The branch, v3-4-ctdb has been updated
via ea9d98bea833e7629616484262951ab4de8f4d95 (commit)
via b3028f32653bb9e0cf7000659c3247726307f83c (commit)
via d9b8daa63cd3ca9dc707f86ca30f05bf9eb398d3 (commit)
from ea9ae65c18b21efae0596795055127e3e04672c2 (commit)
http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-4-ctdb
- Log -----------------------------------------------------------------
commit ea9d98bea833e7629616484262951ab4de8f4d95
Author: Volker Lendecke <v...@samba.org>
Date: Thu Dec 3 01:55:52 2009 +0100
s3: Fix the code to immediately disconnect from a non-working ctdbd
commit b3028f32653bb9e0cf7000659c3247726307f83c
Author: Volker Lendecke <v...@samba.org>
Date: Tue Dec 1 11:45:03 2009 +0100
Add a low-cost alternative to wbinfo -t: winfo --ping-dc
commit d9b8daa63cd3ca9dc707f86ca30f05bf9eb398d3
Author: Jeremy Allison <j...@samba.org>
Date: Mon Nov 23 19:19:07 2009 -0800
Fix bug #6898 - Samba duplicates file content on appending. Move posix case
semantics out from under the VFS. Jeremy.
-----------------------------------------------------------------------
Summary of changes:
nsswitch/libwbclient/wbc_pam.c | 44 +++++++++++++++++++++++++++++++
nsswitch/libwbclient/wbclient.h | 13 +++++++++
nsswitch/wbinfo.c | 32 +++++++++++++++++++++++
nsswitch/winbind_struct_protocol.h | 1 +
source3/lib/ctdbd_conn.c | 1 +
source3/smbd/nttrans.c | 43 +++++++++++++++++++++++++++++++
source3/smbd/open.c | 11 --------
source3/winbindd/winbindd.c | 1 +
source3/winbindd/winbindd_domain.c | 4 +++
source3/winbindd/winbindd_misc.c | 50 ++++++++++++++++++++++++++++++++++++
source3/winbindd/winbindd_proto.h | 3 ++
11 files changed, 192 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index 422665a..02dc700 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -533,6 +533,50 @@ wbcErr wbcCheckTrustCredentials(const char *domain,
return wbc_status;
}
+/*
+ * Trigger a no-op NETLOGON call. Lightweight version of
+ * wbcCheckTrustCredentials
+ */
+wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+ if (domain) {
+ /*
+ * the current protocol doesn't support
+ * specifying a domain
+ */
+ wbc_status = WBC_ERR_NOT_IMPLEMENTED;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ ZERO_STRUCT(request);
+ ZERO_STRUCT(response);
+
+ /* Send request */
+
+ wbc_status = wbcRequestResponse(WINBINDD_PING_DC,
+ &request,
+ &response);
+ if (response.data.auth.nt_status != 0) {
+ if (error) {
+ wbc_status = wbc_create_error_info(NULL,
+ &response,
+ error);
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ wbc_status = WBC_ERR_AUTH_ERROR;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ BAIL_ON_WBC_ERROR(wbc_status);
+
+ done:
+ return wbc_status;
+}
+
/* Trigger an extended logoff notification to Winbind for a specific user */
wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params,
struct wbcAuthErrorInfo **error)
diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h
index d3c1b63..4970d1f 100644
--- a/nsswitch/libwbclient/wbclient.h
+++ b/nsswitch/libwbclient/wbclient.h
@@ -1183,6 +1183,19 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name);
wbcErr wbcCheckTrustCredentials(const char *domain,
struct wbcAuthErrorInfo **error);
+/**
+ * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost
+ * version of wbcCheckTrustCredentials
+ *
+ * @param *domain The name of the domain, only NULL for the default
domain is
+ * supported yet. Other values than NULL will result in
+ * WBC_ERR_NOT_IMPLEMENTED.
