1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Commit Graph

129206 Commits

Author SHA1 Message Date
Martin Schwenke
a1e78cc372 ctdb-scripts: Drop uses of ctdbd_wrapper
The only value this now provides is use of a notification script to
log when start/stop are called.  This was used for debugging strange
start/stop failures, which have not been recently seen.  Also, systemd
does a good job of logging start/stop.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-04-06 06:34:37 +00:00
Martin Schwenke
aca5972233 ctdb-scripts: Remove failsafe that drops all IPs on failed shutdown
IPs are dropped in the shutdown event.

If a watchdog is necessary to ensure public IPs aren't on interfaces
when CTDB isn't running, then see ctdb-crash-cleanup.sh.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-04-06 06:34:37 +00:00
Martin Schwenke
6fb08a6580 ctdb-daemon: Don't release all public IPs during shutdown sequence
This further untangles public IP handling from the main daemon.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-04-06 06:34:37 +00:00
Martin Schwenke
cb438ecfd4 ctdb-scripts: Drop all public IPs in the "shutdown" event
This is functionally the same as ctdb_release_all_ips().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-04-06 06:34:37 +00:00
Martin Schwenke
3caddaafa0 ctdb-config: Drop CTDB_STARTUP_TIMEOUT
This was added to be able to notice startup failures when unknown
tunables were present in the configuration.  Tunables are now set by
the daemon, so this is no longer necessary.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-04-06 06:34:37 +00:00
Martin Schwenke
208034ecfe ctdb-doc: Update documentation for tunables configuration
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-04-06 06:34:37 +00:00
Martin Schwenke
0902553d15 ctdb-scripts: No longer load tunables via 00.ctdb.script setup event
Drop related tests.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-04-06 06:34:37 +00:00
Martin Schwenke
f49446cb1e ctdb-daemon: Load tunables from ctdb.tunables
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-04-06 06:34:37 +00:00
Martin Schwenke
a509ee059e ctdb-daemon: New function ctdb_tunables_load()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-04-06 06:34:37 +00:00
Martin Schwenke
b14f2a205d ctdb-tests: Add unit tests for tunables code
This aims to test ctdb_tunable_load_file() but also exercises
ctdb_tunable_names() and ctdb_tunable_get_value().
ctdb_tunable_set_value() is indirectly exercised via
ctdb_tunable_load_file().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-04-06 06:34:37 +00:00
Martin Schwenke
381134939b ctdb-tests: Add function test_case(), tweak unit test header format
Instead of documenting test cases with a comment, this allows them to
be documented via an argument to a function that is printed when the
test case is run.  This makes it easier locate test case failures when
commands used by test cases look similar,

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-04-06 06:34:37 +00:00
Martin Schwenke
c413838f79 ctdb-tests: Strip trailing newlines from expected result output
This allows the provided output to be specified a little more
carelessly.  As per the comment, trailing newlines can't be matched
anyway, so this is notionally a bug fix.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-04-06 06:34:37 +00:00
Martin Schwenke
5fa0c86b61 ctdb-tests: Reformat script
Samba is reformatting shell scripts using

