[SCM] Samba Shared Repository - branch v4-0-test updated
Karolin Seeger
kseeger at samba.org
Tue Nov 13 03:31:04 MST 2012
The branch, v4-0-test has been updated
via e46a6cd s3:winbind: BUG 9386: Failover if netlogon pipe is not available.
via 6c0b864 Use work around for 'winbind use default domain' only if it is set
via 6f25fde build: add DMAPI configure option and checks
via 182ab92 build(waf): support AIX 6.1
via e122c7d Fix bug 9376 - ensure_canon_entry_valid generates duplicate SMB_ACL_GROUP, acl_valid fails.
from c06af93 VERSION: Bump version number up to 4.0.0rc6.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit e46a6cdde950c33a7cc84e0b7249774e5dbd06ae
Author: Andreas Schneider <asn at samba.org>
Date: Fri Nov 9 15:33:09 2012 +0100
s3:winbind: BUG 9386: Failover if netlogon pipe is not available.
Samba continues to query a broken DC while the DC did not finish to
rebuild Sysvol (after a Windows crash, for example). It causes end users
to received strange codes while trying to authenticate, even if there is
a secondary DC available.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Nov 12 18:57:18 CET 2012 on sn-devel-104
(cherry picked from commit 3b01dd5f59841b11e9906b8c23345946e0d0ea8c)
Autobuild-User(v4-0-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-0-test): Tue Nov 13 11:30:33 CET 2012 on sn-devel-104
commit 6c0b864654001046b8bbb585112e60a7e146cb2a
Author: Sumit Bose <sbose at redhat.com>
Date: Mon Oct 29 12:09:22 2012 +0100
Use work around for 'winbind use default domain' only if it is set
Currently in smb_getpwnam() the NetBIOS domain name and the winbind separator
character is always added to the user name returned by Get_Pwnam_alloc() if it
does not contain the winbind separator character. As comments in the code
indicates this is done as a work around if 'winbind use default domain' is set
to yes in the samba configuration.
This make sense if the option is set because otherwise the domain information is
lost from the user name. But it causes errors if other services than winbind are
used for user lookup, e.g. sssd. sssd can handle different kind of fully
qualified user names as input, e.g. user at domain.name or DOM\user, but returns a
canonical name, by default user at domain.name.
While it would be possible to get around this issue with a special configuration
either on the sssd or samba side I think the cleaner solution is to use the work
around only if 'winbind use default domain' is set to yes which is what this
patch does.
Fix bug #9367 - Use work around for 'winbind use default domain' only if it is
set.
commit 6f25fde34d3e0b9caed17153bf89badfa4479d19
Author: Christian Ambach <ambi at samba.org>
Date: Wed Nov 7 18:40:07 2012 +0100
build: add DMAPI configure option and checks
the waf build was missing the --with-dmapi option
and configure checks that are necessary to build the
source3 parts that need DMAPI (e.g. vfs_tsmsm)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9178
Signed-off-by: Christian Ambach <ambi at samba.org>
commit 182ab925210153285886bd2052cdee96d89d6cdd
Author: Christian Ambach <ambi at samba.org>
Date: Fri Nov 9 18:58:43 2012 -0600
build(waf): support AIX 6.1
on AIX6.1, we need to define _ALL_SOURCE as well, otherwise
system headers with BSD types like u_int cannot be used
commit e122c7d24b10119c9ea4d65e0099ff1690394457
Author: Arvid Requate <requate at univention.de>
Date: Sat Nov 10 09:21:30 2012 -0800
Fix bug 9376 - ensure_canon_entry_valid generates duplicate SMB_ACL_GROUP, acl_valid fails.
s3:smbd: typo in got_duplicate_group check.
Due to a typo in posix_acl.c:ensure_canon_entry_valid_on_set the function
returns invalid ACLs in some cases. Specifically it genereates a SMB_ACL_GROUP
for a SMB_ACL_GROUP_OBJ, where the required SMB_ACL_GROUP ace is already
present. This can result in a failure of acl_valid in vfs_acl_xattr.
