[SCM] Samba Shared Repository - branch v4-13-stable updated
Karolin Seeger
kseeger at samba.org
Fri Aug 28 09:35:21 UTC 2020
The branch, v4-13-stable has been updated
via f5f22da6b8e VERSION: Disable GIT_SNAPSHOT for the 4.13.0rc3 release.
via 15ec9863704 WHATSNEW: Add release notes for Samba 4.13.0rc3.
via 58627af19cc ctdb-recoverd: Rename update_local_flags() -> update_flags()
via 98580fca5f6 ctdb-recoverd: Change update_local_flags() to use already retrieved nodemaps
via 8e10b67f315 ctdb-recoverd: Get remote nodemaps earlier
via 7fe08880958 ctdb-recoverd: Do not fetch the nodemap from the recovery master
via 48ca1987350 ctdb-recoverd: Change get_remote_nodemaps() to use connected nodes
via a1f00ebef11 ctdb-recoverd: Fix node_pnn check and assignment of nodemap into array
via da94f78c55e ctdb-recoverd: Add fail callback to assign banning credits
via 05b46fa631b ctdb-recoverd: Add an intermediate state struct for nodemap fetching
via 092beb2f6f1 ctdb-recoverd: Move memory allocation into get_remote_nodemaps()
via 97ed7d289c7 ctdb-recoverd: Change signature of get_remote_nodemaps()
via 245f0043d88 ctdb-recoverd: Fix a local memory leak
via 772dfb02d45 ctdb-recoverd: Basic cleanups for get_remote_nodemaps()
via 3261adfc84f ctdb-recoverd: Simplify calculation of new flags
via 991907cf217 ctdb-recoverd: Correctly find nodemap entry for pnn
via b0bf26df6c8 ctdb-recoverd: Do not retrieve nodemap from recovery master
via 6d8271ff3b7 ctdb-recoverd: Flatten update_flags_on_all_nodes()
via 267bb7faf22 ctdb-recoverd: Move ctdb_ctrl_modflags() to ctdb_recoverd.c
via 299d4e3f3b0 ctdb-recoverd: Improve a call to update_flags_on_all_nodes()
via abc8222fa5d ctdb-recoverd: Use update_flags_on_all_nodes()
via 6fc2ec1653a ctdb-recoverd: Introduce some local variables to improve readability
via 3e3124afa3b ctdb-recoverd: Change update_flags_on_all_nodes() to take rec argument
via 5ad1f837d65 ctdb-recoverd: Drop unused nodemap argument from update_flags_on_all_nodes()
via 51f8ccf2887 docs: Add missing winexe manpage
via e0aa042c518 WHATSNEW: list deprecated parameters
via 8dbeb26319c docs: deprecate "raw NTLMv2 auth"
via af78b53f114 docs: deprecate "client plaintext auth"
via e2b9972f3c6 docs: deprecate "client NTLMv2 auth"
via 100e32dba49 docs: deprecate "client lanman auth"
via 7b48056533e docs: deprecate "client use spnego"
via 1338e3a481b docs: Deprecate NT4-like domains and SMBv1-only protocol options
via e3c608d27e9 selftest: Do not let deprecated option warnings muck this test up
via dcf92a69cd0 param: Allow tests to silence deprecation warnings
via b44b26b9cd2 selftest: Add test for suppression of deprecation warnings
via 97d3c93e31e util: Add cmocka unit test for directory_create_or_exists
via 031618f0acb util: Allow symlinks in directory_create_or_exist
via 2bd88d076e8 VERSION: Bump version up to 4.13.0rc3...
