbsearch panic on FC22
add dependency that fixes ldbsearch panic due to conflict -
function read_data() is implemented both by libtspi.so.1, which
is a dependency of gnutls on FC22, and by an internal samba
shared lib.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Sat Jan 23 00:06:59 CET 2016 on sn-devel-144
2016-01-23 00:06:59 +01:00
Andreas Schneider
8ec92e5073 smbspool: Add string representation of nt_status
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jan 22 20:59:36 CET 2016 on sn-devel-144
2016-01-22 20:59:36 +01:00
Andreas Schneider
c3aaf6492f waf: Only build the backupkey rpc test with AD DC enabled
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2016-01-22 17:47:21 +01:00
Andreas Schneider
f69b6dd905 tests: Only execute heimdal tests if we build with heimdal
This is a preparation for MIT Kerberos support in the AD server.

Pair-Programmed-With: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jan 22 14:13:42 CET 2016 on sn-devel-144
2016-01-22 14:13:42 +01:00
Andreas Schneider
30419f2966 tests: Rename heimdal blackbox tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-01-22 11:07:31 +01:00
Ralph Boehme
b74bef8f7d smbstatus: add support for SMB1 signing and CIFS UNIX extensions encryption
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jan 22 11:06:05 CET 2016 on sn-devel-144
2016-01-22 11:06:05 +01:00
Ralph Boehme
f95549957e libcli/smb: add define SMB_ENCRYPTION_GSSAPI for CIFS encryption type
Add a define for the CIFS UNIX extensions encryption type. We store this
in smbXsrv_channel and use it in smbstatus for showing the
CIFS/SMB2/SMB3 encryption cipher used.

The SMB3 encryption cipher constants start at 1, carefully choosing the
highest available bit for the CIFS UNIX extensions encryption cipher
should avoid collisions and leaves room for many SMB3 ciphers in the
future.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:21 +01:00
Ralph Boehme
1e60a3f009 smbstatus: show signing state of sessions and tcons
Show the signing state of sesssions tcons in smbstatus. This is SMB2/3
only. SMB1 support will be added in a later commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:21 +01:00
Ralph Boehme
8d8af479e2 s3:lib/conn_tdb: store the connection dialect
This will be used in a subsequent commit that will print the signing
cipher in smbstatus. We need the connection dialect for that.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:21 +01:00
Ralph Boehme
9d284431fc s3:smb2_server: add signing state tracking flags
Add flags that track the signing state of all incoming and outgoing SMB2
packets and a helper function that can be used to determine whether a
session of tcon can be considered "signed".

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:21 +01:00
Ralph Boehme
fe5353c82e s3:smb2_server: convert signing_required bool to flags bitmap
Use a flags bitmap for storing the signing state. This is in preparation
of a subsequent patch that adds more flags to the bitmap.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:21 +01:00
Ralph Boehme
780743d1b2 smbstatus: show encrpytion state of tree connects
Show the encrpytion state of tcons in smbstatus. This is SMB3 only. CIFS
UNIX extensions encryption will be added in a later commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:21 +01:00
Ralph Boehme
83a557dfad smbstatus: align tree connect header and output
Align output and use timestring() instead of time_to_asc(). The latter calls
asctime() which forces a \n into the time string.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:21 +01:00
Ralph Boehme
e0fc93112f smbstatus: show encrpytion state of sessions
Show the encrpytion state of sessions in smbstatus. This is SMB3
only. CIFS UNIX extensions encryption will be added in a later commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:21 +01:00
Ralph Boehme
5d750787eb smbstatus: align session list header and ouput
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:20 +01:00
Ralph Boehme
603f1de9cf smbstatus: pass talloc context to traverse_connections
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:20 +01:00
Ralph Boehme
c2443d608a smbstatus: pass talloc context to traverse_sessionid
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:20 +01:00
Ralph Boehme
f59ef038ed smbstatus: rework connection dialect printing
In a later change I want to print the signing cipher which depends upon
the connection dialect. So let's store the connection dialect in the
sessionid struct and move the code that maps dialect integers to strings
to smbstatus.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:20 +01:00
Ralph Boehme
e501c733ec s3:smb2_server: add encryption state tracking flags
Add two encryption state tracking flags that can be used to tell whether
a session or tcon is "encrypted" and add a helper function to calculate
the encryption state from those flags.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:20 +01:00
Ralph Boehme
736cd36d36 s3:smb2_server: store encryption cipher in the channel
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:20 +01:00
Ralph Boehme
bfdffea0fa s3:smb2_server: convert encryption desired and required bools to flags
This adds a bitmap smbXsrv_encrpytion_flags with flags to the
smbXsrv_session_global.tdb and smbXsrv_tcon_global.tdb that we use
instead of bools for desired and required.

We need this info in the smbXsrv tdbs for smbstatus. Subsequent commits
for smbstatus will use it.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:20 +01:00
Ralph Boehme
63a13f40cf smbstatus: remove obsolete verbose message
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 07:52:20 +01:00
Michael Adam
ef269c9ddc substitute: Fix talloc_sub_basic for %G in the case of a local user.
This fixes a regression introduced by the fix for bug 10286.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10286

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 22 05:03:25 CET 2016 on sn-devel-144
2016-01-22 05:03:25 +01:00
Michael Adam
2f2b57a648 passdb: change ABI version to 0.25.0 due to removed symbol.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 01:55:09 +01:00
Michael Adam
8ff3257c4c s3:passdb: move my_sam_name() from passdb to util_name.c
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 01:55:09 +01:00
Michael Adam
a929913cb1 s4-torture: let smb2.replay.replay5 test deal with scale out shares.
Scale out shares don't hand out batch or exclusive oplocks.
Hence no durable handles either.
The important point here is that the behaviour tested
does largely not rely on the fact that we had a durable
handle but that we were using a durable handle create
context to specify a CreateGUID.

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 01:55:09 +01:00
Michael Adam
c9218c40e6 smbd:smb2_close: remove an irritating blank line
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 01:55:09 +01:00
Michael Adam
718007b223 docs:smbdotconf: fix tabs/space mixup in logon parameter metadata
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-22 01:55:09 +01:00
Uri Simchoni
6ed3985182 vfs_shadow_copy2: check crossmountpoints against snapdirseverywhere
If crossmountpoints is enabled, verify that snapdirseverywhere is
enabled too, since crossmountpoints has no meaning otherwise.

This obviates the check of crossmountpoints against other config
variables.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jan 22 01:54:06 CET 2016 on sn-devel-144
2016-01-22 01:54:06 +01:00