[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Thu Mar 7 04:59:01 UTC 2019
The branch, master has been updated
via 8b18da27cf2 s4-server: Open and close a transaction on sam.ldb at startup
via 6f2558cab81 dsdb: Provide better error strings in rootdse GUID attribute handling
via 30f93bc7ac7 kcc: Give a better error message when samdb_ntds_objectGUID fails
via 0c52a6bee78 dsdb: Unify samdb_{get,set}_ntds_{objectGUID,invocation_id}
from ff58f45807d WHATSNEW: Add the removal of the web server
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8b18da27cf261b0283fe66d2b827cab542488ac7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Mar 5 01:38:41 2019 +0000
s4-server: Open and close a transaction on sam.ldb at startup
This fixes upgrading from 4.7 and earlier releases, and makes the DB
reindexing more transparent. It should also make it easier to handle
future normalisation rule changes, e.g. if we change the pack-format
of integer indexes in a future release.
Without this change, the should have still handled reindexing the
database. We don't know why exactly this wasn't happening correctly,
but opening a transaction early in the samba process startup should
now guarantee that the DB is correctly reindexed by the time the main
samba code runs.
An alternative fix would have been to open a transaction in the the
DSDB module stack every time we connect to the database. However, this
would add an extra write lock every time we open the DB, whereas
starting samba happens much more infrequently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13760
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 7 04:58:42 UTC 2019 on sn-devel-144
commit 6f2558cab8113fd22800e41d46ede1465884f80b
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Mar 4 15:15:43 2019 +1300
dsdb: Provide better error strings in rootdse GUID attribute handling
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 30f93bc7ac783efa205652ff83c7c1ab663ca73a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Mar 4 15:15:08 2019 +1300
kcc: Give a better error message when samdb_ntds_objectGUID fails
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 0c52a6bee781d7b9ff6cfa6ee3d3c5531f91c156
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Mar 4 15:13:55 2019 +1300
dsdb: Unify samdb_{get,set}_ntds_{objectGUID,invocation_id}
The new unified versions have better debugging and ensure
that both functions continue to have the same control flow.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source4/dsdb/common/util.c | 177 ++++++++++++-------------------
source4/dsdb/kcc/kcc_service.c | 1 +
source4/dsdb/samdb/ldb_modules/rootdse.c | 16 ++-
source4/smbd/server.c | 42 ++++++++
4 files changed, 125 insertions(+), 111 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index d466e6ff0a9..7cc9729bc3f 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1421,21 +1421,24 @@ failed:
}
/*
- work out the ntds settings invocationId for the current open ldb
+ work out the ntds settings invocationID/objectGUID for the current open ldb
*/
-const struct GUID *samdb_ntds_invocation_id(struct ldb_context *ldb)
+static const struct GUID *samdb_ntds_GUID(struct ldb_context *ldb,
+ const char *attribute,
+ const char *cache_name)
{
TALLOC_CTX *tmp_ctx;
- const char *attrs[] = { "invocationId", NULL };
+ const char *attrs[] = { attribute, NULL };