  shfmt -w -p -i 0 -fn

so update this one before editing.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-04-06 06:34:37 +00:00
Martin Schwenke
bcd66e17ee ctdb-common: Add function ctdb_tunable_load_file()
Allows direct loading of tunables from a file.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-04-06 06:34:37 +00:00
Vinit Agnihotri
93824b8c33 packaging: move CTDB service file to top-level
Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-04-06 06:34:37 +00:00
Martin Schwenke
2f6b31788b ctdb-packaging: Move RPM spec file to examples directory
We used to use this for building test packages for standalone CTDB.
However, our testing has now changed to use binary tarballs.  We
believe we were the only users of this spec file and expect CTDB to
only be installed as part of a top-level Samba build, especially in
RPM form.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2022-04-06 06:34:37 +00:00
David Mulder
63bbdbae19 gpo: Improve Certificate Auto Enroll Debug messages
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr  5 01:44:33 UTC 2022 on sn-devel-184
2022-04-05 01:44:33 +00:00
David Mulder
157d2dd77f gpo: Certificate Auto Enrollment default Kerberos auth
Certificate Auto Enrollment uses Kerberos to
authenticate to AD. If someone configures their
cepces.conf to use a different default
authentication, then samba-gpupdate fails. Force
Kerberos auth from samba-gpupdate.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-05 00:54:37 +00:00
Andreas Schneider
a543d38cd1 third_party:waf: Do not recurse in aesni-intel if GnuTLS provides the cipher
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Apr  4 19:31:28 UTC 2022 on sn-devel-184
2022-04-04 19:31:28 +00:00
Andreas Schneider
efc2de0d8d waf: Check for GnuTLS earlier
As GnuTLS is an essential part we need to check for it early so we can react on
GnuTLS features in other wscripts.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-04 18:38:36 +00:00
Andreas Schneider
7b98e6fcb4 waf: Import Logs in wscript_configure_system_gnutls
We do not use Options, but we do use Logs.warn()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-04 18:38:36 +00:00
Volker Lendecke
4171736339 lib: Stay ASCII-compatible for toupper_m/tolower_m
This is an alternative patch for MR2339: It seems that Windows AD in
turkish locale is ASCII-compatible with 'i'. Björn tells me that the
turkish locale is the only one where upper/lower casing letters in the
ASCII range is not compatible to ASCII.

Simplify our code by not calling the locale-specific standard
toupper/tolower for the ASCII range but rely on our tables.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Apr  4 11:45:24 UTC 2022 on sn-devel-184
2022-04-04 11:45:24 +00:00
Andreas Schneider
79132b333d script: Fix check_symbols() with gcov build
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Apr  4 07:59:51 UTC 2022 on sn-devel-184
2022-04-04 07:59:51 +00:00
Volker Lendecke
edc4c910f2 vfs: Simplify streams_depot_openat()
We don't need an explicit stat(), VALID_STAT on the existing base_fsp
is sufficient.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr  1 21:18:37 UTC 2022 on sn-devel-184
2022-04-01 21:18:37 +00:00
Volker Lendecke
57bcbbcacd smbd: Don't loose base_fsp statinfo in non_widelink_open
smb_fname_rel came from SMB_VFS_PARENT_PATHNAME() without a reference
to the underlying base_fsp. We want to pass the existing stat-info to
the VFS objects, so when creating the relative base fsp_name we should
copy the stat-info from the base fsp we were handed, not the fake one
that we just made up in SMB_VFS_PARENT_PATHNAME()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-01 20:19:29 +00:00
Volker Lendecke
b15c249757 vfs: streams_xattr uses fsetxattr by now, remove an assert
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-01 20:19:29 +00:00
Volker Lendecke
702af7f85f vfs: Ensure we have a base fsp openat() for named streams
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-01 20:19:29 +00:00
Volker Lendecke
fbce308dd4 torture: Create a base_fsp for a named stream in vfstest
This will enable a simplification in the stream-handling openat vfs
routines.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-01 20:19:29 +00:00
Volker Lendecke
b3ab69a435 torture: Introduce error labels for vfstest's cmd_open()
Next patch will have another error exit

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-04-01 20:19:29 +00:00
Andreas Schneider
ac7d0b45fc Move LSP stuff to buildtools/devel_env.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr  1 11:20:35 UTC 2022 on sn-devel-184
2022-04-01 11:20:35 +00:00
Andreas Schneider
012d81d0e2 Add missing final newline to end of sh file
find $(pwd) -type f -name "*.sh" | xargs sed -i -e '$a\'

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-04-01 10:29:31 +00:00
Andreas Schneider
59d1044e55 Add missing final newline to end of c file
find $(pwd) -type f -name "*.c" | xargs sed -i -e '$a\'

