1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

95932 Commits

Author SHA1 Message Date
Michael Adam
ca06fac2c8 wafsamba: remove unused variable from copy_and_fix_python_path
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-09-05 19:47:05 +02:00
Amitay Isaacs
2c57cc9597 ctdb-call: Drop all deferred requests from older generation
Deferring packets has a nasty interaction with recovery.  All deferred
packets must be dropped when recovery happens, since those packets are
tracked as pending requests and will be re-sent with new generation.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Sep  5 09:30:50 CEST 2014 on sn-devel-104
2014-09-05 09:30:50 +02:00
Amitay Isaacs
6f072f85a1 ctdb-locking: Do not reset real-time priority for lock helpers
When using TDB robust mutexes, the kernel wakes waiting processes one
by one, in the priority list order.  To ensure that ctdb lock helper
processes do not starve, lock helper processes need to run at a higher
priority than smbd.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-09-05 07:05:10 +02:00
Amitay Isaacs
ef59f2e6bb ctdb-daemon: Defer all calls when processing dmaster packets
When CTDB receives DMASTER_REQUEST or DMASTER_REPLY packet, the specified
record needs to be updated as soon as possible to avoid inconsistent
dmaster information between nodes.  During this time, queue up all calls
for that record and process them only after dmaster request/reply has
been processed.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-09-05 07:05:10 +02:00
Amitay Isaacs
deb7bb89b3 ctdb-daemon: Remove duplicate code with refactored function
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-09-05 07:05:10 +02:00
Amitay Isaacs
bd13389467 ctdb-common: Refactor code to convert TDB_DATA key to aligned uint32 array
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-09-05 07:05:10 +02:00
Amitay Isaacs
13d5af48ac ctdb-include: Remove declaration of non-existent function
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-09-05 07:05:10 +02:00
Amitay Isaacs
2592ae5a56 ctdb-locking: Remove unused function ctdb_free_lock_request_context
There is no need for a special function to free lock request and
corresponding lock context.  Freeing lock request will free lock
context also.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-09-05 07:05:10 +02:00
Amitay Isaacs
374cbc7b0f ctdb-locking: Talloc lock request from client specified context
This makes sure that when the client context is destroyed, the lock
request goes away.  If the lock requests is already scheduled, then the
lock child process will be terminated.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-09-05 07:05:10 +02:00
Amitay Isaacs
d9e4622a44 ctdb-locking: Run debug locks script only if the node is active
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-09-05 07:05:10 +02:00
Andreas Schneider
6d2f56dbaf selftest: Fix selftest where pid is used uninitialized.
On my system this gets evaluated to 0 so in the end we detect samba to
be running cause $childpid is set to 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10793

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Sep  4 17:09:17 CEST 2014 on sn-devel-104
2014-09-04 17:09:17 +02:00
Stefan Metzmacher
0b4a3b7611 s4-rpc: dnsserver: return DNS_RANK_NS_GLUE recors when explicitly asked for
NS records should be included in the query for sub-domains.  NS records
got dropped when the rank for NS records was correctly set to NS_GLUE
from ZONE in commit 2036cbd924.

  samba-tool dns query 172.31.9.161 s4xdom.base @ ALL
  =>
  Name=glue, Records=0, Children=0

  samba-tool dns query 172.31.9.161 s4xdom.base glue ALL
  =>
    Name=, Records=1, Children=0
      NS: glue.dns.private. (flags=40000082, serial=21, ttl=900)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10751

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Sep  4 14:37:51 CEST 2014 on sn-devel-104
2014-09-04 14:37:51 +02:00
Stefan Metzmacher
2c342e488d s4-rpc: dnsserver: handle updates of tombstoned dnsNode objects
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2014-09-04 12:07:13 +02:00
Amitay Isaacs
6f2862e766 s4-rpc: dnsserver: Do not search for deleted DNS entries
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10749

