Uri Simchoni [Tue, 9 Jun 2015 11:30:14 +0000 (14:30 +0300)]
libads: Fix fallback logic when finding a domain controller
This is a patch to fix bug 11321.
When finding a domain controller, the method is to resolve
the IP address of candidate servers, and then do an ldap ping until a
suitable server answers.
In case of failure, there's fallback from DNS lookup to netbios lookup
(if netbios is enabled) and then back to site-less DNS lookup. The two
problems here are:
1. It makes more sense to try site-less DNS before NetBIOS because the
fallback to NetBIOS is not likely to give better results.
2. The NetBIOS fallback screws the site-less fallback (I suppose the
"goto considered harmful fellows are sometimes right after all...).
This fix extracts the core code that does name resolving+ldap ping
into a separate function and then activates this function in up to
three modes - site-aware, site-less, and netbios, in that order.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Uri Simchoni [Mon, 8 Jun 2015 05:42:58 +0000 (08:42 +0300)]
namequery: remove dead code
When composing the list of servers out of the server affinity cache
and "password server" parameter, there's fallback to DNS-SRV-record-
based search if the "password server" + session affinity yield an empty
list. However:
1. The way the code is written, it never gets executed because the empty list
is not an empty string (it contains a comma)
2. This fallback is doe in any case just a few lines down the function
Therefore this patch simply removes this fallback code.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Uri Simchoni [Mon, 18 May 2015 10:36:46 +0000 (13:36 +0300)]
libads: Keep 'good' server at the head of custom KDC list
When creating a custom krb.conf file for a domain, make sure
that the DC which already answered the ldap ping is not queried
again, and is always first in the custom KDC list. This has two
advantages:
1. Avoid re-sending an ldap ping to this server
2. The generated list is made up of the servers that answered
first. Since the DC which already answered an LDAP ping
is typically the "last good server", this change keeps it
out of the contest and guarantees that we keep using last
good server as long as it works.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Uri Simchoni [Thu, 21 May 2015 07:38:42 +0000 (10:38 +0300)]
namequery: correctly merge kdc ip address list
When finding DCs, there are three sources of addresses:
1. "Last good server"
2. Configured password server
3. SRV DNS queries
Since those different sources may return the same addresses, the
IP list is checked for duplicates, e.g. in order to save on
the LDAP ping that usually follows. Both IP address and port are
compared.
This change fixes the address duplicate removal for the case of KDC
search, where the "last good server" or configured password server
also appears in the DNS SRV query response.
An (undocumented?) assumption is that the "password server" parameter
is applicable to KDCs as well, but if a port is specified (e.g.
dc1.example.com:390), then this is the ldap port.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Uri Simchoni [Wed, 3 Jun 2015 10:50:25 +0000 (13:50 +0300)]
namequery: fix get_kdc_list() to look for _kerberos records
get_kdc_list() should look for _kerberos.xxx SRV records rather
than _ldap.xxx records. This has significance in two cases:
- Non-default DNS configurations
- When building a custom krb5.conf file for a domain, an attempt is
made to get site-specific as well as site-less records, but the
search for _ldap records yields a cached site-specific result even
for the site-less query.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Uri Simchoni [Thu, 21 May 2015 05:40:24 +0000 (08:40 +0300)]
libads: fix indentation in generated krb5.conf
In case of multiple KDCs, the automatically-generated
domain-specific kerberos configuration file lists all the
KDCs it can find, but the indentation of additional KDCs
is not aligned with that of the first KDC.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Volker Lendecke [Mon, 15 Jun 2015 12:14:43 +0000 (12:14 +0000)]
net: Fix messaging_init for clustering
A full loadparm with include=registry implicitly initializes a
messaging_context. We need to use that.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Jun 15 22:44:57 CEST 2015 on sn-devel-104
* Fix runtime detection for robust mutexes in the standalone build.
bug #11326
* Possible fix for the build with robust mutexes on solaris 11
bug #11319
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 12 19:55:34 CEST 2015 on sn-devel-104
And the build failed with PTHREAD_MUTEX_ROBUST being unknown.
Note that PTHREAD_MUTEX_ROBUST and PTHREAD_MUTEX_ROBUST_NP are enum values
while they're defines on solaris 11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11319
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* Fix compile error in Solaris ports backend.
* Fix access after free in tevent_common_check_signal(). bug #11308
* Improve pytevent bindings.
* Testsuite fixes.
* Improve the documentation of the tevent_add_fd()
assumtions. It must be talloc_free'ed before closing the fd!