from 8c7bedccada VERSION: Disable GIT_SNAPSHOT for the 4.13.0rc2 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 39 ++-
ctdb/include/ctdb_client.h | 5 -
ctdb/server/ctdb_client.c | 65 -----
ctdb/server/ctdb_recoverd.c | 264 ++++++++++++++-------
docs-xml/manpages/winexe.1.xml | 184 ++++++++++++++
docs-xml/smbdotconf/logon/domainlogons.xml | 7 +
docs-xml/smbdotconf/protocol/clientusespnego.xml | 8 +
docs-xml/smbdotconf/security/clientlanmanauth.xml | 9 +
docs-xml/smbdotconf/security/clientntlmv2auth.xml | 9 +
.../smbdotconf/security/clientplaintextauth.xml | 9 +
docs-xml/smbdotconf/security/rawntlmv2auth.xml | 8 +
docs-xml/wscript_build | 5 +
lib/param/loadparm.c | 22 +-
lib/util/tests/test_util.c | 234 ++++++++++++++++++
lib/util/util.c | 18 +-
lib/util/wscript_build | 6 +
selftest/tests.py | 2 +
source3/script/tests/test_smbclient_s3.sh | 4 +
source3/script/tests/test_testparm_s3.sh | 33 +++
20 files changed, 773 insertions(+), 160 deletions(-)
create mode 100644 docs-xml/manpages/winexe.1.xml
create mode 100644 lib/util/tests/test_util.c
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 86bc2019599..2d5192ae9fa 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=2
+SAMBA_VERSION_RC_RELEASE=3
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index cac8cecd2b7..81d9300df94 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the second release condidate of Samba 4.13. This is *not*
+This is the third release condidate of Samba 4.13. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -52,6 +52,21 @@ causing administrators who need this functionality to have to explicitly
add the vfs_widelinks module into the "vfs objects =" parameter lists.
The release notes will be updated to note this change when it occurs.
+NT4-like 'classic' Samba domain controllers
+-------------------------------------------
+
+Samba 4.13 deprecates Samba's original domain controller mode.
+
+Sites using Samba as a Domain Controller should upgrade from the
+NT4-like 'classic' Domain Controller to a Samba Active Directory DC
+to ensure full operation with modern windows clients.
+
+SMBv1 only protocol options deprecated
+--------------------------------------
+
+A number of smb.conf parameters for less-secure authentication methods
+which are only possible over SMBv1 are deprecated in this release.
+
REMOVED FEATURES
================
@@ -64,6 +79,28 @@ smb.conf changes
-------------- ----------- -------
ldap ssl ads removed
smb2 disable lock sequence checking No
+ domain logons Deprecated no
+ raw NTLMv2 auth Deprecated no
+ client plaintext auth Deprecated no
+ client NTLMv2 auth Deprecated yes
+ client lanman auth Deprecated no
+ client use spnego Deprecated yes
+
+
+CHANGES SINCE 4.13.0rc2
+=======================
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 14460: Deprecate domain logons, SMBv1 things.
+
+o Günther Deschner <gd at samba.org>
+ * BUG 14318: docs: Add missing winexe manpage.
+
+o Christof Schmitt <cs at samba.org>
+ * BUG 14166: util: Allow symlinks in directory_create_or_exist.
+
+o Martin Schwenke <martin at meltin.net>
+ * BUG 14466: ctdb disable/enable can fail due to race condition.