int ret;
struct ldb_result *res;
- struct GUID *invocation_id;
+ struct GUID *ntds_guid;
+ struct ldb_dn *ntds_settings_dn = NULL;
+ const char *errstr = NULL;
/* see if we have a cached copy */
- invocation_id = (struct GUID *)ldb_get_opaque(ldb, "cache.invocation_id");
- if (invocation_id) {
- SMB_ASSERT(!GUID_all_zero(invocation_id));
- return invocation_id;
+ ntds_guid = (struct GUID *)ldb_get_opaque(ldb, cache_name);
+ if (ntds_guid != NULL) {
+ return ntds_guid;
}
tmp_ctx = talloc_new(ldb);
@@ -1443,148 +1446,85 @@ const struct GUID *samdb_ntds_invocation_id(struct ldb_context *ldb)
goto failed;
}
- ret = ldb_search(ldb, tmp_ctx, &res, samdb_ntds_settings_dn(ldb, tmp_ctx), LDB_SCOPE_BASE, attrs, NULL);
+ ntds_settings_dn = samdb_ntds_settings_dn(ldb, tmp_ctx);
+ if (ntds_settings_dn == NULL) {
+ errstr = "samdb_ntds_settings_dn() returned NULL";
+ goto failed;
+ }
+
+ ret = ldb_search(ldb, tmp_ctx, &res, ntds_settings_dn,
+ LDB_SCOPE_BASE, attrs, NULL);
if (ret) {
+ errstr = ldb_errstring(ldb);
goto failed;
}
if (res->count != 1) {
+ errstr = "incorrect number of results from base search";
goto failed;
}
- invocation_id = talloc(tmp_ctx, struct GUID);
- if (!invocation_id) {
+ ntds_guid = talloc(tmp_ctx, struct GUID);
+ if (ntds_guid == NULL) {
goto failed;
}
- *invocation_id = samdb_result_guid(res->msgs[0], "invocationId");
- if (GUID_all_zero(invocation_id)) {
- if (ldb_msg_find_ldb_val(res->msgs[0], "invocationId")) {
- DEBUG(0, ("Failed to find our own NTDS Settings invocationId in the ldb!\n"));
+ *ntds_guid = samdb_result_guid(res->msgs[0], attribute);
+
+ if (GUID_all_zero(ntds_guid)) {
+ if (ldb_msg_find_ldb_val(res->msgs[0], attribute)) {
+ errstr = "failed to find the GUID attribute";
} else {
- DEBUG(0, ("Failed to find parse own NTDS Settings invocationId from the ldb!\n"));
+ errstr = "failed to parse the GUID";
}
goto failed;
}
/* cache the domain_sid in the ldb */
- if (ldb_set_opaque(ldb, "cache.invocation_id", invocation_id) != LDB_SUCCESS) {
+ if (ldb_set_opaque(ldb, cache_name, ntds_guid) != LDB_SUCCESS) {
+ errstr = "ldb_set_opaque() failed";
goto failed;
}
- talloc_steal(ldb, invocation_id);
+ talloc_steal(ldb, ntds_guid);
talloc_free(tmp_ctx);
- return invocation_id;
+ return ntds_guid;
failed:
- DEBUG(1,("Failed to find our own NTDS Settings invocationId in the ldb!\n"));
+ DBG_WARNING("Failed to find our own NTDS Settings %s in the ldb: %s!\n",
+ attribute, errstr);
talloc_free(tmp_ctx);
return NULL;
}
-bool samdb_set_ntds_invocation_id(struct ldb_context *ldb, const struct GUID *invocation_id_in)
-{
- TALLOC_CTX *tmp_ctx;
- struct GUID *invocation_id_new;
- struct GUID *invocation_id_old;
-
- /* see if we have a cached copy */
- invocation_id_old = (struct GUID *)ldb_get_opaque(ldb,
- "cache.invocation_id");
-
- tmp_ctx = talloc_new(ldb);
- if (tmp_ctx == NULL) {
- goto failed;
- }
-
- invocation_id_new = talloc(tmp_ctx, struct GUID);
- if (!invocation_id_new) {
- goto failed;
- }
-
- SMB_ASSERT(!GUID_all_zero(invocation_id_in));
- *invocation_id_new = *invocation_id_in;
-
- /* cache the domain_sid in the ldb */
- if (ldb_set_opaque(ldb, "cache.invocation_id", invocation_id_new) != LDB_SUCCESS) {
- goto failed;
- }
-
- talloc_steal(ldb, invocation_id_new);
- talloc_free(tmp_ctx);
- talloc_free(invocation_id_old);
-
- return true;
