[SCM] Samba Shared Repository - branch v4-8-stable updated
Karolin Seeger
kseeger at samba.org
Thu Mar 1 20:27:11 UTC 2018
The branch, v4-8-stable has been updated
via 562b385 VERSION: Disable GIT_SNAPSHOT for the 4.8.0rc4 release.
via 9d4ae41 WHATSNEW: Add changes since rc4.
via 0486f44 WHATSNEW: document changed wbinfo -m --verbose output
via c76d2e0 WHATSNEW: add 'Improved support for trusted domains (as AD DC)' section
via 608d1b81f WHATSNEW: reference 'smbclient reparse point symlink parameters reversed' to 'UPGRADING'
via 44685eb WHATSNEW: move descriptions of removed features to "REMOVED FEATURES"
via 4cfa1f5 s4:kdc: disable support for CROSS_ORGANIZATION domains
via 1d92e79 s4:kdc: only support LSA_TRUST_TYPE_UPLEVEL domains in samba_kdc_trust_message2entry()
via b524562 s4:kdc: make use of dsdb_trust_parse_tdo_info() in samba_kdc_trust_message2entry()
via 896a530 winbindd: disable support for CROSS_ORGANIZATION domains
via a775187 vfs_fruit: use off_t, not size_t for TM size calculations
via 95dd73c build: fix libceph-common detection
via 222a361 WHATSNEW: Explain implications of GUID index change
via b0120b5 ldb: version 1.3.2
via 7aee235 ldb_debug tests: Fix binary data in debug log
via da216fa ldb_debug: Fix binary data in debug log
via 93cfa46 ldb tests: fix null test on incorrect variable
via 105a5b0 repl_md: avoid returning LDB_SUCCESS on failure
via 633df98 repl_metadata: Avoid silent skipping an object during DRS (due to RODC rename collisions)
via 1765edc repl_metadata: Avoid silent skipping an object during DRS (due to RODC name collisions)
via c57f17b tests/replica_sync_rodc: Test conflict handling on an RODC
via 7e17897 selftest: Add RODC variables to list of those exported
via 8d81d9b tests/drs_base: Allow the net drs replicate to try with a single object
via 59725be tests/replica_sync: Add some additional replication in setUp
via 0b0664b winbind: don't try to do an authenticated SMB connection as AD DC
via 61af154 winbind: set_dc_type_and_flags() is not needed on a DC
via f767b7b winbind: make sure we don't contact trusted domains via LDAP as AD DC
via 24f8170 winbind: make sure we don't contact trusted domains via SAMR as AD DC
via ae962f8 winbind: let cm_connect_netlogon_transport() only work against direct trust as AD DC
via ceaf7ac winbind: force the usage of schannel in cm_connect_lsa() as AD DC
via cdcb8a9 s3:smb_macros.h: add IS_AD_DC as addition to IS_DC
via c6f69f7 dsdb/encrypted_secrets: remove dependency to libnettle and use our own aes_gcm_128_*()
via 9535550 winbind: Use one queue for all domain children
via 0465985 winbind: Maintain a binding handle per domain and always go via wb_domain_request_send()
via 0dc0c59 winbind: make choose_domain_child() static
via d4970bc winbind: add locator_child_handle() and use it instead of child->binding_handle
via f613d22 winbind: add idmap_child_handle() and use it instead of child->binding_handle
via 52de132 winbind: improve wb_domain_request_send() to use wb_dsgetdcname_send() for a foreign domain
via 8996baa winbind: use state->{ev,request} in wb_domain_request_send()
via 3b49053 winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection
via a993d0f winbind: cleanup winbindd_cli_state->pwent_state if winbindd_getpwent_recv() returns an error
via 0032296 winbind: cleanup winbindd_cli_state->grent_state if winbindd_getgrent_recv() returns an error
via f9103fc winbind: call lp_winbind_enum_{users,groups}() already in set{pw,gr}ent()
via 4c1e32d winbind: protect a pending wb_child_request against a talloc_free()
via be881cb winbind: use tevent_queue_wait_send/recv in wb_child_request_*()
via 456d7eb winbind: Improve child selection
via 5e43980 tevent: version 0.9.36
via 8a29a03 tevent: add tevent_queue_entry_untrigger()
via 5eaf80b tevent: improve documentation of tevent_queue_add_optimize_empty()