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-04-01 10:29:31 +00:00
Ralph Boehme
4b0296995c smbd: consolidate nested if expressions
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 31 23:58:54 UTC 2022 on sn-devel-184
2022-03-31 23:58:54 +00:00
Ralph Boehme
643da37fd1 smbd: remove itime and file_id logic and code
This bases File-Ids on the inode numbers again. The whole stuff was
added because at that time Apple clients

1. would be upset by inode number reusage and

2. had a client side bug in their fallback implemetentation that
assigns File-Ids on the client side in case the server provides
File-Ids of 0.

After discussion with folks at Apple it should be safe these days to
rely on the Mac to generate its own File-Ids and let Samba return 0
File-Ids.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-03-31 23:01:37 +00:00
Ralph Boehme
8ad0febd13 vfs: bump VFS version to 47
The VFS version bump to 47 was missed when adding SMB_VFS_FSTATAT(). While at
it, fix the version history.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-03-31 23:01:37 +00:00
Ralph Boehme
8532d7b38c CI: consolidate SMB2-FILEID and SMB2-FILEID-UNIQUE torture test suites
We don't need seperate test suites here, all tests are related to
File-Ids.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-03-31 23:01:37 +00:00
Ralph Boehme
24f4bea5b8 vfs_fruit: change default for "fruit:zero_file_id" option to yes
After discussion with folks at Apple it should be safe these days to rely on the
Mac to generate its own File-Ids and let Samba return 0 File-Ids.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-03-31 23:01:37 +00:00
Ralph Boehme
9fa67ba8ee vfs_shadow_copy2: implement readdir()
RN: shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15035

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 31 18:47:42 UTC 2022 on sn-devel-184
2022-03-31 18:47:42 +00:00
Ralph Boehme
ba9c5ba8ec CI: add a test listing a snapshotted directory
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15035

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-03-31 17:53:29 +00:00
Ralph Boehme
f734e960eb CI: avoid smb2.twrp being run by plansmbtorture4testsuite() directly
This should only be run by a blackbox test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15035

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-03-31 17:53:29 +00:00
Jeremy Allison
06bfac2125 s3: smbd: Preserve the fsp->fsp_name->st buf across a MSG_SMB_FILE_RENAME message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 30 15:07:09 UTC 2022 on sn-devel-184
2022-03-30 15:07:09 +00:00
Jeremy Allison
5e1aa469ae s3: smbd: Preserve the fsp->fsp_name->st bufs across rename_open_files()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-30 14:16:29 +00:00
Jeremy Allison
1301e64613 s4: torture: Add test_smb2_close_full_information() test to smb2.rename.
Creates a file, opens it again on two different connections
and then renames it. When we close and ask for SMB2_CLOSE_FLAGS_FULL_INFORMATION
we expect this to succeed and return valid data on the handles that did not do
the rename request.

This currently succeeds by accident on master, so we are not
adding a knownfail.d/ file here. When we back-port this test
to 4.16.next, 4.15.next we will add a knownfail.d file.

The rename request zeros out the fsp->fsp_name->st field on the handles
that are open but are not being renamed, marking them as INVALID_STAT.

This should not happen on any open handle. Fix to follow will
preserve the field on rename in both the local connection and
different connection case.

Master gets away with this as in this branch, openat_pathref_fsp(),
which we use in the setup_close_full_information() call to fetch
the SMB2_CLOSE_FLAGS_FULL_INFORMATION data doesn't require an
existing VALID_STAT struct in order to open the file. This
hides the fact the rename zeroed out fsp->fsp_name->st.