CHANGES SINCE 4.13.0rc1
diff --git a/ctdb/include/ctdb_client.h b/ctdb/include/ctdb_client.h
index 198a8a38dbb..b89c4e49b2f 100644
--- a/ctdb/include/ctdb_client.h
+++ b/ctdb/include/ctdb_client.h
@@ -195,11 +195,6 @@ int ctdb_ctrl_get_ifaces(struct ctdb_context *ctdb,
TALLOC_CTX *mem_ctx,
struct ctdb_iface_list_old **ifaces);
-int ctdb_ctrl_modflags(struct ctdb_context *ctdb,
- struct timeval timeout,
- uint32_t destnode,
- uint32_t set, uint32_t clear);
-
int ctdb_ctrl_get_all_tunables(struct ctdb_context *ctdb,
struct timeval timeout, uint32_t destnode,
struct ctdb_tunable_list *tunables);
diff --git a/ctdb/server/ctdb_client.c b/ctdb/server/ctdb_client.c
index 453e7b28477..5d1a30d03da 100644
--- a/ctdb/server/ctdb_client.c
+++ b/ctdb/server/ctdb_client.c
@@ -1243,71 +1243,6 @@ int ctdb_ctrl_get_ifaces(struct ctdb_context *ctdb,
return 0;
}
-/*
- set/clear the permanent disabled bit on a remote node
- */
-int ctdb_ctrl_modflags(struct ctdb_context *ctdb, struct timeval timeout, uint32_t destnode,
- uint32_t set, uint32_t clear)
-{
- int ret;
- TDB_DATA data;
- struct ctdb_node_map_old *nodemap=NULL;
- struct ctdb_node_flag_change c;
- TALLOC_CTX *tmp_ctx = talloc_new(ctdb);
- uint32_t recmaster;
- uint32_t *nodes;
-
-
- /* find the recovery master */
- ret = ctdb_ctrl_getrecmaster(ctdb, tmp_ctx, timeout, CTDB_CURRENT_NODE, &recmaster);
- if (ret != 0) {
- DEBUG(DEBUG_ERR, (__location__ " Unable to get recmaster from local node\n"));
- talloc_free(tmp_ctx);
- return ret;
- }
-
-
- /* read the node flags from the recmaster */
- ret = ctdb_ctrl_getnodemap(ctdb, timeout, recmaster, tmp_ctx, &nodemap);
- if (ret != 0) {
- DEBUG(DEBUG_ERR, (__location__ " Unable to get nodemap from node %u\n", destnode));
- talloc_free(tmp_ctx);
- return -1;
- }
- if (destnode >= nodemap->num) {
- DEBUG(DEBUG_ERR,(__location__ " Nodemap from recmaster does not contain node %d\n", destnode));
- talloc_free(tmp_ctx);
- return -1;
- }
-
- c.pnn = destnode;
- c.old_flags = nodemap->nodes[destnode].flags;
- c.new_flags = c.old_flags;
- c.new_flags |= set;
- c.new_flags &= ~clear;
-
- data.dsize = sizeof(c);
- data.dptr = (unsigned char *)&c;
-
- /* send the flags update to all connected nodes */
- nodes = list_of_connected_nodes(ctdb, nodemap, tmp_ctx, true);
-
- if (ctdb_client_async_control(ctdb, CTDB_CONTROL_MODIFY_FLAGS,
- nodes, 0,
- timeout, false, data,
- NULL, NULL,
- NULL) != 0) {
- DEBUG(DEBUG_ERR, (__location__ " Unable to update nodeflags on remote nodes\n"));
-
- talloc_free(tmp_ctx);
- return -1;
- }
-
- talloc_free(tmp_ctx);
- return 0;
-}
-
-
/*
get all tunables
*/
diff --git a/ctdb/server/ctdb_recoverd.c b/ctdb/server/ctdb_recoverd.c
index 3f5d43c1e87..f825427e7a3 100644
--- a/ctdb/server/ctdb_recoverd.c
+++ b/ctdb/server/ctdb_recoverd.c
@@ -425,18 +425,62 @@ static int set_recovery_mode(struct ctdb_context *ctdb,
}
/*
- update flags on all active nodes
+ * Update flags on all connected nodes
*/
-static int update_flags_on_all_nodes(struct ctdb_context *ctdb, struct ctdb_node_map_old *nodemap, uint32_t pnn, uint32_t flags)