via 73121c4 s4:auth_sam: allow logons with an empty domain name
via e3bbe2c tests/bind.py: Add a bind test with NTLMSSP with no domain
via f0a233d tests/py_creds: Add a SamLogonEx test with an empty string domain
via cacf4bb s3:cliconnect.c: remove useless ';'
via 0b69a7a s3:libsmb: allow -U"\administrator" to work
via a72353a s4:rpc_server: fix call_id truncation in dcesrv_find_fragmented_call()
via 0fa4986 tests:dcerpc/raw_protocol: reproduce call_id truncation bug
via bb2dc6c s4:rpc_server/lsa: implement forwarding lsa_Lookup{Sids,Names}() requests to winbindd
via d130e1f winbindd: implement wb_irpc_lsa_{LookupNames4,LookupSids3}()
via bd083ae s4:rpc_server/lsa: rewrite lookup sids/names code to honor the given lookup level
via 5defe8c test_trust_ntlm.sh: add lookup name tests
via 80266e1 libcli/security: add dom_sid_lookup_predefined_{sid,name}()
via 6075763 s4:dsdb: add dsdb_trust_domain_by_{sid,name}()
via 4e6f20a s4:rpc_server/lsa: prepare dcesrv_lsa_LookupNames* for async processing
via 6a2ff19 s4:rpc_server/lsa: prepare dcesrv_lsa_LookupSids* for async processing
via 82a36e4 s4:rpc_server/lsa: base dcesrv_lsa_LookupNames2() on dcesrv_lsa_LookupNames_common()
via 7ab3d8c s4:rpc_server/lsa: base dcesrv_lsa_LookupNames() on dcesrv_lsa_LookupNames_common()
via b45afd3 s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupNames2()
via 7c8c5ed s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupSids2()
via 552b0f7 s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupSids_common()
via d210946 s4:rpc_server/lsa: simplify [ref] pointer handling in dcesrv_lsa_LookupNames()
via 4276801 s4:rpc_server/lsa: simplify [ref] pointer handling in dcesrv_lsa_LookupSids()
via 62879fe s4:rpc_server/lsa: remove unused 'status' variable in dcesrv_lsa_LookupSids_common()
via 0c331d5 s4:rpc_server/lsa: make sure dcesrv_lsa_LookupNames2() gets prepared [ref] pointers
via efe06ef s4:rpc_server/lsa: expect prepared [ref] pointers in dcesrv_lsa_LookupNames_common()
via a4a619d s4:rpc_server/lsa: make sure dcesrv_lsa_LookupSids_common() gets prepared [ref] pointers
via d68a14e s4:rpc_server/lsa: use LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES/LSA_CLIENT_REVISION_1 in compat code
via 5e399aa rpcclient: add lookupsids_level command
via 0d4e2c8 rpcclient: fix variable initialisation and add parenthesis to if clauses
via 92f0b55 provision: fix the 'dnsdomain' for the local sam of a domain member
via 46f9507 traffic_packets.py: let Lookup{Sids,Names}() work against a sane server
via 2ba8639 nsswitch: fix double free errors in nsstest.c
via 3bc00ec s4:torture: zero initialize variables in test_LookupSidsReply()
via 2d1b48a winbindd: make use of talloc_zero_array() in wb_lookupsids*()
via d90f8fe s3:cli_lsarpc: use talloc_zero_array() in dcerpc_lsa_lookup_names_generic()
via 00b55da s3:cli_lsarpc: use talloc_zero_array() in dcerpc_lsa_lookup_sids_generic()
via 41562d1 winbindd: initialize type = SID_NAME_UNKNOWN in wb_lookupsids_single_done()
via 3c426d6 winbindd: don't split the rid for SID_NAME_DOMAIN sids in wb_lookupsids
via d113629 vfs_fileid: Fix the 32-bit build
via e002514 mit-kdb: support MIT Kerberos 1.16 KDB API changes
via 6b9c094 vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async
via 4d47c72 vfs_glusterfs: Add fallocate support for vfs_glusterfs
via a46dc61 subnet: Avoid a segfault when renaming subnet objects
via f093cdd ctdb-tests: Set test timeout to an hour
via 6711e70 ctdb-tests: Fix a typo
via 74e2d61 ctdb-tests: Add a UNIT pseudo-test-suite
via 10ffffa ctdb-tests: Only use socket-wrapper for simple, local daemon tests
via e7af9b0 ctdb-tests: Add timeout for individual tests, default is 10 minutes
via 83b2971 ctdb-tests: Avoid race condition in sock_daemon test 5
via 11acdbe selftest: fix envvars for creation of default user in wait_for_start
via f20fcac VERSION: Bump version up to 4.8.0rc4...