See bug #11141 and bug #11316.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
s4:libcli/raw: make sure smbcli_transport_connect_send/recv correctly cleanup on error
We need to make sure that we remove any pending writev_send or read_smb_send
request before closing the socket fd. As a side effect we always close the
socket fd if we don't return success for any any reason.
tevent.h: propose tstream_ versions of read_packet_send/recv and writev_send/recv
The functions operating on the raw file descriptor are for advanced callers,
which take extra care and avoid the problems of
https://bugzilla.samba.org/show_bug.cgi?id=11141.
Amitay Isaacs [Tue, 2 Jun 2015 01:25:44 +0000 (11:25 +1000)]
ctdb-locking: Avoid resetting talloc destructor
Let ctdb_lock_request_destructor() take care of the proper cleanup.
If the request if freed from the callback function, then the lock context
should not be freed. Setting request->lctx to NULL takes care of that
in the destructor.
Amitay Isaacs [Mon, 1 Jun 2015 14:22:07 +0000 (00:22 +1000)]
ctdb-locking: Set destructor when lock_context is created
There is already code in the destructor to correctly remove it from the
pending or the active queue. This also ensures that when lock context
is in pending queue and if the lock request gets freed, the lock context
is correctly removed from the pending queue.
Thanks to Stefan Metzmacher for noticing this and suggesting the fix.
ctdb-locking: Set the lock_ctx->request to NULL when request is freed
The code was added to ctdb_lock_context_destructor() to ensure that
the if a lock_ctx gets freed first, the lock_request does not have a
dangling pointer. However, the reverse is also true. When a lock_request
is freed, then lock_ctx should not have a dangling pointer.
ctdb-locking: Avoid memory corruption in ctdb_lock_context_destructor
If the lock request is freed from within the callback, then setting
lock_ctx->request to NULL in ctdb_lock_context_destructor will end up
corrupting memory. In this case, lock_ctx->request could be reallocated
and pointing to something else. This may cause unexpected abort trying
to dereference a NULL pointer.
So, set lock_ctx->request to NULL before processing callbacks.
This avoids the following valgrind problem.
==3636== Invalid write of size 8
==3636== at 0x151F3D: ctdb_lock_context_destructor (ctdb_lock.c:276)
==3636== by 0x58B3618: _talloc_free_internal (talloc.c:993)
==3636== by 0x58AD692: _talloc_free_children_internal (talloc.c:1472)
==3636== by 0x58AD692: _talloc_free_internal (talloc.c:1019)
==3636== by 0x58AD692: _talloc_free (talloc.c:1594)
==3636== by 0x15292E: ctdb_lock_handler (ctdb_lock.c:471)
==3636== by 0x56A535A: epoll_event_loop (tevent_epoll.c:728)
==3636== by 0x56A535A: epoll_event_loop_once (tevent_epoll.c:926)
==3636== by 0x56A3826: std_event_loop_once (tevent_standard.c:114)
==3636== by 0x569FFFC: _tevent_loop_once (tevent.c:533)
==3636== by 0x56A019A: tevent_common_loop_wait (tevent.c:637)
==3636== by 0x56A37C6: std_event_loop_wait (tevent_standard.c:140)
==3636== by 0x11E03A: ctdb_start_daemon (ctdb_daemon.c:1320)
==3636== by 0x118557: main (ctdbd.c:321)
==3636== Address 0x9c5b660 is 96 bytes inside a block of size 120 free'd
==3636== at 0x4C29D17: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==3636== by 0x58B32D3: _talloc_free_internal (talloc.c:1063)
==3636== by 0x58B3232: _talloc_free_children_internal (talloc.c:1472)
==3636== by 0x58B3232: _talloc_free_internal (talloc.c:1019)
==3636== by 0x58B3232: _talloc_free_children_internal (talloc.c:1472)
==3636== by 0x58B3232: _talloc_free_internal (talloc.c:1019)
==3636== by 0x58AD692: _talloc_free_children_internal (talloc.c:1472)
==3636== by 0x58AD692: _talloc_free_internal (talloc.c:1019)
==3636== by 0x58AD692: _talloc_free (talloc.c:1594)
==3636== by 0x11EC30: daemon_incoming_packet (ctdb_daemon.c:844)
==3636== by 0x136F4A: lock_fetch_callback (ctdb_ltdb_server.c:268)
==3636== by 0x152489: process_callbacks (ctdb_lock.c:353)
==3636== by 0x152489: ctdb_lock_handler (ctdb_lock.c:468)
==3636== by 0x56A535A: epoll_event_loop (tevent_epoll.c:728)
==3636== by 0x56A535A: epoll_event_loop_once (tevent_epoll.c:926)
==3636== by 0x56A3826: std_event_loop_once (tevent_standard.c:114)
==3636== by 0x569FFFC: _tevent_loop_once (tevent.c:533)
==3636== by 0x56A019A: tevent_common_loop_wait (tevent.c:637)
==3636== by 0x56A37C6: std_event_loop_wait (tevent_standard.c:140)
==3636== by 0x11E03A: ctdb_start_daemon (ctdb_daemon.c:1320)
==3636== by 0x118557: main (ctdbd.c:321)
Christof Schmitt [Thu, 11 Jun 2015 20:55:15 +0000 (13:55 -0700)]
rpcclient: Add info level 1005 for netsharegetinfo
This allows querying the DFS flags and the csc policy. Also update the
usage info that ths share name is not optional and print the supported
info levels.