+static int update_flags_on_all_nodes(struct ctdb_recoverd *rec,
+ uint32_t pnn,
+ uint32_t flags)
{
+ struct ctdb_context *ctdb = rec->ctdb;
+ struct timeval timeout = CONTROL_TIMEOUT();
+ TDB_DATA data;
+ struct ctdb_node_map_old *nodemap=NULL;
+ struct ctdb_node_flag_change c;
+ TALLOC_CTX *tmp_ctx = talloc_new(ctdb);
+ uint32_t *nodes;
+ uint32_t i;
int ret;
- ret = ctdb_ctrl_modflags(ctdb, CONTROL_TIMEOUT(), pnn, flags, ~flags);
- if (ret != 0) {
- DEBUG(DEBUG_ERR, (__location__ " Unable to update nodeflags on remote nodes\n"));
+ nodemap = rec->nodemap;
+
+ for (i = 0; i < nodemap->num; i++) {
+ if (pnn == nodemap->nodes[i].pnn) {
+ break;
+ }
+ }
+ if (i >= nodemap->num) {
+ DBG_ERR("Nodemap does not contain node %d\n", pnn);
+ talloc_free(tmp_ctx);
return -1;
}
+ c.pnn = pnn;
+ c.old_flags = nodemap->nodes[i].flags;
+ c.new_flags = flags;
+
+ data.dsize = sizeof(c);
+ data.dptr = (unsigned char *)&c;
+
+ /* send the flags update to all connected nodes */
+ nodes = list_of_connected_nodes(ctdb, nodemap, tmp_ctx, true);
+
+ ret = ctdb_client_async_control(ctdb,
+ CTDB_CONTROL_MODIFY_FLAGS,
+ nodes,
+ 0,
+ timeout,
+ false,
+ data,
+ NULL,
+ NULL,
+ NULL);
+ if (ret != 0) {
+ DBG_ERR("Unable to update flags on remote nodes\n");
+ talloc_free(tmp_ctx);
+ return -1;
+ }
+
+ talloc_free(tmp_ctx);
return 0;
}
@@ -493,60 +537,57 @@ static void ctdb_wait_election(struct ctdb_recoverd *rec)
}
/*
- Update our local flags from all remote connected nodes.
- This is only run when we are or we belive we are the recovery master
+ * Update local flags from all remote connected nodes and push out
+ * flags changes to all nodes. This is only run by the recovery
+ * master.
*/
-static int update_local_flags(struct ctdb_recoverd *rec, struct ctdb_node_map_old *nodemap)
+static int update_flags(struct ctdb_recoverd *rec,
+ struct ctdb_node_map_old *nodemap,
+ struct ctdb_node_map_old **remote_nodemaps)
{
unsigned int j;
struct ctdb_context *ctdb = rec->ctdb;
TALLOC_CTX *mem_ctx = talloc_new(ctdb);
- /* get the nodemap for all active remote nodes and verify
- they are the same as for this node
- */
+ /* Check flags from remote nodes */
for (j=0; j<nodemap->num; j++) {
struct ctdb_node_map_old *remote_nodemap=NULL;
+ uint32_t local_flags = nodemap->nodes[j].flags;
+ uint32_t remote_flags;
int ret;
- if (nodemap->nodes[j].flags & NODE_FLAGS_DISCONNECTED) {
+ if (local_flags & NODE_FLAGS_DISCONNECTED) {
continue;
}
if (nodemap->nodes[j].pnn == ctdb->pnn) {
continue;
}
- ret = ctdb_ctrl_getnodemap(ctdb, CONTROL_TIMEOUT(), nodemap->nodes[j].pnn,
- mem_ctx, &remote_nodemap);
- if (ret != 0) {
- DEBUG(DEBUG_ERR, (__location__ " Unable to get nodemap from remote node %u\n",
- nodemap->nodes[j].pnn));
- ctdb_set_culprit(rec, nodemap->nodes[j].pnn);
- talloc_free(mem_ctx);
- return -1;
- }
- if (nodemap->nodes[j].flags != remote_nodemap->nodes[j].flags) {
- /* We should tell our daemon about this so it
- updates its flags or else we will log the same
- message again in the next iteration of recovery.
- Since we are the recovery master we can just as
- well update the flags on all nodes.
