Martin Schwenke [Wed, 29 Jun 2016 07:05:17 +0000 (17:05 +1000)]
ctdb-scripts: Drop optional argument to nfs_check_services()
Added so that nfs_check_services() could be run against an arbirary
directory. However, with the function moved to the event script, this
isn't useful. CTDB_NFS_CHECKS_DIR can be used for testing instead.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
gensec: Change log level for message when obtaining PAC from gss_get_name_attribute failed
This is the second part for the issue from commit 8bb4fccd. A KDC that
does not return a PAC first triggers this message, then the "resorting
to local user lookup" one. Change the log level for the "obtaining PAC
via GSSAPI gss_get_name_attribute" message as well to avoid spamming the
logs during normal usage. While changing this message, also remove the
discard_const since it is no longer required.
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 6 04:27:03 CEST 2016 on sn-devel-144
Signed-off-by: Uri Simchoni <uri@samba.org> Signed-off-by: Richard Sharpe <rsharpe@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Wed Jul 6 00:40:15 CEST 2016 on sn-devel-144
ctdb-client: Fix implementation of transaction commit
There is no need to explicitly check that recovery is not active before
sending TRANS33_COMMIT control. Just try TRANS3_COMMIT control and if
recovery occurs before the control is completed, the control will fail
and it can be retried.
Make sure g_lock lock is released after the transaction is complete.
Also, add timeout to the client api.
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
ctdb-client: Fix implementation of transaction start
Since g_lock checks if the process exists in case of conflicting lock,
there is no need to register srvid.
Transaction start returns a transaction handle and transaction
commit/cancel will free that handle. Since we cannot call async code
in a talloc destructor, this avoids the use of talloc destructor for
cancelling the transaction.
If user frees the transaction handle instead of calling transaction
cancel, it will leave stale g_lock lock. This stale g_lock lock will
get cleaned up on next transaction attempt.
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Garming Sam [Mon, 9 May 2016 04:14:51 +0000 (16:14 +1200)]
kerberos: Return enc data on PREAUTH_FAILED
Without the enc data, Windows clients will perform two AS-REQ causing the password
lockout count to increase by two instead of one.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11539
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul 5 10:52:32 CEST 2016 on sn-devel-144
Bob Campbell [Mon, 27 Jun 2016 22:34:04 +0000 (10:34 +1200)]
password_hash: Make an error message clearer
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Jul 5 03:47:52 CEST 2016 on sn-devel-144
Bob Campbell [Mon, 27 Jun 2016 22:33:24 +0000 (10:33 +1200)]
check_password_script: Add a DEBUG message for timeouts
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Bob Campbell [Mon, 13 Jun 2016 03:42:46 +0000 (15:42 +1200)]
selftest: add check password script test
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Martin Schwenke [Wed, 29 Jun 2016 06:36:28 +0000 (16:36 +1000)]
ctdb-ipalloc: Fix buggy short-circuit when no IPs are available
At the moment IP is short-circuited when there are no available IP
addresses. However, if some IP addresses are already allocated then
"no available IP addresses" means that all the addresses should
(probably) be released. The current short-circuit means that no
already hosted IP addresses will be released.
The short-circuit exists to avoid lots of messages saying that all IP
addresses can not be assigned at startup time. So, add a check to
ipalloc_can_host_ips() so that it succeeds if IP addresses are already
allocated to nodes.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 23 May 2016 10:23:18 +0000 (20:23 +1000)]
ctdb-ipalloc: Move create_merged_ip_list() into ipalloc
How the existing IP layout is constructed and how the merged IP list is
sorted are important aspects of the IP allocation algorithm. Construct the
merged IP list when known and available IPs are assigned.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 20 Jun 2016 10:41:05 +0000 (20:41 +1000)]
ctdb-ipalloc: Drop remote IP verification
It is only run during a takeover run and only logs errors. It doesn't
actually do anything to fix potential errors. The takeover run should
fix any inconsistencies anyway.
Instead, leave a comment in the recovery daemon's monitoring loop to
add proper remote IP verification later.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 23 May 2016 04:41:43 +0000 (14:41 +1000)]
ctdb-ipalloc: Move if-statement with broken condition
This pointer is for an array that is always allocated. The check is
meant to skip a node that has no IP addresses. However, when there
are no IP addresses the loop below will not do anything anyway.
Add this as a check at the beginning of the function instead.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 21 Jun 2016 05:14:33 +0000 (15:14 +1000)]
ctdb-tests: read_ctdb_public_ip_info() reads all test input
If there is per-node data then each chunk is read in a separate call
and is cherry-picked out into known_public_ips[] for each node. This
is confusing.
Instead, a single call now reads all data for multiple nodes and
returns complete arrays of known and available IP addresses.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Sat, 21 May 2016 15:51:44 +0000 (01:51 +1000)]
ctdb-tests: Remove unused tests from IP takeover test harness
These tests aren't run anywhere. They were used to test internal
functions during development.
The aim is to simplify this test program so that it can be linked with
the ipalloc subsystem, allowing removal of ctdbd_test.c and all of its
complications.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Bob Campbell [Wed, 29 Jun 2016 21:51:23 +0000 (09:51 +1200)]
tdb: avoid many fcntl calls when incrementing seqnum
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Jul 3 18:11:30 CEST 2016 on sn-devel-144
Richard Sharpe [Fri, 1 Jul 2016 04:07:19 +0000 (21:07 -0700)]
testprogs/blackbox: Improve the net ads dns register tests.
More tests are added that add an unprivileged user, enable their
account, and then test that they can add IP addressed but that they
cannot modify other user's IP addresses.
Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Sun Jul 3 14:24:59 CEST 2016 on sn-devel-144
Uri Simchoni [Thu, 30 Jun 2016 08:55:20 +0000 (11:55 +0300)]
selftest: Add test for domain join + kerberos-only auth
Add "net ads join/leave -k" tests to the net_ads test suite.
Shift the test suite from ad_member env to ad_dc env, because:
1. Seems more appropriate (the member server plays no role in this
test)
2. The -k test breaks against the ntvfs file server for some reason,
when trying to open the netlogon named pipe after having established
the session with Kerberos (the create fails).
Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul 1 15:36:37 CEST 2016 on sn-devel-144
Aurelien Aptel [Wed, 9 Mar 2016 12:43:09 +0000 (13:43 +0100)]
s3/winbindd: use == -1 instead of < 0 for error checking uid_t
The sign of the uid_t type is left unspecified by POSIX. It's defined as
an unsigned 32b int on Linux, therefore the < 0 check is always
false.
For unsigned version of uid_t, "uid == -1" will implicitely cast -1 to
unsigned making it a valid test for both signed and unsigned version of
uid_t.
This commit makes the cast to (uid_t) explicit anyway.
Signed-off-by: Aurelien Aptel <aaptel@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jul 1 05:22:36 CEST 2016 on sn-devel-144
krb5pac.idl: introduce PAC_DOMAIN_GROUP_MEMBERSHIP to handle the resource groups
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 30 07:16:45 CEST 2016 on sn-devel-144
projects / thirdparty / samba.git / log