from 4348e64 VERSION: Disable GIT_SNAPSHOT for the 4.8.0rc3 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 217 +-
auth/credentials/tests/bind.py | 26 +-
ctdb/tests/run_tests.sh | 52 +-
ctdb/tests/simple/14_ctdb_statistics.sh | 1 -
ctdb/tests/simple/scripts/local_daemons.bash | 6 +
ctdb/tests/src/sock_daemon_test.c | 26 +-
ctdb/wscript | 3 +-
lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.3.2.sigs} | 0
...yldb-util-1.1.10.sigs => pyldb-util-1.3.2.sigs} | 0
...-util-1.1.10.sigs => pyldb-util.py3-1.3.2.sigs} | 0
lib/ldb/ldb_tdb/ldb_index.c | 65 +-
lib/ldb/tests/ldb_mod_op_test.c | 302 ++-
lib/ldb/wscript | 2 +-
.../ABI/{tevent-0.9.34.sigs => tevent-0.9.36.sigs} | 1 +
lib/tevent/tevent.h | 25 +
lib/tevent/tevent_queue.c | 13 +
lib/tevent/wscript | 2 +-
libcli/security/dom_sid.h | 13 +
libcli/security/util_sid.c | 499 ++++
nsswitch/nsstest.c | 18 +-
python/samba/emulate/traffic_packets.py | 16 +-
python/samba/provision/__init__.py | 16 +
python/samba/subnets.py | 33 +
python/samba/tests/dcerpc/raw_protocol.py | 2 +-
python/samba/tests/py_credentials.py | 27 +
selftest/knownfail.d/s3-lsa-server | 1 +
selftest/selftest.pl | 6 +
selftest/target/Samba3.pm | 4 +
source3/include/smb_macros.h | 1 +
source3/libsmb/cliconnect.c | 9 +-
source3/modules/vfs_fileid.c | 4 +-
source3/modules/vfs_fruit.c | 13 +-
source3/modules/vfs_glusterfs.c | 30 +-
source3/rpc_client/cli_lsarpc.c | 17 +-
source3/rpcclient/cmd_lsarpc.c | 103 +-
source3/winbindd/idmap_ad.c | 11 +
source3/winbindd/wb_dsgetdcname.c | 8 +-
source3/winbindd/wb_lookupsids.c | 16 +-
source3/winbindd/wb_sids2xids.c | 6 +-
source3/winbindd/winbindd.h | 3 +
source3/winbindd/winbindd_ads.c | 23 +
source3/winbindd/winbindd_allocate_gid.c | 6 +-
source3/winbindd/winbindd_allocate_uid.c | 6 +-
source3/winbindd/winbindd_cm.c | 108 +-
source3/winbindd/winbindd_dsgetdcname.c | 6 +-
source3/winbindd/winbindd_dual.c | 285 ++-
source3/winbindd/winbindd_dual_ndr.c | 61 +-
source3/winbindd/winbindd_getgrent.c | 9 +-
source3/winbindd/winbindd_getpwent.c | 6 +-
source3/winbindd/winbindd_idmap.c | 5 +
source3/winbindd/winbindd_irpc.c | 408 +++
source3/winbindd/winbindd_locator.c | 5 +
source3/winbindd/winbindd_proto.h | 3 +-
source3/winbindd/winbindd_setgrent.c | 5 +
source3/winbindd/winbindd_setpwent.c | 5 +
source3/winbindd/winbindd_util.c | 30 +-
source3/wscript | 10 +-
source4/auth/ntlm/auth_sam.c | 16 +-
source4/dsdb/common/util_trusts.c | 222 ++
source4/dsdb/samdb/ldb_modules/encrypted_secrets.c | 278 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 12 +-
source4/dsdb/samdb/ldb_modules/samldb.c | 8 +-
.../ldb_modules/tests/test_encrypted_secrets.c | 54 +-
source4/dsdb/samdb/ldb_modules/wscript | 22 -
source4/dsdb/samdb/ldb_modules/wscript_build | 1 -
.../dsdb/samdb/ldb_modules/wscript_build_server | 1 -
source4/dsdb/tests/python/sites.py | 45 +
source4/kdc/db-glue.c | 48 +-
source4/kdc/mit-kdb/kdb_samba.h | 13 +-
source4/kdc/mit-kdb/kdb_samba_policies.c | 42 +-
source4/kdc/mit-kdb/kdb_samba_principals.c | 2 +-
source4/rpc_server/dcerpc_server.c | 2 +-
source4/rpc_server/lsa/lsa_lookup.c | 2651 ++++++++++++++------
source4/selftest/tests.py | 6 +
source4/torture/drs/python/drs_base.py | 5 +-
source4/torture/drs/python/replica_sync.py | 2 +
