s4:kerberos: adapt the heimdal send_to_kdc hooks to the send_to_kdc/realm plugin interface
With the recent heimdal upgrade we better try to use the send_to_realm()
hooks as it allows us to handle the KDC lookup as well as only getting
each logical request just once in the testing code, which makes it
let dependend on the heimdal internal kdc lookup logic.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
tests/auth_log: adjust expected authDescription for test_smb_bad_user
With NO_SUCH_USER we don't know if any pre-authentication was requested,
so with the new Heimdal code we now used use "AS-REQ" instead of
assuming ENC-TS Pre-authentication.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andrew Bartlett [Wed, 23 Jun 2021 00:08:34 +0000 (12:08 +1200)]
s4:kdc: Adapt wamba_wdc_check_client_access() to modern Heimdal
Modern Heimdal falls back to kdc_check_flags() internally
when KRB5_PLUGIN_NO_HANDLE is returned, avoiding the need
to call back into the internal KDC APIs.
Selected from patch by by Stefan Metzmacher <metze@samba.org>
from his Heimdal upgrade branch.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
See
https://git.samba.org/?p=lorikeet-heimdal.git;a=shortlog;h=refs/heads/lorikeet-heimdal-202201172009
or
https://gitlab.com/samba-team/devel/lorikeet-heimdal/-/tree/lorikeet-heimdal-202201172009
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
The Coverity Scan tools are not updated very often and miss support for the
latest gcc build. Lets use Fedora 34 for that and stay behind a bit.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 19 10:49:18 UTC 2022 on sn-devel-184
Volker Lendecke [Sun, 16 Jan 2022 20:50:25 +0000 (21:50 +0100)]
smbd: Remove a duplicate protoype
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 18 21:17:43 UTC 2022 on sn-devel-184
s4:kdc: improve DEBUG messages in samba_wdc_reget_pac2()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Mon Jan 17 20:55:41 UTC 2022 on sn-devel-184
Joseph Sutton [Wed, 22 Dec 2021 03:08:43 +0000 (16:08 +1300)]
s4:torture: Remove netbios realm and lowercase realm tests
Tests for these are already present in
samba.tests.krb5.as_canonicalization_tests. These tests cause problems
with an upgraded Heimdal version, and we want to stop supporting
non-canonical realm names, so this commit removes them.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
David Disseldorp [Fri, 14 Jan 2022 09:38:40 +0000 (10:38 +0100)]
build: reduce printf() calls in generated build_options.c
build_options.c is inefficient in multiple ways:
1) it's generated via one python fp.write() call per line
2) the generated code calls output() for each and every build option
This commit addresses (2), modifying write_build_options_header() and
write_build_options_footer(). write_build_options_section() could also
be collapsed into a single output() call, but this may lead to oversize
string literals, so has been left as is.
I observe no change in smbd --build-options output.
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jan 17 13:17:53 UTC 2022 on sn-devel-184
David Disseldorp [Fri, 14 Jan 2022 09:38:40 +0000 (10:38 +0100)]
build: reduce fp.write calls for build_options.c generation
build_options.c is inefficient in multiple ways:
1) it's generated via one python fp.write() call per line
2) the generated code calls output() for each and every build option
This commit reduces fp.write() calls for (1). I observe no change in the
generated build_options.c .
Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
s3:smbd: handle --build-options without parsing smb.conf
The smb.conf is parsed in post mode of a popt callback. The smbd
--build-options parameter should be handled when first encountered
to avoid requiring smb.conf presence.
Martin Schwenke [Fri, 14 Jan 2022 02:39:34 +0000 (13:39 +1100)]
WHATSNEW: Document CTDB leader and cluster lock changes
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Jan 17 11:16:14 UTC 2022 on sn-devel-184
Martin Schwenke [Mon, 10 Jan 2022 02:41:31 +0000 (13:41 +1100)]
ctdb-doc: Remove documentation for recovery process
This is many years out of date and recent changes make it worse. It
is unlikely that anyone has the time to fix this in the near future,
so remove it because it is misleading.
Database recovery steps are well documented in comments in the
recovery helper. Cluster monitoring documentation can be re-added
when things stop changing.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 14 Jan 2022 12:09:38 +0000 (23:09 +1100)]
ctdb-tests: Improve test coverage for leader role yield and elections
Rename test, clean up node selection. Duplicate for for banning and
removing leader capability cases. Repeat all 3 tests without cluster
lock.
All of the standard election triggers are now tested, with and without
cluster lock. Due to test cluster configuration limitations, the
tests without cluster lock are skipped on a real cluster.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 18 Mar 2020 04:14:39 +0000 (15:14 +1100)]
ctdb-recoverd: Use race for cluster lock as election when lock is enabled
If the cluster is partitioned then nodes in one partition can not take
the lock anyway, so election is pointless. It just introduces
unnecessary corner cases.
Instead just race for the lock.
When a node notices a lack of leader and notifies other nodes of an
election via an unknown leader broadcast, the cluster lock election is
hooked into this broadcast.
The test needs to be updated because losing the cluster lock can now
result in a leadership change.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 17 Dec 2021 01:54:23 +0000 (12:54 +1100)]
ctdb-recoverd: Drop leader validation
The introduction of the leader broadcast timeout provides an
alternative to the current leader validation. Using the leader
broadcast may not be as fast but it is more correct.
When the leader node is stopped or banned, the only way of triggering
an election is currently to fetch the leader's node map to check
whether the it is still active. This is because the leader will no
longer push the node map to other nodes. However, having all nodes
fetch the node map from an inactive leader may be unreliable.
Most of the other cases are also handled more reliably by the leader
broadcast timeout.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 17 Dec 2021 03:42:47 +0000 (14:42 +1100)]
ctdb-recoverd: Handle leader broadcast timeout
If no leader broadcasts have been received from the leader for more
than 5s then trigger an election.
Apart from being sane behaviour, this avoids elected-before-connected
bugs at startup, where a node elects itself leader before it is
connected to other nodes.
When a node processes a leader broadcast timeout it sends an unknown
leader broadcast to all nodes. That causes cancellation of the leader
broadcast timeout across the cluster. This is particular important at
startup, since nodes may be started in a staggered fashion. Without
this cluster-wide cancellation, a node might notice the lack of
leader, win an election and complete a recovery before other nodes
notice the lack of leader. When the leader broadcast timeout finally
occurs on the other nodes then they'll put the cluster back into an
unnecessary recovery.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 18 Mar 2020 09:27:10 +0000 (20:27 +1100)]
ctdb-recoverd: Add an explicit flag for election in progress
An alternate election method will be added that doesn't use the
election timeout, so this provides a common way for recognising when
an election is in progress.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 13 Dec 2021 23:57:03 +0000 (10:57 +1100)]
ctdb-recoverd: Add and use function this_node_can_be_leader()
This makes the code self-documenting.
In ctdb_election_data() there is a slight behaviour change. An
inactive node will now try to lose an election. This case should not happen
because:
* An inactive node can't win an election round and then send a reply.
* Any inactive node should never start an election. There are
currently places where this happens and they will be fixed later.
There is an instance where this could be used in
validate_recovery_master() but this involves a more serious logic
change. Overhaul this function later.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
projects / thirdparty / samba.git / log
