Oliver Liebel [Sun, 9 Aug 2009 23:45:01 +0000 (09:45 +1000)]
s4:provision Rework and further automate setup of OpenLDAP backend
heres the summary of all changes/extensions:
- Andrew Bartlett's patch to generate indext
- Howard Chu's idea to use nosync on the DB included, but made optional
- slaptest-path is not needed any more (slapd -Ttest is used instead)
and is therefore removed. slapd-path is now recommended when
openldap-backend is chosen.
its also used for olc-conversion
- slapd-detection is now always done by ldapsearch (ldb module),
looking anonymous for objectClass: OpenLDAProotDSE via our ldapi_uri.
- if ldapsearch was not successfull, (no slapd listening on our socket)
slapd is
started via special generated slapdcommand_prov (ldapi_uri only)
- slapd-"provision-process" startup is done via pythons subprocess.
- the slapd-provision-pid is stored under paths.ldapdir/slapd_provision_pid.
- after provision-backend is finished:
--- slapd.pid is compared with our stored slapd_provision_pid.
if the are unique, slapd.pid will be read out, and the
slapd "provison"-process will be shut down.
--- proper slapd-shutdown is verified again with ldb-search -> ldapi_uri
-> rootDSE.
--- if the pids are different or one of the pid-files is missing, slapd
will not be shut down,
instead an error message is displayed to locate slapd manually
--- extended help-messages (relevant to slapd) are always displayed,
e.g. the commandline with which slapd has to be started when everythings
finished
(slapd-commandline is stored under paths.ldapdir/slapd_command_file.txt))
- upgraded the content of the mini-howto (howto-ol-backend-s4.txt)
Andrew Bartlett [Tue, 11 Aug 2009 08:20:39 +0000 (18:20 +1000)]
s4:torture Add test for the NTP signd server
This is used by at patch to the NTP project to supply authenticated
time as required by MS-SNTP. (ie, to keep windows clients in time sync
in the domain)
Pass absolute file paths to Inkscape when transforming .svg files
Some recent versions of Inkscape (0.47 or around) have bug when export file name
is treated as relative against the directory of original .svg if it wasn't specified
as an absolute path. Fix it by always using absolute paths during conversion.
Jeremy Allison [Fri, 7 Aug 2009 19:38:31 +0000 (12:38 -0700)]
Move the checks for null timestamps down below the VFS_NTIMES
layer (as it's done in onefs). This simplifies greatly the
code in smb_set_file_time() w.r.t. changenotify messages.
Jeremy.
Jeremy Allison [Fri, 7 Aug 2009 17:19:20 +0000 (10:19 -0700)]
Correctly send out notify messages for timestamp changes.
"change time" has no notify message, so don't send anything
out when we change it. Use FILE_NOTIFY_CHANGE_CREATION correctly
when changing the create time.
Jeremy.
Andrew Tridgell [Fri, 7 Aug 2009 07:23:52 +0000 (17:23 +1000)]
fixed another ambiguous talloc call
During the creation of the 3 RPC pipes in winbind we try to steal the
RPC binding structure to be a child of the pipe once the pipe is
established. This fails with a talloc warning as the rpc connection
code already holds a reference to the binding.
Andrew Tridgell [Fri, 7 Aug 2009 07:21:54 +0000 (17:21 +1000)]
ensure that child tasks die when the parent dies
Previously we relied on process groups and SIGTERM to ensure that
child tasks died in the standard process model when the parent task
died. This doesn't work when the server is run in interactive mode, as
in that case we don't call become_daemon() and don't get a separate
process group.
The fix is to have a pipe held open by the parent server process, and
inherited by child tasks. If the parent exits then the write side of
the pipe is implicitly closed, which causes an event in the child
tasks that causes them to exit
Andrew Tridgell [Fri, 7 Aug 2009 07:19:39 +0000 (17:19 +1000)]
prime the sam ldb schema in the parent samba process
While testing the use of the standard process model with 'make test' I
found that testing was much slower (by several times) with the
standard model than with the single model. The primary problem was
that each SMB connection would open a new sam ldb context, and all of
those would reload the full AD schema.
The fix is to pre-open the SAM during server startup, before any child
processes are forked. This sets up the global schema context which is
inherited by all connections.
The standard model is still slower at make test than the single model,
but not by nearly as much. I am working on further reducing the gap.
Andrew Tridgell [Fri, 7 Aug 2009 07:16:26 +0000 (17:16 +1000)]
use talloc with the global schema consistently
Before this change, the first opener of the sam ldb context would
become the owner of the global schema, then the autofree context got a
reference to the schema. Any subsequent opens of the sam ldb also got
a reference. This meant that the talloc hierarchy was inconsistent
between the first sam ldb open and subsequent opens. With this change
the autofree context becomes the owner of the global schema, and all
ldb contexts get a reference.
Andrew Tridgell [Fri, 7 Aug 2009 07:14:13 +0000 (17:14 +1000)]
fixed several places that unnecessarily take a reference to the event context
These references were triggering the ambiguous talloc_free errors from
the recent talloc changes when the server is run using the 'standard'
process model instead of the 'single' process model. I am aiming to
move the build farm to use the 'standard' process model soon, as part
of an effort to make our test environment better match the real
deployment of Samba4.
The references are not needed as the way that the event context is
used is as the 'top parent', so when the event context is freed then
all of the structures that were taking a reference to the event
context were actually freed as well, thus making the references
redundent.
Tim Prouty [Thu, 6 Aug 2009 22:53:33 +0000 (15:53 -0700)]
s3: Fix a bug in renames of directories
Recently code was added to match windows semantics of denying the
rename of a directory if there are open files underneath it. This
does partly match windows semantics, but it turns out the rename
should be allowed if the open file handle is for the directory being
renamed, or for a stream on the directory being renamed. This patch
refines the check to better follow these rename semantics.
Tim Prouty [Thu, 6 Aug 2009 18:23:23 +0000 (11:23 -0700)]
s4 torture: Extend the RAW-RENAME test to more fully test directory renames.
The existing test was only covering files opened underneath the
directory that was being renamed. It is not uncommon for windows
clients to actually hold a read-only handle to a directory open across
the rename, which it turns out doesn't return NT_STATUS_ACCESS_DENIED.
Additionally, holding a handle open to a stream on the directory is
also allowed.
Rusty Russell [Thu, 6 Aug 2009 03:13:42 +0000 (13:13 +1000)]
There is one signedness issue in tdb which prevents traverses of TDB records
over the 2G offset on systems which support 64 bit file offsets. This fixes
that case.
On systems with 32 bit offsets, expansion and fcntl locking on these records
will fail anyway. SAMBA already does '#define _FILE_OFFSET_BITS 64' in
config.h (on my 32-bit x86 Linux system at least) to get 64 bit file offsets.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Andrew Tridgell [Wed, 5 Aug 2009 10:23:12 +0000 (20:23 +1000)]
changed BCC handling for SMBwriteX to handle broken MacOSX client
see bug #6610
The MacOSX SMB client sets the BCC value in SMBwriteX calls to zero
instead of the correct size. Checking against WindowsXP, I've found
that Windows uses the maximum of the computed buffer size and the
given BCC value. I've changed Samba4 to do the same to allow MacOSX to
work.
I've limited this change to non-chained packets to ensure we don't get
the possibility of exploits based on overlapping chained requests
projects / thirdparty / samba.git / log