source4/torture/drs/python/replica_sync_rodc.py | 156 ++
source4/torture/rpc/lsa_lookup.c | 12 +-
testprogs/blackbox/test_trust_ntlm.sh | 77 +-
80 files changed, 4929 insertions(+), 1326 deletions(-)
copy lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.3.2.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.3.2.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.3.2.sigs} (100%)
copy lib/tevent/ABI/{tevent-0.9.34.sigs => tevent-0.9.36.sigs} (99%)
create mode 100644 selftest/knownfail.d/s3-lsa-server
create mode 100644 source4/torture/drs/python/replica_sync_rodc.py
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index de9fb9c..d3ed508 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=3
+SAMBA_VERSION_RC_RELEASE=4
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 6b111c4..5151564 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the third release candidate of Samba 4.8. This is *not*
+This is the fourth release candidate of Samba 4.8. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -12,10 +12,42 @@ Samba 4.8 will be the next version of the Samba suite.
UPGRADING
=========
+New GUID Index mode in sam.ldb for the AD DC
+--------------------------------------------
+
+Users who upgrade a Samba AD DC in-place will experience a short delay
+in the first startup of Samba while the sam.ldb is re-indexed.
+
+Unlike in previous releases a transparent downgrade is not possible.
+If you wish to downgrade such a DB to a Samba 4.7 or earlier version,
+please run the source4/scripting/bin/sambaundoguididx script first.
+
+smbclient reparse point symlink parameters reversed
+---------------------------------------------------
+
+See the more detailed description below.
+
+Changed trusted domains listing with wbinfo -m --verbose
+--------------------------------------------------------
+
+See the more detailed description below.
NEW FEATURES/CHANGES
====================
+New GUID Index mode in sam.ldb for the AD DC
+--------------------------------------------
+
+The new layout used for sam.ldb is GUID, rather than DN oriented.
+This provides Samba's Active Directory Domain Controller with a faster
+database, particularly at larger scale.
+
+The underlying DB is still TDB, simply the choice of key has changed.
+
+The new mode is not optional, so no configuration is required. Older
+Samba versions cannot read the new database (see the upgrade
+note above).
+
KDC GPO application
-------------------
@@ -111,37 +143,6 @@ dot or xdot, this shows the network as a graph with DCs as vertices
and connections edges. Certain types of degenerate edges are shown in
different colours or line-styles.
-NT4-style replication based net commands removed
-------------------------------------------------
-
-The following commands and sub-commands have been removed from the
-"net" utility:
-
-net rpc samdump
-net rpc vampire ldif
-
-Also, replicating from a real NT4 domain with "net rpc vampire" and
-"net rpc vampire keytab" has been removed.
-
-The NT4-based commands were accidentially broken in 2013, and nobody
-noticed the breakage. So instead of fixing them including tests (which
-would have meant writing a server for the protocols, which we don't
-have) we decided to remove them.