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-09-04 12:07:13 +02:00
Jeremy Allison
7f976f42c4 s3: smbd: vfs_dirsort module.
Fix an off-by-one check that would cause seekdir to
seek off the end of the cached array.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg.gmail.com>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep  3 19:59:54 CEST 2014 on sn-devel-104
2014-09-03 19:59:54 +02:00
Amitay Isaacs
80f00eaf51 ctdb-build: SAMBA_BINARY targets should not include bin/ prefix
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Sep  3 06:26:16 CEST 2014 on sn-devel-104
2014-09-03 06:26:16 +02:00
Andrew Bartlett
b55a91e9d2 join.py: Set NT ACL on crossRef object for new partition
Change-Id: Icb1b00697cc5641481370ded26f2f0551a5b2a97
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep  2 14:15:54 CEST 2014 on sn-devel-104
2014-09-02 14:15:54 +02:00
Stefan Metzmacher
eee14f775e samba-tool/ldapcmp: update the list of non replicated attributes
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10788

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep  2 03:49:49 CEST 2014 on sn-devel-104
2014-09-02 03:49:48 +02:00
Günther Deschner
aaf2cae36b s3-kpasswd: Fix build warning.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Sep  1 18:15:15 CEST 2014 on sn-devel-104
2014-09-01 18:15:15 +02:00
Günther Deschner
638a8edd7c s4-heimdal: do not build rkpty anymore.
It is fully replaced with texpect now.

Guenther

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Günther Deschner
c4e15e0f6d testprogs: use texpect instead of rkpty.
Guenther

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Günther Deschner
a78a87ac53 testprogs: test kpasswd via "net ads password".
Guenther

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Günther Deschner
fa39e025ff testprogs: use texpect in passwords test file instead of rkpty.
Guenther

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Günther Deschner
3ba74c83dc lib/texpect: add texpect binary based on heimdals rkpty.
Guenther

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Günther Deschner
9e42b01865 s3-kpasswd: send a netbios krb5 address to avoid invalid net address errors from
heimdal.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Simo Sorce
1d779bdbb2 Remove custom password change code in libads
Use standard libkrb5 calls instead.

Signed-off-by: Simo Sorce <idra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Simo Sorce
6bdde64354 Remove duplicate definitions
Thee are already defined both in Heimdal and MIT public headers

Signed-off-by: Simo Sorce <idra@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Günther Deschner
af7613fa25 testprogs: allow to run passwords test with MIT and Heimdal kinit.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Andreas Schneider
7982c373b0 testprogs: Use the system binaries for KRB5 if we don't build in-tree heimdal.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2014-09-01 15:47:33 +02:00
Andreas Schneider
980ce21a5b selftest: Use the dns domain in the hosts file.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-09-01 15:47:33 +02:00
Andrew Bartlett
470e5b8222 s4-netlogond: Give a better error if we do not have a flatname attribute
Change-Id: I3bc283b6fab4326131084d1abb89cb486af7b35a
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep  1 02:58:46 CEST 2014 on sn-devel-104
2014-09-01 02:58:46 +02:00
Andrew Bartlett
b9e1736216 join.py: Ensure to fill in samAccountName so we get the domain$ account
Otherwise, we get a random samAccountName

Andrew Bartlett

Change-Id: I87ea532fe22c1b2d2effd52859da3b357f692b5a
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
8485cc9448 s3-rpc_client: Do not give NT_STATUS_NO_MEMORY when the source string was NULL
Change-Id: I25a4dcc2239267ee7c219e965693027ca2981983
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
5602377fce set_dc_type_and_flags_trustinfo: Use init_dc_connection and wb_open_internal_pipe
This means we call this code, and mark trusted domains as active directory, when we are an AD DC.