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/wscript | 2 +-
source3/auth/auth_util.c | 3 +-
source3/smbd/posix_acls.c | 2 +-
source3/winbindd/winbindd_pam.c | 52 +++++++++++++++++++++++--------
source3/wscript | 64 +++++++++++++++++++++++++++++++++++++++
source3/wscript_build | 2 +-
6 files changed, 108 insertions(+), 17 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
index 441e727..17aef27 100755
--- a/buildtools/wafsamba/wscript
+++ b/buildtools/wafsamba/wscript
@@ -322,7 +322,7 @@ def configure(conf):
else:
conf.env.HAVE_LD_VERSION_SCRIPT = False
- if sys.platform == "aix5":
+ if sys.platform == "aix5" or sys.platform == "aix6":
conf.DEFINE('_ALL_SOURCE', 1, add_to_cflags=True)
# Might not be needed if ALL_SOURCE is defined
# conf.DEFINE('_XOPEN_SOURCE', 600, add_to_cflags=True)
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index a08d094..83c95a9 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -1331,7 +1331,8 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, const char *domuser,
/* make sure we get the case of the username correct */
/* work around 'winbind use default domain = yes' */
- if ( !strchr_m( pw->pw_name, *lp_winbind_separator() ) ) {
+ if ( lp_winbind_use_default_domain() &&
+ !strchr_m( pw->pw_name, *lp_winbind_separator() ) ) {
char *domain;
/* split the domain and username into 2 strings */
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 503727f..d437b28 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1536,7 +1536,7 @@ static bool ensure_canon_entry_valid(connection_struct *conn,
/* Already got one. */
got_duplicate_user = true;
} else if (pace->type == SMB_ACL_GROUP &&
- pace->unix_ug.id == pace_user->unix_ug.id) {
+ pace->unix_ug.id == pace_group->unix_ug.id) {
/* Already got one. */
got_duplicate_group = true;
} else if ((pace->type == SMB_ACL_GROUP)
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 5b6b77b..b23d421 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1175,6 +1175,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
struct netr_SamInfo3 **info3)
{
int attempts = 0;
+ int netr_attempts = 0;
bool retry = false;
NTSTATUS result;
@@ -1189,22 +1190,47 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
result = cm_connect_netlogon(domain, &netlogon_pipe);
if (!NT_STATUS_IS_OK(result)) {
- DEBUG(3,("could not open handle to NETLOGON pipe (error: %s)\n",
- nt_errstr(result)));
- if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
- if (attempts > 0) {
- DEBUG(3, ("This is the second problem for this "
- "particular call, forcing the close of "
- "this connection\n"));
- invalidate_cm_connection(&domain->conn);
- } else {
- DEBUG(3, ("First call to cm_connect_netlogon "
- "has timed out, retrying\n"));
- continue;
- }
+ DEBUG(3,("Could not open handle to NETLOGON pipe "
+ "(error: %s, attempts: %d)\n",
+ nt_errstr(result), netr_attempts));
+
+ /* After the first retry always close the connection */
+ if (netr_attempts > 0) {
+ DEBUG(3, ("This is again a problem for this "
+ "particular call, forcing the close "
+ "of this connection\n"));
+ invalidate_cm_connection(&domain->conn);
+ }
+
+ /* After the second retry failover to the next DC */
+ if (netr_attempts > 1) {
+ /*
+ * If the netlogon server is not reachable then
+ * it is possible that the DC is rebuilding
+ * sysvol and shutdown netlogon for that time.
+ * We should failover to the next dc.