- */
- ret = ctdb_ctrl_modflags(ctdb, CONTROL_TIMEOUT(), nodemap->nodes[j].pnn, remote_nodemap->nodes[j].flags, ~remote_nodemap->nodes[j].flags);
+ remote_nodemap = remote_nodemaps[j];
+ remote_flags = remote_nodemap->nodes[j].flags;
+
+ if (local_flags != remote_flags) {
+ ret = update_flags_on_all_nodes(rec,
+ nodemap->nodes[j].pnn,
+ remote_flags);
if (ret != 0) {
- DEBUG(DEBUG_ERR, (__location__ " Unable to update nodeflags on remote nodes\n"));
+ DBG_ERR(
+ "Unable to update flags on remote nodes\n");
+ talloc_free(mem_ctx);
return -1;
}
- /* Update our local copy of the flags in the recovery
- daemon.
- */
- DEBUG(DEBUG_NOTICE,("Remote node %u had flags 0x%x, local had 0x%x - updating local\n",
- nodemap->nodes[j].pnn, remote_nodemap->nodes[j].flags,
- nodemap->nodes[j].flags));
- nodemap->nodes[j].flags = remote_nodemap->nodes[j].flags;
+ /*
+ * Update the local copy of the flags in the
+ * recovery daemon.
+ */
+ D_NOTICE("Remote node %u had flags 0x%x, "
+ "local had 0x%x - updating local\n",
+ nodemap->nodes[j].pnn,
+ remote_flags,
+ local_flags);
+ nodemap->nodes[j].flags = remote_flags;
}
- talloc_free(remote_nodemap);
}
talloc_free(mem_ctx);
return 0;
@@ -1125,7 +1166,9 @@ static int do_recovery(struct ctdb_recoverd *rec,
continue;
}
- ret = update_flags_on_all_nodes(ctdb, nodemap, i, nodemap->nodes[i].flags);
+ ret = update_flags_on_all_nodes(rec,
+ nodemap->nodes[i].pnn,
+ nodemap->nodes[i].flags);
if (ret != 0) {
if (nodemap->nodes[i].flags & NODE_FLAGS_INACTIVE) {
DEBUG(DEBUG_WARNING, (__location__ "Unable to update flags on inactive node %d\n", i));
@@ -2172,37 +2215,94 @@ done:
}
-static void async_getnodemap_callback(struct ctdb_context *ctdb, uint32_t node_pnn, int32_t res, TDB_DATA outdata, void *callback_data)
+struct remote_nodemaps_state {
+ struct ctdb_node_map_old **remote_nodemaps;
+ struct ctdb_recoverd *rec;
+};
+
+static void async_getnodemap_callback(struct ctdb_context *ctdb,
+ uint32_t node_pnn,
+ int32_t res,
+ TDB_DATA outdata,
+ void *callback_data)
{
- struct ctdb_node_map_old **remote_nodemaps = callback_data;
+ struct remote_nodemaps_state *state =
+ (struct remote_nodemaps_state *)callback_data;
+ struct ctdb_node_map_old **remote_nodemaps = state->remote_nodemaps;
+ struct ctdb_node_map_old *nodemap = state->rec->nodemap;
+ size_t i;
- if (node_pnn >= ctdb->num_nodes) {
- DEBUG(DEBUG_ERR,(__location__ " pnn from invalid node\n"));
+ for (i = 0; i < nodemap->num; i++) {
+ if (nodemap->nodes[i].pnn == node_pnn) {
+ break;
+ }
+ }
+
+ if (i >= nodemap->num) {
+ DBG_ERR("Invalid PNN %"PRIu32"\n", node_pnn);
return;
}
- remote_nodemaps[node_pnn] = (struct ctdb_node_map_old *)talloc_steal(remote_nodemaps, outdata.dptr);
+ remote_nodemaps[i] = (struct ctdb_node_map_old *)talloc_steal(
+ remote_nodemaps, outdata.dptr);
+
+}
+
+static void async_getnodemap_error(struct ctdb_context *ctdb,
+ uint32_t node_pnn,
+ int32_t res,
+ TDB_DATA outdata,
+ void *callback_data)
+{
+ struct remote_nodemaps_state *state =