+ * @param error Output details on WBC_ERR_AUTH_ERROR
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error);
+
/**********************************************************
* Helper functions
**********************************************************/
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index d12e512..6195b75 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -719,6 +719,30 @@ static bool wbinfo_check_secret(void)
return true;
}
+/* Check DC connection */
+
+static bool wbinfo_ping_dc(void)
+{
+ wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+ struct wbcAuthErrorInfo *error = NULL;
+
+ wbc_status = wbcPingDc(NULL, &error);
+
+ d_printf("checking the NETLOGON dc connection %s\n",
+ WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed");
+
+ if (wbc_status == WBC_ERR_AUTH_ERROR) {
+ d_fprintf(stderr, "error code was %s (0x%x)\n",
+ error->nt_string, error->nt_status);
+ wbcFreeMemory(error);
+ }
+ if (!WBC_ERROR_IS_OK(wbc_status)) {
+ return false;
+ }
+
+ return true;
+}
+
/* Convert uid to sid */
static bool wbinfo_uid_to_sid(uid_t uid)
@@ -1658,6 +1682,7 @@ enum {
OPT_VERBOSE,
OPT_ONLINESTATUS,
OPT_CHANGE_USER_PASSWORD,
+ OPT_PING_DC,
OPT_SID_TO_FULLNAME
};
@@ -1702,6 +1727,7 @@ int main(int argc, char **argv, char **envp)
{ "remove-uid-mapping", 0, POPT_ARG_STRING, &string_arg,
OPT_REMOVE_UID_MAPPING, "Remove uid to sid mapping in idmap", "UID,SID" },
{ "remove-gid-mapping", 0, POPT_ARG_STRING, &string_arg,
OPT_REMOVE_GID_MAPPING, "Remove gid to sid mapping in idmap", "GID,SID" },
{ "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared
secret" },
+ { "ping-dc", 0, POPT_ARG_NONE, 0, OPT_PING_DC, "Check the
NETLOGON connection" },
{ "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted
domains" },
{ "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS,
"List all domains (trusted and own domain)" },
{ "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List
own domain" },
@@ -1920,6 +1946,12 @@ int main(int argc, char **argv, char **envp)
goto done;
}
break;
+ case OPT_PING_DC:
+ if (!wbinfo_ping_dc()) {
+ d_fprintf(stderr, "Could not ping our DC\n");
+ goto done;
+ }
+ break;
case 'm':
if (!wbinfo_list_domains(false, verbose)) {
d_fprintf(stderr, "Could not list trusted
domains\n");
diff --git a/nsswitch/winbind_struct_protocol.h
b/nsswitch/winbind_struct_protocol.h
index 11b2069..fb6d2dd 100644
--- a/nsswitch/winbind_struct_protocol.h
+++ b/nsswitch/winbind_struct_protocol.h
@@ -113,6 +113,7 @@ enum winbindd_cmd {
/* Miscellaneous other stuff */
WINBINDD_CHECK_MACHACC, /* Check machine account pw works */
+ WINBINDD_PING_DC, /* Ping the DC through NETLOGON */
WINBINDD_PING, /* Just tell me winbind is running */
WINBINDD_INFO, /* Various bit of info. Currently just
tidbits */
WINBINDD_DOMAIN_NAME, /* The domain this winbind server is a
member of (lp_workgroup()) */
diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c
index 9101bd4..05c41c1 100644
--- a/source3/lib/ctdbd_conn.c
+++ b/source3/lib/ctdbd_conn.c
@@ -503,6 +503,7 @@ NTSTATUS ctdbd_init_connection(TALLOC_CTX *mem_ctx,
if (!ctdbd_working(conn, conn->our_vnn)) {
DEBUG(2, ("Node is not working, can not connect\n"));
+ status = NT_STATUS_INTERNAL_DB_ERROR;
goto fail;
}
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index ffecd53..c0f1869 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -436,6 +436,7 @@ void reply_ntcreate_and_X(struct smb_request *req)
NTSTATUS status;
int oplock_request;
uint8_t oplock_granted = NO_OPLOCK_RETURN;
+ struct case_semantics_state *case_state = NULL;
TALLOC_CTX *ctx = talloc_tos();
START_PROFILE(SMBntcreateX);
@@ -509,6 +510,25 @@ void reply_ntcreate_and_X(struct smb_request *req)
? BATCH_OPLOCK : 0;
}
+ /*
+ * Check if POSIX semantics are wanted.