-
-For the same reason, the "samsync", "samdeltas" and "database_redo"
-commands have been removed from rpcclient.
-
-"net rpc vampire keytab" from Active Directory domains continues to be
-supported.
-
-vfs_aio_linux module removed
-----------------------------
-
-The current Linux kernel aio does not match what Samba would
-do. Shipping code that uses it leads people to false
-assumptions. Samba implements async I/O based on threads by default,
-there is no special module required to see benefits of read and write
-request being sent do the disk in parallel.
smbclient reparse point symlink parameters reversed
---------------------------------------------------
@@ -170,6 +171,74 @@ domains. Some pam_winbind setups may also require the global list.
If you have a setup that doesn't require the global list, you should set
"winbind scan trusted domains = no".
+Improved support for trusted domains (as AD DC)
+-----------------------------------------------
+
+The support for trusted domains/forests has improved a lot.
+
+External domain trusts, as well a transitive forest trusts,
+are supported in both directions (inbound and outbound)
+for Kerberos and NTLM authentication now.
+
+The LSA LookupNames and LookupSids implementations
+support resolving names and sids from trusts domains/forest
+now. This is important in order to allow Samba based
+domain members to make use of the trust.
+
+However there are currently still a few limitations:
+
+- It's not possible to add users/groups of a trusted domain
+ into domain groups. So group memberships are not expanded
+ on trust boundaries.
+ See https://bugzilla.samba.org/show_bug.cgi?id=13300
+- Both sides of the trust need to fully trust each other!
+- No SID filtering rules are applied at all!
+- This means DCs of domain A can grant domain admin rights
+ in domain B.
+- Selective (CROSS_ORIGANIZATION) authentication is
+ not supported. It's possible to create such a trust,
+ but the KDC and winbindd ignore them.
+
+Changed trusted domains listing with wbinfo -m --verbose
+--------------------------------------------------------
+
+The trust properties printed by wbinfo -m --verbose have been changed to
+correctly reflect the view of the system where wbinfo is executed.
+
+The trust type field in particular can show additional values that correctly
+reflect the type of the trust: "Local" for the local SAM and BUILTIN,
+"Workstation" for a workstation trust to the primary domain, "RWDC" for the SAM
+on a AD DC, "RODC" for the SAM on a read-only DC, "PDC" for the SAM on a
+NT4-style DC, "Forest" for a AD forest trust and "External" for quarantined,
+external or NT4-style trusts.
+
+Indirect trusts are shown as "Routed" including the routing domain.
+
+Example, on a AD DC (SDOM1):
+
+Domain Name DNS Domain Trust Type Transitive In Out
+BUILTIN Local
+SDOM1 sdom1.site RWDC
+WDOM3 wdom3.site Forest Yes No Yes
+WDOM2 wdom2.site Forest Yes Yes Yes
+SUBDOM31 subdom31.wdom3.site Routed (via WDOM3)
+SUBDOM21 subdom21.wdom2.site Routed (via WDOM2)
+
+Same setup, on a member of WDOM2:
+
+Domain Name DNS Domain Trust Type Transitive In Out
+BUILTIN Local
+TITAN Local
+WDOM2 wdom2.site Workstation Yes No Yes
+WDOM1 wdom1.site Routed (via WDOM2)
+WDOM3 wdom3.site Routed (via WDOM2)
+SUBDOM21 subdom21.wdom2.site Routed (via WDOM2)
+SDOM1 sdom1.site Routed (via WDOM2)
+SUBDOM11 subdom11.wdom1.site Routed (via WDOM2)
+
+The list of trusts may be incomplete and additional domains may appear as
+"Routed" if a user of an unknown domain is successfully authenticated.
+
VirusFilter VFS module
----------------------
@@ -180,6 +249,9 @@ software to provide scanning and filtering of files on a Samba share.
REMOVED FEATURES
================
+'net serverid' commands removed
+-------------------------------
+
The two commands 'net serverid list' and 'net serverid wipe' have been
removed, because the file serverid.tdb is not used anymore.
@@ -194,6 +266,38 @@ properly cleaned up after single node crashes. Nowadays smbd and
winbind take care of cleaning up the msg.lock and msg.sock directories
automatically.
