The branch, v3-4-ctdb has been updated via ea9d98bea833e7629616484262951ab4de8f4d95 (commit) via b3028f32653bb9e0cf7000659c3247726307f83c (commit) via d9b8daa63cd3ca9dc707f86ca30f05bf9eb398d3 (commit) from ea9ae65c18b21efae0596795055127e3e04672c2 (commit)
http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-4-ctdb - Log ----------------------------------------------------------------- commit ea9d98bea833e7629616484262951ab4de8f4d95 Author: Volker Lendecke <v...@samba.org> Date: Thu Dec 3 01:55:52 2009 +0100 s3: Fix the code to immediately disconnect from a non-working ctdbd commit b3028f32653bb9e0cf7000659c3247726307f83c Author: Volker Lendecke <v...@samba.org> Date: Tue Dec 1 11:45:03 2009 +0100 Add a low-cost alternative to wbinfo -t: winfo --ping-dc commit d9b8daa63cd3ca9dc707f86ca30f05bf9eb398d3 Author: Jeremy Allison <j...@samba.org> Date: Mon Nov 23 19:19:07 2009 -0800 Fix bug #6898 - Samba duplicates file content on appending. Move posix case semantics out from under the VFS. Jeremy. ----------------------------------------------------------------------- Summary of changes: nsswitch/libwbclient/wbc_pam.c | 44 +++++++++++++++++++++++++++++++ nsswitch/libwbclient/wbclient.h | 13 +++++++++ nsswitch/wbinfo.c | 32 +++++++++++++++++++++++ nsswitch/winbind_struct_protocol.h | 1 + source3/lib/ctdbd_conn.c | 1 + source3/smbd/nttrans.c | 43 +++++++++++++++++++++++++++++++ source3/smbd/open.c | 11 -------- source3/winbindd/winbindd.c | 1 + source3/winbindd/winbindd_domain.c | 4 +++ source3/winbindd/winbindd_misc.c | 50 ++++++++++++++++++++++++++++++++++++ source3/winbindd/winbindd_proto.h | 3 ++ 11 files changed, 192 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index 422665a..02dc700 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -533,6 +533,50 @@ wbcErr wbcCheckTrustCredentials(const char *domain, return wbc_status; } +/* + * Trigger a no-op NETLOGON call. Lightweight version of + * wbcCheckTrustCredentials + */ +wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (domain) { + /* + * the current protocol doesn't support + * specifying a domain + */ + wbc_status = WBC_ERR_NOT_IMPLEMENTED; + BAIL_ON_WBC_ERROR(wbc_status); + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Send request */ + + wbc_status = wbcRequestResponse(WINBINDD_PING_DC, + &request, + &response); + if (response.data.auth.nt_status != 0) { + if (error) { + wbc_status = wbc_create_error_info(NULL, + &response, + error); + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_AUTH_ERROR; + BAIL_ON_WBC_ERROR(wbc_status); + } + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + /* Trigger an extended logoff notification to Winbind for a specific user */ wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params, struct wbcAuthErrorInfo **error) diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h index d3c1b63..4970d1f 100644 --- a/nsswitch/libwbclient/wbclient.h +++ b/nsswitch/libwbclient/wbclient.h @@ -1183,6 +1183,19 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name); wbcErr wbcCheckTrustCredentials(const char *domain, struct wbcAuthErrorInfo **error); +/** + * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost + * version of wbcCheckTrustCredentials + * + * @param *domain The name of the domain, only NULL for the default domain is + * supported yet. Other values than NULL will result in + * WBC_ERR_NOT_IMPLEMENTED. + * @param error Output details on WBC_ERR_AUTH_ERROR + * + * @return #wbcErr + **/ +wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error); + /********************************************************** * Helper functions **********************************************************/ diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c index d12e512..6195b75 100644 --- a/nsswitch/wbinfo.c +++ b/nsswitch/wbinfo.c @@ -719,6 +719,30 @@ static bool wbinfo_check_secret(void) return true; } +/* Check DC connection */ + +static bool wbinfo_ping_dc(void) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcAuthErrorInfo *error = NULL; + + wbc_status = wbcPingDc(NULL, &error); + + d_printf("checking the NETLOGON dc connection %s\n", + WBC_ERROR_IS_OK(wbc_status) ? "succeeded" : "failed"); + + if (wbc_status == WBC_ERR_AUTH_ERROR) { + d_fprintf(stderr, "error code was %s (0x%x)\n", + error->nt_string, error->nt_status); + wbcFreeMemory(error); + } + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + return true; +} + /* Convert uid to sid */ static bool wbinfo_uid_to_sid(uid_t uid) @@ -1658,6 +1682,7 @@ enum { OPT_VERBOSE, OPT_ONLINESTATUS, OPT_CHANGE_USER_PASSWORD, + OPT_PING_DC, OPT_SID_TO_FULLNAME }; @@ -1702,6 +1727,7 @@ int main(int argc, char **argv, char **envp) { "remove-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_UID_MAPPING, "Remove uid to sid mapping in idmap", "UID,SID" }, { "remove-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_GID_MAPPING, "Remove gid to sid mapping in idmap", "GID,SID" }, { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" }, + { "ping-dc", 0, POPT_ARG_NONE, 0, OPT_PING_DC, "Check the NETLOGON connection" }, { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" }, { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" }, { "own-domain", 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, "List own domain" }, @@ -1920,6 +1946,12 @@ int main(int argc, char **argv, char **envp) goto done; } break; + case OPT_PING_DC: + if (!wbinfo_ping_dc()) { + d_fprintf(stderr, "Could not ping our DC\n"); + goto done; + } + break; case 'm': if (!wbinfo_list_domains(false, verbose)) { d_fprintf(stderr, "Could not list trusted domains\n"); diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h index 11b2069..fb6d2dd 100644 --- a/nsswitch/winbind_struct_protocol.h +++ b/nsswitch/winbind_struct_protocol.h @@ -113,6 +113,7 @@ enum winbindd_cmd { /* Miscellaneous other stuff */ WINBINDD_CHECK_MACHACC, /* Check machine account pw works */ + WINBINDD_PING_DC, /* Ping the DC through NETLOGON */ WINBINDD_PING, /* Just tell me winbind is running */ WINBINDD_INFO, /* Various bit of info. Currently just tidbits */ WINBINDD_DOMAIN_NAME, /* The domain this winbind server is a member of (lp_workgroup()) */ diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c index 9101bd4..05c41c1 100644 --- a/source3/lib/ctdbd_conn.c +++ b/source3/lib/ctdbd_conn.c @@ -503,6 +503,7 @@ NTSTATUS ctdbd_init_connection(TALLOC_CTX *mem_ctx, if (!ctdbd_working(conn, conn->our_vnn)) { DEBUG(2, ("Node is not working, can not connect\n")); + status = NT_STATUS_INTERNAL_DB_ERROR; goto fail; } diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index ffecd53..c0f1869 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -436,6 +436,7 @@ void reply_ntcreate_and_X(struct smb_request *req) NTSTATUS status; int oplock_request; uint8_t oplock_granted = NO_OPLOCK_RETURN; + struct case_semantics_state *case_state = NULL; TALLOC_CTX *ctx = talloc_tos(); START_PROFILE(SMBntcreateX); @@ -509,6 +510,25 @@ void reply_ntcreate_and_X(struct smb_request *req) ? BATCH_OPLOCK : 0; } + /* + * Check if POSIX semantics are wanted. + */ + + if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) { + case_state = set_posix_case_semantics(ctx, conn); + if (!case_state) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + END_PROFILE(SMBntcreateX); + return; + } + /* + * Bug #6898 - clients using Windows opens should + * never be able to set this attribute into the + * VFS. + */ + file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS; + } + status = SMB_VFS_CREATE_FILE( conn, /* conn */ req, /* req */ @@ -528,6 +548,8 @@ void reply_ntcreate_and_X(struct smb_request *req) &info, /* pinfo */ &sbuf); /* psbuf */ + TALLOC_FREE(case_state); + if (!NT_STATUS_IS_OK(status)) { if (open_was_deferred(req->mid)) { /* We have re-scheduled this call, no error. */ @@ -863,6 +885,7 @@ static void call_nt_transact_create(connection_struct *conn, uint64_t allocation_size; int oplock_request; uint8_t oplock_granted; + struct case_semantics_state *case_state = NULL; TALLOC_CTX *ctx = talloc_tos(); SET_STAT_INVALID(sbuf); @@ -982,6 +1005,24 @@ static void call_nt_transact_create(connection_struct *conn, ? BATCH_OPLOCK : 0; } + /* + * Check if POSIX semantics are wanted. + */ + + if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) { + case_state = set_posix_case_semantics(ctx, conn); + if (!case_state) { + reply_nterror(req, NT_STATUS_NO_MEMORY); + return; + } + /* + * Bug #6898 - clients using Windows opens should + * never be able to set this attribute into the + * VFS. + */ + file_attributes &= ~FILE_FLAG_POSIX_SEMANTICS; + } + status = SMB_VFS_CREATE_FILE( conn, /* conn */ req, /* req */ @@ -1001,6 +1042,8 @@ static void call_nt_transact_create(connection_struct *conn, &info, /* pinfo */ &sbuf); /* psbuf */ + TALLOC_FREE(case_state); + if(!NT_STATUS_IS_OK(status)) { if (open_was_deferred(req->mid)) { /* We have re-scheduled this call, no error. */ diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 5a4248b..503ce2d 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -3344,7 +3344,6 @@ NTSTATUS create_file_default(connection_struct *conn, int *pinfo, SMB_STRUCT_STAT *psbuf) { - struct case_semantics_state *case_state = NULL; SMB_STRUCT_STAT sbuf; int info = FILE_WAS_OPENED; files_struct *fsp = NULL; @@ -3443,14 +3442,6 @@ NTSTATUS create_file_default(connection_struct *conn, } } - /* - * Check if POSIX semantics are wanted. - */ - - if (file_attributes & FILE_FLAG_POSIX_SEMANTICS) { - case_state = set_posix_case_semantics(talloc_tos(), conn); - } - if (create_file_flags & CFF_DOS_PATH) { char *converted_fname; @@ -3473,8 +3464,6 @@ NTSTATUS create_file_default(connection_struct *conn, } - TALLOC_FREE(case_state); - /* All file access must go through check_name() */ status = check_name(conn, fname); diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 8cb946e..dd6783d 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -485,6 +485,7 @@ static struct winbindd_dispatch_table { /* Miscellaneous */ { WINBINDD_CHECK_MACHACC, winbindd_check_machine_acct, "CHECK_MACHACC" }, + { WINBINDD_PING_DC, winbindd_ping_dc, "PING_DC" }, { WINBINDD_PING, winbindd_ping, "PING" }, { WINBINDD_INFO, winbindd_info, "INFO" }, { WINBINDD_INTERFACE_VERSION, winbindd_interface_version, diff --git a/source3/winbindd/winbindd_domain.c b/source3/winbindd/winbindd_domain.c index 1fc3ce7..506ff66 100644 --- a/source3/winbindd/winbindd_domain.c +++ b/source3/winbindd/winbindd_domain.c @@ -98,6 +98,10 @@ static const struct winbindd_child_dispatch_table domain_dispatch_table[] = { .struct_cmd = WINBINDD_CHECK_MACHACC, .struct_fn = winbindd_dual_check_machine_acct, },{ + .name = "PING_DC", + .struct_cmd = WINBINDD_PING_DC, + .struct_fn = winbindd_dual_ping_dc, + },{ .name = "DUAL_USERINFO", .struct_cmd = WINBINDD_DUAL_USERINFO, .struct_fn = winbindd_dual_userinfo, diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c index 737fd08..65e3f25 100644 --- a/source3/winbindd/winbindd_misc.c +++ b/source3/winbindd/winbindd_misc.c @@ -94,6 +94,56 @@ enum winbindd_result winbindd_dual_check_machine_acct(struct winbindd_domain *do return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } +void winbindd_ping_dc(struct winbindd_cli_state *state) +{ + DEBUG(3, ("[%5lu]: ping dc\n", (unsigned long)state->pid)); + + sendto_domain(state, find_our_domain()); +} + +enum winbindd_result winbindd_dual_ping_dc(struct winbindd_domain *domain, + struct winbindd_cli_state *state) +{ + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + struct winbindd_domain *contact_domain; + struct rpc_pipe_client *netlogon_pipe; + union netr_CONTROL_QUERY_INFORMATION info; + WERROR werr; + fstring logon_server; + + DEBUG(3, ("[%5lu]: ping dc\n", (unsigned long)state->pid)); + + contact_domain = find_our_domain(); + + status = cm_connect_netlogon(contact_domain, &netlogon_pipe); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("could not open handle to NETLOGON pipe\n")); + return WINBINDD_ERROR; + } + + fstr_sprintf(logon_server, "\\\\%s", domain->dcname); + + /* + * This provokes a WERR_NOT_SUPPORTED error message. This is + * documented in the wspp docs. I could not get a successful + * call to work, but the main point here is testing that the + * netlogon pipe works. + */ + status = rpccli_netr_LogonControl(netlogon_pipe, state->mem_ctx, + logon_server, NETLOGON_CONTROL_QUERY, + 2, &info, &werr); + + if (!NT_STATUS_EQUAL(status, NT_STATUS_CTL_FILE_NOT_SUPPORTED)) { + DEBUG(2, ("rpccli_netr_LogonControl returned %s, expected " + "NT_STATUS_CTL_FILE_NOT_SUPPORTED\n", + nt_errstr(status))); + return WINBINDD_ERROR; + } + + DEBUG(5, ("winbindd_dual_ping_dc succeeded\n")); + return WINBINDD_OK; +} + /* Helpers for listing user and group names */ const char *ent_type_strings[] = {"users", diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 384395f..e4f06a4 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -402,6 +402,9 @@ void winbindd_dsgetdcname(struct winbindd_cli_state *state); void winbindd_check_machine_acct(struct winbindd_cli_state *state); enum winbindd_result winbindd_dual_check_machine_acct(struct winbindd_domain *domain, struct winbindd_cli_state *state); +void winbindd_ping_dc(struct winbindd_cli_state *state); +enum winbindd_result winbindd_dual_ping_dc(struct winbindd_domain *domain, + struct winbindd_cli_state *state); void winbindd_list_ent(struct winbindd_cli_state *state, enum ent_type type); void winbindd_list_trusted_domains(struct winbindd_cli_state *state); enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *domain, -- SAMBA-CTDB repository