Otherwise, in the previous case we would not have domain->active_directory set, and would fail on
connection_ok() due to not having a full connection to our internal DC

Change-Id: I7ccee569d69d6c5466334540db8920e57aafa991
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
1c979b1cfc dsdb: improve debugging in DsCrackNameOneFilter
Change-Id: I64d8e1eb94d833dc8ebf18fecdf32a83470a087e
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
1
2014-09-01 00:36:42 +02:00
Andrew Bartlett
7a29173af8 winbindd: Add debugging to assist in locating errors creating NETLOGON pipes
Change-Id: If15483c37ed43267c6474ce8b5e9d96254745bca
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
735615293b passdb: Use sam_get_results_trust() and implement pdb_samba_dsdb_get_trusteddom_pw
We now return the plaintext passwords for trusted domains so winbindd can use them.

Change-Id: Ifcd59b0be815d25b73bdbc41db7477895461c7b6
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
80be6993c9 auth: Split out fetching trusted domain into sam_get_results_trust()
This new helper function will also be used by pdb_samba_dsdb.

Change-Id: I008af94a0822012c211cfcc6108a8b1285f4d7c7
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
36085a222c provision: Only create hard links for ForestDnsZones if it exists on this DC
We might be a subdomain, and not host this partition.

Andrew Bartlett

Change-Id: I9aa32c5692cd9fd0a6bced8bea37cd8593b31906
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
b50d7a0f34 selftest: Improve connection between primary domain and subdomain for krb5
Two things help here: The join is done on the lower case name, so we
can match it in the krb5.conf, and we share the krb5.conf between the
"dc" environment and the "subdom_dc" environment.  Between these two
measures, this means we can get tickets using the domain trust.

If we used cwrap for DNS queries and we had our internal DNS set up correctly,
we could avoid this (because that is not case sensitive),
but otherwise we need to get SUB.samba.example.org into the krb5.conf,
and this is harder to do an a generic way.

Andrew Bartlett

Change-Id: If378915112728aaf47aa68ce0b071a7e09d756ad
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
b6ade7d04b dsdb: Make log message more clear
Change-Id: Ibf3c55748e755d2f6dae57293bfde11cdf7ba3ae
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
aa6a740163 selftest: Set admin password on subdom_dc environment
Change-Id: Ib9edae20004ea6f5a500efcfcd7bbd9fc8015c25
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
a348959088 winbindd: Do not segfault if the trusted domain has no SID
Currently we abort, as skipping the domain would make the loop much more complex for a situation not yet seen in the real world.

Andrew Bartlett

Change-Id: Ie1e269eb25047d662d8fd0f771ee20de1d48706b
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
0edc1476b7 join.py: Ensure we set the SID of the parent domain on the trust record
Change-Id: Ifaf3f2d1240d983a48ee1874fdc9c266354f6754
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
964e412ead python: Use the security.dom_sid type for ctx.domsid in join.py and provision
Change-Id: I1266f77184d68aae6a39a73bac8a432fdd707b2e
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
c9f613f60d dsdb: Permit creation of partitions of type INSTANCE_TYPE_UNINSTANT
This is only allowed when we are creating the objects from a DsAddEntry call, not over LDAP.

Change-Id: Ieec6b07556d58741ec04fede8bf9940811f12a62
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
204337f454 provision: Use names.domainsid and names.domainguid
This is better than passing around parameters to functions all over
the provision stack and makes it easier to pass in a seperate forest
SID when we start to support subdomains.

Change-Id: I3787f4f3433ca04628f888135c7c0c8195379542
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
79ee8fc82c s4-gensec: Fix spelling in debug message
Change-Id: Ia0218c4b1f714d1b829ab0ce5851a4d02a1bf5df
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:41 +02:00
Andrew Bartlett
6ad24d072e provision: Only calculate ForestDNSZone GUID if we need it
Change-Id: Ie33812627ce7ececda681c2d784b1ca97b1b73c4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:41 +02:00
Andrew Bartlett
c11a89a2c1 join.py: Reinstate full_nc_list and make creation of NTDS-DSA object common
The new function join_ntdsdsa_obj() returns the object, to be added over LDAP or DsAddEntry().

Andrew Bartlett

Change-Id: I41ac256fb3d4edffc617af4ae580acd941b4de83

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:41 +02:00