+NT4-style replication based net commands removed
+------------------------------------------------
+
+The following commands and sub-commands have been removed from the
+"net" utility:
+
+net rpc samdump
+net rpc vampire ldif
+
+Also, replicating from a real NT4 domain with "net rpc vampire" and
+"net rpc vampire keytab" has been removed.
+
+The NT4-based commands were accidentally broken in 2013, and nobody
+noticed the breakage. So instead of fixing them including tests (which
+would have meant writing a server for the protocols, which we don't
+have) we decided to remove them.
+
+For the same reason, the "samsync", "samdeltas" and "database_redo"
+commands have been removed from rpcclient.
+
+"net rpc vampire keytab" from Active Directory domains continues to be
+supported.
+
+vfs_aio_linux module removed
+----------------------------
+
+The current Linux kernel aio does not match what Samba would
+do. Shipping code that uses it leads people to false
+assumptions. Samba implements async I/O based on threads by default,
+there is no special module required to see benefits of read and write
+request being sent do the disk in parallel.
+
smb.conf changes
================
@@ -221,6 +325,55 @@ smb.conf changes
winbind trusted domains only Removed
+CHANGES SINCE 4.8.0rc3
+======================
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 13287: Fix numerous trust related bugs in winbindd and s4 LSA RPC
+ server.
+ * BUG 13296: vfs_fruit: Use off_t, not size_t for TM size calculations.
+
+o Alexander Bokovoy <ab at samba.org>
+ * BUG 13304: mit-kdb: Support MIT Kerberos 1.16 KDB API changes.
+
+o Günther Deschner <gd at samba.org>
+ * BUG 13277: build: Fix libceph-common detection.
+
+o Poornima G <pgurusid at redhat.com>
+ * BUG 13297: vfs_glusterfs: Fix the wrong pointer being sent in
+ glfs_fsync_async.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 13305: vfs_fileid: Fix the 32-bit build.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 13206: Unable to authenticate with an empty string domain ''.
+ * BUG 13276: configure aborts without libnettle/gnutls.
+ * BUG 13278: winbindd (on an AD DC) should only use netlogon/lsa against
+ trusted domains.
+ * BUG 13287: Fix numerous trust related bugs in winbindd and s4 LSA RPC
+ server.
+ * BUG 13290: A disconnecting winbind client can cause a problem in
+ the winbind parent child communication.
+ * BUG 13291: tevent: version 0.9.36.
+ * BUG 13292: winbind requests could get stuck in the queue of a busy child,
+ while later requests could get served fine by other children.
+ * BUG 13293: Minimize the lifetime of winbindd_cli_state->{pw,gr}ent_state.
+ * BUG 13294: Avoid using fstrcpy(domain->dcname,...) on a char *.
+ * BUG 13295: winbind parent should find the dc of a foreign domain via the
+ primary domain.
+ * BUG 13299: Disable support for CROSS_ORGANIZATION domains.
+ * BUG 13306: ldb: version 1.3.2.
+
+o Sachin Prabhu <sprabhu at redhat.com>
+ * BUG 13303: vfs_glusterfs: Add fallocate support for vfs_glusterfs.
+
+o Garming Sam <garming at catalyst.net.nz>
+ * BUG 13031: subnet: Avoid a segfault when renaming subnet objects.
+ * BUG 13269: RODC may skip objects during replication due to naming
+ conflicts.