-
-failed:
- DEBUG(1,("Failed to set our own cached invocationId in the ldb!\n"));
- talloc_free(tmp_ctx);
- return false;
-}
-
/*
work out the ntds settings objectGUID for the current open ldb
*/
const struct GUID *samdb_ntds_objectGUID(struct ldb_context *ldb)
{
- TALLOC_CTX *tmp_ctx;
- const char *attrs[] = { "objectGUID", NULL };
- int ret;
- struct ldb_result *res;
- struct GUID *ntds_guid;
-
- /* see if we have a cached copy */
- ntds_guid = (struct GUID *)ldb_get_opaque(ldb, "cache.ntds_guid");
- if (ntds_guid) {
- return ntds_guid;
- }
-
- tmp_ctx = talloc_new(ldb);
- if (tmp_ctx == NULL) {
- goto failed;
- }
-
- ret = ldb_search(ldb, tmp_ctx, &res, samdb_ntds_settings_dn(ldb, tmp_ctx), LDB_SCOPE_BASE, attrs, NULL);
- if (ret) {
- goto failed;
- }
-
- if (res->count != 1) {
- goto failed;
- }
-
- ntds_guid = talloc(tmp_ctx, struct GUID);
- if (!ntds_guid) {
- goto failed;
- }
-
- *ntds_guid = samdb_result_guid(res->msgs[0], "objectGUID");
-
- /* cache the domain_sid in the ldb */
- if (ldb_set_opaque(ldb, "cache.ntds_guid", ntds_guid) != LDB_SUCCESS) {
- goto failed;
- }
-
- talloc_steal(ldb, ntds_guid);
- talloc_free(tmp_ctx);
-
- return ntds_guid;
+ return samdb_ntds_GUID(ldb, "objectGUID", "cache.ntds_guid");
+}
-failed:
- DEBUG(1,("Failed to find our own NTDS Settings objectGUID in the ldb!\n"));
- talloc_free(tmp_ctx);
- return NULL;
+/*
+ work out the ntds settings invocationId for the current open ldb
+*/
+const struct GUID *samdb_ntds_invocation_id(struct ldb_context *ldb)
+{
+ return samdb_ntds_GUID(ldb, "invocationId", "cache.invocation_id");
}
-bool samdb_set_ntds_objectGUID(struct ldb_context *ldb, const struct GUID *ntds_guid_in)
+static bool samdb_set_ntds_GUID(struct ldb_context *ldb,
+ const struct GUID *ntds_guid_in,
+ const char *attribute,
+ const char *cache_name)
{
TALLOC_CTX *tmp_ctx;
struct GUID *ntds_guid_new;
struct GUID *ntds_guid_old;
/* see if we have a cached copy */
- ntds_guid_old = (struct GUID *)ldb_get_opaque(ldb, "cache.ntds_guid");
+ ntds_guid_old = (struct GUID *)ldb_get_opaque(ldb, cache_name);
tmp_ctx = talloc_new(ldb);
if (tmp_ctx == NULL) {
@@ -1599,7 +1539,7 @@ bool samdb_set_ntds_objectGUID(struct ldb_context *ldb, const struct GUID *ntds_
*ntds_guid_new = *ntds_guid_in;
/* cache the domain_sid in the ldb */
- if (ldb_set_opaque(ldb, "cache.ntds_guid", ntds_guid_new) != LDB_SUCCESS) {
+ if (ldb_set_opaque(ldb, cache_name, ntds_guid_new) != LDB_SUCCESS) {
goto failed;
}
@@ -1610,11 +1550,28 @@ bool samdb_set_ntds_objectGUID(struct ldb_context *ldb, const struct GUID *ntds_
return true;
failed:
- DEBUG(1,("Failed to set our own cached invocationId in the ldb!\n"));
+ DBG_WARNING("Failed to set our own cached %s in the ldb!\n",
+ attribute);
talloc_free(tmp_ctx);
return false;
}
+bool samdb_set_ntds_objectGUID(struct ldb_context *ldb, const struct GUID *ntds_guid_in)
+{
+ return samdb_set_ntds_GUID(ldb,
+ ntds_guid_in,
+ "objectGUID",
+ "cache.ntds_guid");
+}
+
+bool samdb_set_ntds_invocation_id(struct ldb_context *ldb, const struct GUID *invocation_id_in)
+{
+ return samdb_set_ntds_GUID(ldb,
+ invocation_id_in,
+ "invocationId",
+ "cache.invocation_id");
+}
+
/*
work out the server dn for the current open ldb
*/
diff --git a/source4/dsdb/kcc/kcc_service.c b/source4/dsdb/kcc/kcc_service.c
index 4710d5bcdf5..89d94f6af26 100644