+ (struct remote_nodemaps_state *)callback_data;
+ struct ctdb_recoverd *rec = state->rec;
+ DBG_ERR("Failed to retrieve nodemap from node %u\n", node_pnn);
+ ctdb_set_culprit(rec, node_pnn);
}
-static int get_remote_nodemaps(struct ctdb_context *ctdb, TALLOC_CTX *mem_ctx,
- struct ctdb_node_map_old *nodemap,
- struct ctdb_node_map_old **remote_nodemaps)
+static int get_remote_nodemaps(struct ctdb_recoverd *rec,
+ TALLOC_CTX *mem_ctx,
+ struct ctdb_node_map_old ***remote_nodemaps)
{
+ struct ctdb_context *ctdb = rec->ctdb;
+ struct ctdb_node_map_old **t;
uint32_t *nodes;
+ struct remote_nodemaps_state state;
+ int ret;
- nodes = list_of_active_nodes(ctdb, nodemap, mem_ctx, true);
- if (ctdb_client_async_control(ctdb, CTDB_CONTROL_GET_NODEMAP,
- nodes, 0,
- CONTROL_TIMEOUT(), false, tdb_null,
+ t = talloc_zero_array(mem_ctx,
+ struct ctdb_node_map_old *,
+ rec->nodemap->num);
+ if (t == NULL) {
+ DBG_ERR("Memory allocation error\n");
+ return -1;
+ }
+
+ nodes = list_of_connected_nodes(ctdb, rec->nodemap, mem_ctx, false);
+
+ state.remote_nodemaps = t;
+ state.rec = rec;
+
+ ret = ctdb_client_async_control(ctdb,
+ CTDB_CONTROL_GET_NODEMAP,
+ nodes,
+ 0,
+ CONTROL_TIMEOUT(),
+ false,
+ tdb_null,
async_getnodemap_callback,
- NULL,
- remote_nodemaps) != 0) {
- DEBUG(DEBUG_ERR, (__location__ " Unable to pull all remote nodemaps\n"));
+ async_getnodemap_error,
+ &state);
+ talloc_free(nodes);
- return -1;
+ if (ret != 0) {
+ talloc_free(t);
+ return ret;
}
+ *remote_nodemaps = t;
return 0;
}
@@ -2447,10 +2547,17 @@ static void main_loop(struct ctdb_context *ctdb, struct ctdb_recoverd *rec,
}
- /* ensure our local copies of flags are right */
- ret = update_local_flags(rec, nodemap);
+ /* Get the nodemaps for all connected remote nodes */
+ ret = get_remote_nodemaps(rec, mem_ctx, &remote_nodemaps);
if (ret != 0) {
- DEBUG(DEBUG_ERR,("Unable to update local flags\n"));
+ DBG_ERR("Failed to read remote nodemaps\n");
+ return;
+ }
+
+ /* Ensure our local and remote flags are correct */
+ ret = update_flags(rec, nodemap, remote_nodemaps);
+ if (ret != 0) {
+ D_ERR("Unable to update flags\n");
return;
}
@@ -2523,33 +2630,14 @@ static void main_loop(struct ctdb_context *ctdb, struct ctdb_recoverd *rec,
goto takeover_run_checks;
}
- /* get the nodemap for all active remote nodes
- */
- remote_nodemaps = talloc_array(mem_ctx, struct ctdb_node_map_old *, nodemap->num);
- if (remote_nodemaps == NULL) {
- DEBUG(DEBUG_ERR, (__location__ " failed to allocate remote nodemap array\n"));
- return;
- }
- for(i=0; i<nodemap->num; i++) {
- remote_nodemaps[i] = NULL;
- }
- if (get_remote_nodemaps(ctdb, mem_ctx, nodemap, remote_nodemaps) != 0) {
- DEBUG(DEBUG_ERR,(__location__ " Failed to read remote nodemaps\n"));
- return;
- }
-
/* verify that all other nodes have the same nodemap as we have
*/
for (j=0; j<nodemap->num; j++) {
- if (nodemap->nodes[j].flags & NODE_FLAGS_INACTIVE) {
+ if (nodemap->nodes[j].pnn == ctdb->pnn) {
continue;
--
Samba Shared Repository
More information about the samba-cvs
mailing list