+
+
CHANGES SINCE 4.8.0rc2
======================
diff --git a/auth/credentials/tests/bind.py b/auth/credentials/tests/bind.py
index 91e493d..4aa4498 100755
--- a/auth/credentials/tests/bind.py
+++ b/auth/credentials/tests/bind.py
@@ -43,6 +43,7 @@ creds_machine = copy.deepcopy(creds)
creds_user1 = copy.deepcopy(creds)
creds_user2 = copy.deepcopy(creds)
creds_user3 = copy.deepcopy(creds)
+creds_user4 = copy.deepcopy(creds)
class BindTests(samba.tests.TestCase):
@@ -64,7 +65,7 @@ class BindTests(samba.tests.TestCase):
self.config_dn = self.info_dc["configurationNamingContext"][0]
self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn
self.password = "P at ssw0rd"
- self.username = "BindTestUser_" + time.strftime("%s", time.gmtime())
+ self.username = "BindTestUser"
def tearDown(self):
super(BindTests, self).tearDown()
@@ -113,6 +114,7 @@ unicodePwd:: """ + base64.b64encode("\"P at ssw0rd\"".encode('utf-16-le')) + """
expression="(samAccountName=%s)" % self.username)
self.assertEquals(len(ldb_res), 1)
user_dn = ldb_res[0]["dn"]
+ self.addCleanup(delete_force, self.ldb, user_dn)
# do a simple bind and search with the user account in format user at realm
creds_user1.set_bind_dn(self.username + "@" + creds.get_realm())
@@ -138,5 +140,27 @@ unicodePwd:: """ + base64.b64encode("\"P at ssw0rd\"".encode('utf-16-le')) + """
lp=lp, ldap_only=True)
res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
+ def test_user_account_bind_no_domain(self):
+ # create user
+ self.ldb.newuser(username=self.username, password=self.password)
+ ldb_res = self.ldb.search(base=self.domain_dn,
+ scope=SCOPE_SUBTREE,
+ expression="(samAccountName=%s)" % self.username)
+ self.assertEquals(len(ldb_res), 1)
+ user_dn = ldb_res[0]["dn"]
+ self.addCleanup(delete_force, self.ldb, user_dn)
+
+ creds_user4.set_username(self.username)
+ creds_user4.set_password(self.password)
+ creds_user4.set_domain('')
+ creds_user4.set_workstation('')
+ print "BindTest (no domain) with: " + self.username
+ try:
+ ldb_user4 = samba.tests.connect_samdb(host, credentials=creds_user4,
+ lp=lp, ldap_only=True)
+ except:
+ self.fail("Failed to connect without the domain set")
+
+ res = ldb_user4.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
TestProgram(module=__name__, opts=subunitopts)
diff --git a/ctdb/tests/run_tests.sh b/ctdb/tests/run_tests.sh
index ffc81d4..a7ca44e 100755
--- a/ctdb/tests/run_tests.sh
+++ b/ctdb/tests/run_tests.sh
@@ -14,7 +14,7 @@ Options:
-H No headers - for running single test with other wrapper
-N Don't print summary of tests results after running all tests
-q Quiet - don't show tests being run (hint: use with -s)
- -S Enable socket wrapper
+ -S <lib> Use socket wrapper library <lib> for local integration tests
-v Verbose - print test output for non-failures (only some tests)
-V <dir> Use <dir> as TEST_VAR_DIR
-x Trace this script with the -x option
@@ -36,7 +36,6 @@ with_desc=false
quiet=false
exit_on_fail=false
no_header=false
-socket_wrapper=false
export TEST_VERBOSE=false
export TEST_COMMAND_TRACE=false
@@ -46,8 +45,10 @@ export TEST_LOCAL_DAEMONS
[ -n "$TEST_LOCAL_DAEMONS" ] || TEST_LOCAL_DAEMONS=3
export TEST_VAR_DIR=""
export TEST_CLEANUP=false
+export TEST_TIMEOUT=3600
+export TEST_SOCKET_WRAPPER_SO_PATH=""
-temp=$(getopt -n "$prog" -o "AcCdDehHNqSvV:xX" -l help -- "$@")
+temp=$(getopt -n "$prog" -o "AcCdDehHNqS:T:vV:xX" -l help -- "$@")
[ $? != 0 ] && usage
@@ -64,7 +65,8 @@ while true ; do
-H) no_header=true ; shift ;;
-N) with_summary=false ; shift ;;
-q) quiet=true ; shift ;;
- -S) socket_wrapper=true ; shift ;;
+ -S) TEST_SOCKET_WRAPPER_SO_PATH="$2" ; shift 2 ;;
+ -T) TEST_TIMEOUT="$2" ; shift 2 ;;
-v) TEST_VERBOSE=true ; shift ;;
-V) TEST_VAR_DIR="$2" ; shift 2 ;;
-x) set -x; shift ;;
@@ -114,6 +116,9 @@ ctdb_test_end ()
interp="PASSED"
statstr=""
echo "ALL OK: $*"
+ elif [ $status -eq 124 ] ; then
+ interp="TIMEOUT"
+ statstr=" (status $status)"
else
interp="FAILED"
statstr=" (status $status)"
@@ -137,7 +142,7 @@ ctdb_test_run ()
$no_header || ctdb_test_begin "$name"
local status=0
- "$@" || status=$?