+ */
+
+ if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
+ case_state = set_posix_case_semantics(ctx, conn);
+ if (!case_state) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ END_PROFILE(SMBntcreateX);
+ return;
+ }
+ /*
+ * Bug #6898 - clients using Windows opens should
+ * never be able to set this attribute into the
+ * VFS.
+ */
+ file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
+ }
+
status = SMB_VFS_CREATE_FILE(
conn, /* conn */
req, /* req */
@@ -528,6 +548,8 @@ void reply_ntcreate_and_X(struct smb_request *req)
&info, /* pinfo */
&sbuf); /* psbuf */
+ TALLOC_FREE(case_state);
+
if (!NT_STATUS_IS_OK(status)) {
if (open_was_deferred(req->mid)) {
/* We have re-scheduled this call, no error. */
@@ -863,6 +885,7 @@ static void call_nt_transact_create(connection_struct *conn,
uint64_t allocation_size;
int oplock_request;
uint8_t oplock_granted;
+ struct case_semantics_state *case_state = NULL;
TALLOC_CTX *ctx = talloc_tos();
SET_STAT_INVALID(sbuf);
@@ -982,6 +1005,24 @@ static void call_nt_transact_create(connection_struct
*conn,
? BATCH_OPLOCK : 0;
}
+ /*
+ * Check if POSIX semantics are wanted.
+ */
+
+ if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
+ case_state = set_posix_case_semantics(ctx, conn);
+ if (!case_state) {
+ reply_nterror(req, NT_STATUS_NO_MEMORY);
+ return;
+ }
+ /*
+ * Bug #6898 - clients using Windows opens should
+ * never be able to set this attribute into the
+ * VFS.
+ */
+ file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS;
+ }
+
status = SMB_VFS_CREATE_FILE(
conn, /* conn */
req, /* req */
@@ -1001,6 +1042,8 @@ static void call_nt_transact_create(connection_struct
*conn,
&info, /* pinfo */
&sbuf); /* psbuf */
+ TALLOC_FREE(case_state);
+
if(!NT_STATUS_IS_OK(status)) {
if (open_was_deferred(req->mid)) {
/* We have re-scheduled this call, no error. */
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 5a4248b..503ce2d 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3344,7 +3344,6 @@ NTSTATUS create_file_default(connection_struct *conn,
int *pinfo,
SMB_STRUCT_STAT *psbuf)
{
- struct case_semantics_state *case_state = NULL;
SMB_STRUCT_STAT sbuf;
int info = FILE_WAS_OPENED;
files_struct *fsp = NULL;
@@ -3443,14 +3442,6 @@ NTSTATUS create_file_default(connection_struct *conn,
}
}
- /*
- * Check if POSIX semantics are wanted.