--- a/source4/dsdb/kcc/kcc_service.c
+++ b/source4/dsdb/kcc/kcc_service.c
@@ -68,6 +68,7 @@ static WERROR kccsrv_connect_samdb(struct kccsrv_service *service, struct loadpa
ntds_guid = samdb_ntds_objectGUID(service->samdb);
if (!ntds_guid) {
+ DBG_ERR("Failed to determine own NTDS objectGUID\n");
return WERR_DS_UNAVAILABLE;
}
diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c
index c5849818411..55340fa4f1e 100644
--- a/source4/dsdb/samdb/ldb_modules/rootdse.c
+++ b/source4/dsdb/samdb/ldb_modules/rootdse.c
@@ -515,7 +515,21 @@ static int rootdse_add_dynamic(struct rootdse_context *ac, struct ldb_message *m
DSDB_SEARCH_SHOW_EXTENDED_DN,
ac->req);
if (ret != LDB_SUCCESS) {
- return ldb_operr(ldb);
+ DBG_WARNING("Failed to convert GUID into full DN in rootDSE for %s: %s: %s\n",
+ guid_attrs[i],
+ ldb_dn_get_extended_linearized(ac, attr_dn, 1),
+ ldb_errstring(ldb));
+ /*
+ * Provide a meaninful error string but not
+ * confidential DB contents possibly in the
+ * original string
+ */
+ ldb_asprintf_errstring(ldb,
+ "Failed to find full DN for %s: %s",
+ guid_attrs[i],
+ ldb_dn_get_extended_linearized(ac, attr_dn, 1));
+ /* Overstamp the error code, it would confuse the caller */
+ return LDB_ERR_OPERATIONS_ERROR;
}
el = ldb_msg_find_element(msg, guid_attrs[i]);
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index ea421b3bd68..badc21270c0 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -230,6 +230,41 @@ _NORETURN_ static void max_runtime_handler(struct tevent_context *ev,
exit(0);
}
+/*
+ * When doing an in-place upgrade of Samba, the database format may have
+ * changed between versions. E.g. between 4.7 and 4.8 the DB changed from
+ * DN-based indexes to GUID-based indexes, so we have to re-index the DB after
+ * upgrading.
+ * This function handles migrating an older samba DB to a new Samba release.
+ * Note that we have to maintain DB compatibility between *all* older versions
+ * of Samba, not just the ones still under maintenance support.
+ */
+static int handle_inplace_db_upgrade(struct ldb_context *ldb_ctx)
+{
+ int ret;
+
+ /*
+ * The DSDB stack will handle reindexing the DB (if needed) upon the first
+ * DB write. Open and close a transaction on the DB now to trigger a
+ * reindex if required, rather than waiting for the first write.
+ * We do this here to guarantee that the DB will have been re-indexed by
+ * the time the main samba code runs.
+ * Refer to dsdb_schema_set_indices_and_attributes() for the actual reindexing
+ * code, called from
+ * source4/dsdb/samdb/ldb_modules/schema_load.c:schema_load_start_transaction()
+ */
+ ret = ldb_transaction_start(ldb_ctx);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ ret = ldb_transaction_commit(ldb_ctx);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ return LDB_SUCCESS;
+}
+
/*
pre-open the key databases. This saves a lot of time in child
processes
@@ -262,6 +297,13 @@ static int prime_ldb_databases(struct tevent_context *event_ctx, bool *am_backup
talloc_free(db_context);
return LDB_ERR_OPERATIONS_ERROR;
}
+
+ ret = handle_inplace_db_upgrade(ldb_ctx);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(db_context);
+ return ret;
+ }
+
pdb = privilege_connect(db_context, cmdline_lp_ctx);
if (pdb == NULL) {
talloc_free(db_context);
--
Samba Shared Repository
More information about the samba-cvs
mailing list