IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is not strictly needed to fig bug 13272, but it makes sense to also
fix this while fixing the overall ACL checking logic.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is used to pass information about which password change operation (change
or reset) the acl module validated, down to the password_hash module.
It's very important that both modules treat the request identical.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Will be used to pass "user password change" vs "password reset" from the
ACL to the password_hash module, ensuring both modules treat the request
identical.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is needed, because a later commit will let the acl module add a
control to the change request msg and we must ensure that this is only
done once.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This change ensures we correctly treat the following LDIF
dn: cn=testuser,cn=users,...
changetype: modify
delete: userPassword
add: userPassword
userPassword: thatsAcomplPASS1
as a password reset. Because delete and add element counts are both
one, the ACL module wrongly treated this as a password change
request.
For a password change we need at least one value to delete and one value
to add. This patch ensures we correctly check attributes and their
values.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Note that the request using the clearTextPassword attribute for the
password change is already correctly rejected by the server.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 13 01:48:21 CET 2018 on sn-devel-144
Minor cleanup reducing the max indentation level and max column length.
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
nmap-ncat is used in some distributions to replace netcat. It has a
different meaning for these options.
We can get the same effect as the current combination of -d and -w by
piping a sleep process to nc. Subsequent use of $! works because it
gets the last process in pipeline.
Note that redirecting from /dev/null doesn't work with some versions
of nc. They just exit when they get EOF.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Mar 9 12:24:13 CET 2018 on sn-devel-144
The check action should be there. It is used by 20.nfs_ganesha.check.
This reverts commit 4fa9026bbd.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This directory is only used by simple tests when running against local
daemons. Moving it to simple/etc-ctdb/events.d/ means that it is
automatically copied by setup_ctdb_base().
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The local daemons code puts the socket in the CTDB_BASE directory.
This means CTDB_NODES_SOCKETS can be replaced by CTDB_BASES, a list of
base directories. The fake ssh script can first determine the correct
CTDB_BASE directory and then use it to set CTDB_SOCKET and
CTDB_PIDFILE.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The comment in local.bash is incorrect. CTDB_BASE will never be set
here because this script is not run under onnode. Instead, this where
CTDB_BASE needs to be set when running against a real cluster.
For local daemons, the check for CTDB_BASE being inconsistent with
node_dir is temporary.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This could have been done earlier but previous movement of lines out
to new functions has made the job easier.
Best viewed with show/diff -w.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Untangle a single loop into two separate, clear functions. Create a
separate, empty file for the node with no public IPs instead of
pointing the configuration at /dev/null.
Leave the indentation in setup_ctdb() in the old style to make this
commit comprehensible.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The nodes file is now in the CTDB_BASE directory so no CTDB_NODES_FILE
variable is needed.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
There is currently a directory of symlinks that are copied during test
setup. These symlinks are updated during installation so they point
to the right place when copied.
Instead, use setup_ctdb_base() during test setup.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Several test suites need the CTDB_BASE directory to contain a subset
of the regular contents of that subdirectory. In some cases there are
symbolic links in the test directory (or a subdirectory) and these
symbolic links need to be fixed at installation time.
Instead, add new function setup_ctdb_base() to set CTDB_BASE, create
the directory and populate it as specified. This relies on
script_install_paths.sh so it can copy the specified targets. It also
copies any files from the test directory's etc-ctdb/ subdirectory.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Use the default compile-time PID file.
Use a CTDB_PIDFILE environment variable when testing.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This tries to be backward compatible with very old versions of CTDB,
so don't bother.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This is already created by installation and/or packaging.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
They're already created at installation time. This way they don't
need to be created at startup.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
All of this logic was necessary when ctdbd did poor PID file and
socket handling. Those things are now solid, so remove this
unnecessary logic.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The code has been broken since commit
4b652c1527.
If ctdbd isn't all the way up in time just make a basic attempt to
shut it down.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Separate stopping and starting of daemons during restart
This allows actions to be taken after stopping and allows the init
testcase to be clearer about what it is doing.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Scripts that use these counters must call ctdb_setup_state_dir().
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Scripts that use these functions must call ctdb_setup_state_dir().
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Replace all uses of ctdb_setup_service_state_dir() by
ctdb_setup_state_dir().
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This allows state directories for scripts other than services.
ctdb_setup_state_dir() takes 2 mandatory arguments.
Unlike ctdb_setup_service_state_dir(), this does not print the
directory name but sets a global variable. The intention is to go
back to a more sensible style of usage.
This will require a shellcheck directive before the first use, such
as:
# Set by ctdb_setup_state_dir
# shellcheck disable=SC2154
foo="${script_state_dir}/bar"
An alternative would be something like the following, which tricks
shellcheck into believing the variable is set:
ctdb_setup_state_dir "service" "foo"
# Shellcheck
script_state_dir="$script_state_dir"
However, this is more cryptic.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Don't use the same directory as temporary databases.
Make associated test consistent.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The ioctl SIOCGIFCONF does not return IPv6 addresses, so this function
does not work for IPv6 addresses.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This command is not used anywhere and also does not work for IPv6
addresses.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This can only be done on the local node. For remote node, exit as
soon as the control returns.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>