- */
-
- if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) {
- case_state = set_posix_case_semantics(talloc_tos(), conn);
- }
-
if (create_file_flags & CFF_DOS_PATH) {
char *converted_fname;
@@ -3473,8 +3464,6 @@ NTSTATUS create_file_default(connection_struct *conn,
}
- TALLOC_FREE(case_state);
-
/* All file access must go through check_name() */
status = check_name(conn, fname);
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 8cb946e..dd6783d 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -485,6 +485,7 @@ static struct winbindd_dispatch_table {
/* Miscellaneous */
{ WINBINDD_CHECK_MACHACC, winbindd_check_machine_acct, "CHECK_MACHACC"
},
+ { WINBINDD_PING_DC, winbindd_ping_dc, "PING_DC" },
{ WINBINDD_PING, winbindd_ping, "PING" },
{ WINBINDD_INFO, winbindd_info, "INFO" },
{ WINBINDD_INTERFACE_VERSION, winbindd_interface_version,
diff --git a/source3/winbindd/winbindd_domain.c
b/source3/winbindd/winbindd_domain.c
index 1fc3ce7..506ff66 100644
--- a/source3/winbindd/winbindd_domain.c
+++ b/source3/winbindd/winbindd_domain.c
@@ -98,6 +98,10 @@ static const struct winbindd_child_dispatch_table
domain_dispatch_table[] = {
.struct_cmd = WINBINDD_CHECK_MACHACC,
.struct_fn = winbindd_dual_check_machine_acct,
},{
+ .name = "PING_DC",
+ .struct_cmd = WINBINDD_PING_DC,
+ .struct_fn = winbindd_dual_ping_dc,
+ },{
.name = "DUAL_USERINFO",
.struct_cmd = WINBINDD_DUAL_USERINFO,
.struct_fn = winbindd_dual_userinfo,
diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c
index 737fd08..65e3f25 100644
--- a/source3/winbindd/winbindd_misc.c
+++ b/source3/winbindd/winbindd_misc.c
@@ -94,6 +94,56 @@ enum winbindd_result winbindd_dual_check_machine_acct(struct
winbindd_domain *do
return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR;
}
+void winbindd_ping_dc(struct winbindd_cli_state *state)
+{
+ DEBUG(3, ("[%5lu]: ping dc\n", (unsigned long)state->pid));
+
+ sendto_domain(state, find_our_domain());
+}
+
+enum winbindd_result winbindd_dual_ping_dc(struct winbindd_domain *domain,
+ struct winbindd_cli_state *state)
+{
+ NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
+ struct winbindd_domain *contact_domain;
+ struct rpc_pipe_client *netlogon_pipe;
+ union netr_CONTROL_QUERY_INFORMATION info;
+ WERROR werr;
+ fstring logon_server;
+
+ DEBUG(3, ("[%5lu]: ping dc\n", (unsigned long)state->pid));
+
+ contact_domain = find_our_domain();
+
+ status = cm_connect_netlogon(contact_domain, &netlogon_pipe);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("could not open handle to NETLOGON pipe\n"));
+ return WINBINDD_ERROR;
+ }
+
+ fstr_sprintf(logon_server, "\\\\%s", domain->dcname);
+
+ /*
+ * This provokes a WERR_NOT_SUPPORTED error message. This is
+ * documented in the wspp docs. I could not get a successful
+ * call to work, but the main point here is testing that the
+ * netlogon pipe works.
+ */
+ status = rpccli_netr_LogonControl(netlogon_pipe, state->mem_ctx,
+ logon_server, NETLOGON_CONTROL_QUERY,
+ 2, &info, &werr);
+
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_CTL_FILE_NOT_SUPPORTED)) {
+ DEBUG(2, ("rpccli_netr_LogonControl returned %s, expected "
+ "NT_STATUS_CTL_FILE_NOT_SUPPORTED\n",
+ nt_errstr(status)));
+ return WINBINDD_ERROR;
+ }
+
+ DEBUG(5, ("winbindd_dual_ping_dc succeeded\n"));
+ return WINBINDD_OK;
+}
+
/* Helpers for listing user and group names */
const char *ent_type_strings[] = {"users",
diff --git a/source3/winbindd/winbindd_proto.h
b/source3/winbindd/winbindd_proto.h
index 384395f..e4f06a4 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -402,6 +402,9 @@ void winbindd_dsgetdcname(struct winbindd_cli_state *state);
void winbindd_check_machine_acct(struct winbindd_cli_state *state);
enum winbindd_result winbindd_dual_check_machine_acct(struct winbindd_domain
*domain,
struct winbindd_cli_state
*state);
+void winbindd_ping_dc(struct winbindd_cli_state *state);
+enum winbindd_result winbindd_dual_ping_dc(struct winbindd_domain *domain,
+ struct winbindd_cli_state *state);
void winbindd_list_ent(struct winbindd_cli_state *state, enum ent_type type);
void winbindd_list_trusted_domains(struct winbindd_cli_state *state);
enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain
*domain,
--
SAMBA-CTDB repository