4.16.x and 4.15.x don't have this fix, so expose the bug.
Regardless, even in master we should not zero out any
fsp->fsp_name->st values on rename.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-30 14:16:29 +00:00
Jeremy Allison
4725ef5c96 s4: torture: Add CHECK_CREATED macro to smb2/rename.c. Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-30 14:16:29 +00:00
Jeremy Allison
e862a2d9ec s4: torture: Add CHECK_VAL macro to smb2/rename.c. Not yet used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-30 14:16:29 +00:00
Jeremy Allison
e01c5992b0 s3: tests.py: Only run smb2.rename against fileserver.
No need to run this against nt4_dc or ad_dc.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-03-30 14:16:29 +00:00
Stefan Metzmacher
f7f65ceb46 s4:dsdb/descriptor: skip duplicates in descriptor_sd_propagation_object()
We're now sure that the security descriptor propagation happened
first for parent objects.

It means we can safely skip processing the same object twice in
descriptor_sd_propagation_object().

For the database with ~ 22000 objects it reduced the commit time
from 2m 50s down to 2m 24s.

The statistics are changed from:

descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_toplevel=5
descriptor_prepare_commit: changes: num_processed=5200
descriptor_prepare_commit: objects: num_processed=68800

to:

descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_toplevel=5
descriptor_prepare_commit: changes: num_processed=5200
descriptor_prepare_commit: objects: num_processed=22000
descriptor_prepare_commit: objects: num_skipped=41600

It means that we have "changes: num_registered" and
"objects: num_processed" exactly match the number
of replicated objects.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Mar 30 12:06:21 UTC 2022 on sn-devel-184
2022-03-30 12:06:21 +00:00
Stefan Metzmacher
bd1e667a62 s4:dsdb/descriptor: sort descriptor_changes tree based
For the hot code path, e.g. the commit after the initial replication,
we typically have one descriptor_changes for each object in the
database.

It means that we most likely have 5 naming contexts/partitions.
Except of their head/root object have a valid parent_guid,
so can move all of them into the tree structure.

Now we start the processing at the partition root objects,
which means that we also process all child objects in
the same run. While processing these objects we are most
likely able to mark their related descriptor_changes structure
as done removing it from the hierarchy.

With the 22000 object domain it reduces the time spend in
the commit stage from 3m 20s down to 2m 50s.

The statistics are changed from:

descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_processed=22000
descriptor_prepare_commit: objects: num_processed=80800

to:

descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_toplevel=5
descriptor_prepare_commit: changes: num_processed=5200
descriptor_prepare_commit: objects: num_processed=68800

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-30 11:13:35 +00:00
Stefan Metzmacher
ce38b30cdc s4:dsdb/descriptor: pass parent guid to dsdb_module_schedule_sd_propagation()
This is preparation to optimize the security descriptor propagation
in the following commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-30 11:13:35 +00:00
Stefan Metzmacher
b812ade416 s4:dsdb/descriptor: skip duplicates in descriptor_extended_sec_desc_propagation()
During replication we may need to fallback to using DRS_GET_TGT,
which means that we'll get a lot of objects more than once,
the most important one it the partition root object.

It means we'll also do the security descriptor propagation more than
once for these objects, which is extrememly costly for the partition
root objects and other objects near the root.

I analyzed a domain where we collected ~ 50000 descriptor_changes
registrations for the initial replication of ~ 22000 objects
in the database.
For that domain we spend ~ 4 hours for the security descriptor
propagation in descriptor_prepare_commit(), while the replication
itself was finished in less than 2 minutes.

With this change we reduce the number of registered/processed
descriptor_changes down to ~ 22000, while is reduces the time
from ~ 4 hours to just ~ 3 minutes 20 seconds!

The statitics changed from:

descriptor_prepare_commit: changes: num_registered=50000
descriptor_prepare_commit: changes: num_processed=50000
descriptor_prepare_commit: objects: num_processed=12000000

to:

descriptor_prepare_commit: changes: num_registrations=50000
descriptor_prepare_commit: changes: num_registered=22000
descriptor_prepare_commit: changes: num_processed=22000
descriptor_prepare_commit: objects: num_processed=80800

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-30 11:13:35 +00:00