+ */
+ DEBUG(3, ("This is the third problem for this "
+ "particular call, adding DC to the "
+ "negative cache list\n"));
+ add_failed_connection_entry(domain->name,
+ domain->dcname,
+ result);
+ saf_delete(domain->name);
+ }
+
+ /* Only allow 3 retries */
+ if (netr_attempts < 3) {
+ DEBUG(3, ("The connection to netlogon "
+ "failed, retrying\n"));
+ netr_attempts++;
+ retry = true;
+ continue;
}
return result;
}
+ netr_attempts = 0;
+
auth = netlogon_pipe->auth;
if (netlogon_pipe->dc) {
neg_flags = netlogon_pipe->dc->negotiate_flags;
diff --git a/source3/wscript b/source3/wscript
index e39519c..9c8ebf8 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -41,6 +41,7 @@ def set_options(opt):
opt.SAMBA3_ADD_OPTION('syslog')
opt.SAMBA3_ADD_OPTION('automount')
opt.SAMBA3_ADD_OPTION('aio-support')
+ opt.SAMBA3_ADD_OPTION('dmapi', default=False, help="build with DMAPI support")
opt.SAMBA3_ADD_OPTION('profiling-data', default=False)
opt.SAMBA3_ADD_OPTION('cluster-support', default=None)
@@ -162,6 +163,69 @@ main() {
}''', 'HAVE_KERNEL_SHARE_MODES', addmain=False, execute=True,
msg="Checking for krenel share modes")
+ # check for DMAPI libs
+ Logs.info("Checking for DMAPI library existence")
+ conf.env['dmapi_lib'] = ''
+ samba_dmapi_lib = ''
+ if conf.CHECK_FUNCS_IN('dm_get_eventlist', 'dm'):
+ samba_dmapi_lib = 'dm'
+ else:
+ if conf.CHECK_FUNCS_IN('dm_get_eventlist', 'jfsdm'):
+ samba_dmapi_lib = 'jfsdm'
+ else:
+ if conf.CHECK_FUNCS_IN('dm_get_eventlist', 'dmapi'):
+ samba_dmapi_lib = 'dmapi'
+ else:
+ if conf.CHECK_FUNCS_IN('dm_get_eventlist', 'xdsm'):
+ samba_dmapi_lib = 'xdsm'
+ # only bother to test headers and compilation when a candidate
+ # library has been found
+ if Options.options.with_dmapi == True and samba_dmapi_lib == '':
+ conf.fatal('DMAPI support requested, but no suitable DMAPI library found')
+ else:
+ conf.CHECK_HEADERS('sys/dmi.h xfs/dmapi.h sys/jfsdmapi.h sys/dmapi.h dmapi.h')
+ conf.CHECK_CODE('''
+#include <time.h> /* needed by Tru64 */
+#include <sys/types.h> /* needed by AIX */
+#ifdef HAVE_XFS_DMAPI_H
+#include <xfs/dmapi.h>
+#elif defined(HAVE_SYS_DMI_H)
+#include <sys/dmi.h>
+#elif defined(HAVE_SYS_JFSDMAPI_H)
+#include <sys/jfsdmapi.h>
+#elif defined(HAVE_SYS_DMAPI_H)
+#include <sys/dmapi.h>
+#elif defined(HAVE_DMAPI_H)
+#include <dmapi.h>
+#endif
+
+/* This link test is designed to fail on IRI 6.4, but should
+ * succeed on Linux, IRIX 6.5 and AIX.
+ */
+int main(int argc, char **argv)
+{
+ char * version;
+ dm_eventset_t events;
+ /* This doesn't take an argument on IRIX 6.4. */
+ dm_init_service(&version);
+ /* IRIX 6.4 expects events to be a pointer. */
+ DMEV_ISSET(DM_EVENT_READ, events);
+
+ return 0;
+}
+''',
+ 'USE_DMAPI',
+ addmain=False,
+ execute=False,
+ lib=samba_dmapi_lib,
+ msg='Checking whether DMAPI lib '+samba_dmapi_lib+' can be used')
+
+ if conf.CONFIG_SET('USE_DMAPI'):
+ conf.env['dmapi_lib'] = samba_dmapi_lib
+ else:
+ if Options.options.with_dmapi == True:
+ conf.fatal('DMAPI support requested but not found');
+
# Check for various members of the stat structure
conf.CHECK_STRUCTURE_MEMBER('struct stat', 'st_blocks', define='HAVE_STAT_ST_BLOCKS',
headers='sys/stat.h')
diff --git a/source3/wscript_build b/source3/wscript_build
index 0634b8d..351d22d 100755
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -980,7 +980,7 @@ bld.SAMBA3_LIBRARY('smbd_base',
ccan-hash
NDR_SMB_ACL
netapi
- ''',
+ ''' + bld.env['dmapi_lib'],
private_library=True,
vars=locals())
--
Samba Shared Repository
More information about the samba-cvs
mailing list