+ timeout $TEST_TIMEOUT "$@" || status=$?
$no_header || ctdb_test_end "$name" "$status" "$*"
@@ -247,20 +252,25 @@ mkdir -p "$TEST_VAR_DIR"
TEST_VAR_DIR=$(cd "$TEST_VAR_DIR"; echo "$PWD")
echo "TEST_VAR_DIR=$TEST_VAR_DIR"
-if $socket_wrapper ; then
- export SOCKET_WRAPPER_DIR="${TEST_VAR_DIR}/sw"
- mkdir -p "$SOCKET_WRAPPER_DIR"
-fi
-
export TEST_SCRIPTS_DIR="${CTDB_TEST_DIR}/scripts"
+unit_tests="
+ cunit
+ eventd
+ eventscripts
+ onnode
+ shellcheck
+ takeover
+ takeover_helper
+ tool
+"
+
# If no tests specified then run some defaults
if [ -z "$1" ] ; then
- if [ -n "$TEST_LOCAL_DAEMONS" ] ; then
- set -- onnode takeover takeover_helper tool eventscripts \
- cunit eventd shellcheck simple
- else
- set -- simple complex
+ if [ -n "$TEST_LOCAL_DAEMONS" ] ; then
+ set -- UNIT simple
+ else
+ set -- simple complex
fi
fi
@@ -287,7 +297,19 @@ cleanup_handler ()
trap cleanup_handler SIGINT SIGTERM
+declare -a tests
+i=0
for f ; do
+ if [ "$f" = "UNIT" ] ; then
+ for t in $unit_tests ; do
+ tests[i++]="$t"
+ done
+ else
+ tests[i++]="$f"
+ fi
+done
+
+for f in "${tests[@]}" ; do
find_and_run_one_test "$f"
if [ $status -eq 127 ] ; then
diff --git a/ctdb/tests/simple/14_ctdb_statistics.sh b/ctdb/tests/simple/14_ctdb_statistics.sh
index 3dd55e0..5ff22d7 100755
--- a/ctdb/tests/simple/14_ctdb_statistics.sh
+++ b/ctdb/tests/simple/14_ctdb_statistics.sh
@@ -1,4 +1,3 @@
-
#!/bin/bash
test_info()
diff --git a/ctdb/tests/simple/scripts/local_daemons.bash b/ctdb/tests/simple/scripts/local_daemons.bash
index a0c8077..512d11f 100644
--- a/ctdb/tests/simple/scripts/local_daemons.bash
+++ b/ctdb/tests/simple/scripts/local_daemons.bash
@@ -17,6 +17,12 @@ fi
export CTDB_NODES="${TEST_VAR_DIR}/nodes.txt"
+if [ -n "$TEST_SOCKET_WRAPPER_SO_PATH" ] ; then
+ export LD_PRELOAD="$TEST_SOCKET_WRAPPER_SO_PATH"
+ export SOCKET_WRAPPER_DIR="${TEST_VAR_DIR}/sw"
+ mkdir -p "$SOCKET_WRAPPER_DIR"
+fi
+
#######################################
config_from_environment ()
diff --git a/ctdb/tests/src/sock_daemon_test.c b/ctdb/tests/src/sock_daemon_test.c
index 5641d37..ebc0b85 100644
--- a/ctdb/tests/src/sock_daemon_test.c
+++ b/ctdb/tests/src/sock_daemon_test.c
@@ -668,7 +668,8 @@ static void test4(TALLOC_CTX *mem_ctx, const char *pidfile,
* Start daemon, multiple client connects, requests, disconnects
*/
-#define TEST5_MAX_CLIENTS 10
+#define TEST5_VALID_CLIENTS 10
+#define TEST5_MAX_CLIENTS 100
--
Samba Shared Repository
More information about the samba-cvs
mailing list