Douglas Bagnall [Wed, 10 Jun 2015 23:11:06 +0000 (11:11 +1200)]
KCC: use python 2.6 compatible dictonary comprehensions
The `{k: v for k, v in whatever}` syntax is "new" in Python 2.7.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 12 09:46:13 CEST 2015 on sn-devel-104
Douglas Bagnall [Wed, 27 May 2015 06:04:15 +0000 (18:04 +1200)]
KCC: intrasite double_directed_ring test shouldn't include RODCs
RODCs don't belong in the ring. In practice, they don't really belong
in the same site as a ring, but that is another matter.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 May 2015 03:04:01 +0000 (15:04 +1200)]
KCC: use logger.critical rather than print >> sys.stderr
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 May 2015 03:03:35 +0000 (15:03 +1200)]
KCC: draw a site-edges graph for each partition
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 May 2015 03:36:09 +0000 (15:36 +1200)]
KCC: use KccError, simplify logic in NTDSConn.commit_modified
silence a pep8 thing.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 May 2015 02:43:29 +0000 (14:43 +1200)]
KCC: remove unused create_edge_set() function
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 May 2015 01:58:15 +0000 (13:58 +1200)]
KCC: ignore the bridges_required option
At least until we have SiteLinkBridges to test against.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 May 2015 01:55:00 +0000 (13:55 +1200)]
KCC: fix the polarity of bridges_required option
If one of the *_BRIDGES_REQUIRED flags is set, bridges_required is
True.
We ignore this option anyway.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 May 2015 01:33:51 +0000 (13:33 +1200)]
KCC: remove a TODO with seemingly no basis in specification
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 5 Jun 2015 00:14:12 +0000 (12:14 +1200)]
KCC: clarify setup-vertices docstring, remove TODO
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 8 May 2015 04:38:42 +0000 (16:38 +1200)]
KCC: note about the meaning of None in schedule types
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 10 Jun 2015 04:01:52 +0000 (16:01 +1200)]
KCC: combine_repl_info() returns the combined replinfo
Previously it returned False if there was no intersections (i.e,
the new repl_info duration was 0). Now the same check can be performed
by checking the duration directly.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Conflicts:
python/samba/kcc/graph.py
Douglas Bagnall [Wed, 13 May 2015 03:09:03 +0000 (15:09 +1200)]
KCC: remove unnecessary comment
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 May 2015 03:08:47 +0000 (15:08 +1200)]
KCC: reword comment, removing unwarranted XXX
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 May 2015 03:08:06 +0000 (15:08 +1200)]
KCC: remove an unwarranted XXX comment
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 5 Jun 2015 00:35:39 +0000 (12:35 +1200)]
KCC: let kcc.graph.ReplInfo know its duration
This is going to lead to a few simplifications.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 8 May 2015 02:53:41 +0000 (14:53 +1200)]
KCC: docstring for kcc.graph.InternalEdge
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 8 May 2015 02:53:27 +0000 (14:53 +1200)]
KCC: docstring for kcc.graph.MultiEdge
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 8 May 2015 02:53:16 +0000 (14:53 +1200)]
KCC: docstring for kcc.graph.Vertex
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 8 May 2015 02:52:59 +0000 (14:52 +1200)]
KCC: docstring for kcc.graph.VertexColour()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 8 May 2015 02:52:41 +0000 (14:52 +1200)]
KCC: docstring for kcc.graph.setup_graph()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 8 May 2015 02:52:27 +0000 (14:52 +1200)]
KCC: docstring for kcc.graph.add_edge_out()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 8 May 2015 02:52:13 +0000 (14:52 +1200)]
KCC: docstring for kcc.graph.find_component()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 8 May 2015 00:26:00 +0000 (12:26 +1200)]
KCC: some rearrangement in kcc.graph.add_int_edge()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 8 May 2015 00:25:12 +0000 (12:25 +1200)]
KCC: docstring for kcc.graph.kruskal()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
projects / thirdparty / samba.git / log
