| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
metze
|
| |
|
|
| |
metze
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A few weeks ago, I added some code to cifs.upcall to take the pid sent
by the kernel and use that to get the value of the $KRB5CCNAME
environment var for the process. That works fine on the initial mount,
but could be problematic on reconnect.
There's no guarantee on a reconnect that the process that initiates the
upcall will have $KRB5CCNAME pointed at the correct credcache. Because
of this, the current scheme isn't going to be reliable enough and we
need to use something different.
This patch replaces that scheme with one very similar to the one used by
rpc.gssd in nfs-utils. It searches the credcache dir (currently
hardcoded to /tmp) for a valid credcache for the given uid. If it finds
one then it uses that as the credentials cache. If it finds more than
one, it uses the one with the latest TGT expiration.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
| |
|
|
|
|
| |
The version of the unitest python module in Ubuntu Jaunty doesn't seem
to support this many level of subdirectories. Moving the tests up one
level solves the problem.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When a top level method in a module returns an error, it is supposed
to call ldb_module_done(). We ran across a case where this wasn't
done, and then found that in fact that are hundreds of similar cases
in our modules. It took Andrew and I a full day to work out that this
was the cause of a subtle segv in another part of the code.
To try to prevent this happening again, this patch changes
ldb_next_request() to catch the error by checking if a module
returning an error has called ldb_module_done(). If it hasn't then the
call is made on behalf of the module.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
When we fail a ldbadd or ldbedit we should cancel the transaction to
prevent ldb giving a warning about having a open transaction in the
ldb destructor
|
| | |
|
| |
|
|
|
|
|
|
| |
When we get a double free abort from talloc it is often hard to work
out where the first free came from. This patch takes advantage of the
fact that _talloc_free() now takes a location the free was called from
to allow the double free abort code to print the location of the first
free that conflicts.
|
| |
|
|
|
|
| |
Kai, please check.
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
oplocks.
This one is subtle. There is a race condition where a signal can be
queued for oplock break, and then the file can be closed by the client
before the signal can be processed. Currently if this occurs we panic
(we can't match an incoming signal fd with a fsp pointer). Simply log
the error (at debug level 10 right now, might be too much) and then
return without processing the break request. It looks like there is
another race condition with this fix, but here's why it won't happen.
If the signal was pending (caused by a kernel oplock break from a
local file open), and the client closed the file and then re-opened
another file which happened to use the same file descriptor as the
file just closed, then theoretically the oplock break requests could
be processed on the wrong fd. Here's why this should be very rare..
Processing a pending signal always take precedence over an incoming
network request, so as long as the client close request is non-chained
then the break signal should always be harmlessly processed *before*
the open can be called. If the open is chained onto the close, and
the fd on the new open is the same as the old closed fd, then it's
possible this race will occur. However, all that will happen is that
we'll lose the oplock on this file. A shame, but not a fatal event.
Jeremy.
|
| |
|
|
|
|
| |
SA_INFO_QUEUE_COUNT *MUST* be a power of 2, in order for the ring buffer
wrap to work correctly at the 32 bit boundary. Thanks to Petr
Vandrovec <petr@vandrovec.name> for this.
|
| |
|
|
|
|
|
| |
So far it returns the ctr6 responce without proper linked attributes
support and metadata. A couple of improvements are the filter in the search
uses '(uSNChanged>=N)', added extended dn search support, non-replicated attributes
are excluded from the result.
|
| |
|
|
|
|
| |
This replace the dsdb_syntax_FOOBAR_ldb_to_drsuapi function,
which was left as a TODO code. Implementation in both added functions
is completely identical and probably should differ in the future.
|
| |
|
|
|
| |
libcli/smb/smb_common_proto.h
source4/torture/ntp/proto.h
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This one copes with deleted objects where linked attributes have been
set on the module. We hit this when we do the ldb wipe at the start of
a provision, which trigers linked attribute updates, but for objects
that have disappeared. We need to ensure that the linked attribute
updates only happen on the right object, and if the object gets
re-created (as happens with a provision) then it is not the right
object.
To cope with this we record the GUID of the object when the operation
that triggered the linked attribute update comes in, and then find the
DN by suing that GUID when we apply the change in the prepare commit
hook.
|
| |
|
|
| |
This allows for safe transaction end aborts
|
| |
|
|
|
| |
Now that ldb is calling prepare commit separately, the job of the
partition module on transaction end is much simpler (and more robust!)
|
| |
|
|
|
|
|
|
|
| |
We now show the total number of objects we have processed, which gives
the user a better idea of how much has been done. A vampire on a large
domain can take an hour or more (which needs to be fixed btw, it is a
problem with the lack of scalability of the ltdb index code). Watching
the same msg for an hour makes you wonder if any progress is being
made!
|
| |
|
|
|
|
|
|
|
|
| |
The reason we need this is to make multi-tdb transactions safe, with
the partition module. The linked_attributes and repl_meta_data modules
now do extra processing when the transaction ends, and that processing
can fail. When it fails we need to cancel the transaction, which we
can only do if the hook is on the prepare commit instead of the end
transaction call. Otherwise the partition module cannot ensure that no
commit has been done on another partition.
|
| |
|
|
| |
This will be used by the linked_attribute module
|
| | |
|
| |
|
|
|
|
|
|
| |
When running at functional level 2 or above, the repl_meta_data module
can receive linked attribute structures from the repl replication
task. These attributes can come through DRS before the associated
objects have been created. To cope with this, we need to process
linked attributes in the end_transaction hook.
|
| |
|
|
|
|
|
|
| |
We need to call down to the next transaction function when we finish
in linked_attributes.
This also changes linked_attributes to use the common
dsdb_find_dn_by_guid() function
|
| |
|
|
| |
This exposes the linked_attributes to the repl_meta_data module
|
| | |
|
| |
|
|
|
|
| |
This came from the linked_attributes module, but now the
repl_meta_data module needs the same functionality, so move it to a
common routine.
|
| |
|
|
|
| |
This uses a hackish #if just for samba4. The proper fix is much more
complex.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Before the async libsmb rewrites, we sent tid==0 on negprot. With the rewrite,
we send 0xffff. This *should* not matter, but this is one difference in the
sniffs I see.
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Signed-off-by: Günther Deschner <gd@samba.org>
|
| |
|
|
|
|
| |
Note that this only is tried with editposix=yes.
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
|
| |
I always found it hard to remember some of the options. We might as
well use popt to give us the full list
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
| |
items are added to the linked attribute list using DLIST_ADD(), which
means to commit them to the database in the same order they came from
the server we need to walk the list backwards when we traverse it
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
linked attribute changes can come in any order. This means it is
possible for a forward link to come over the wire in DRS before the
target even exists. To make this work this patch changed the linked
attributes module to gather up all the changes it needs to make in a
linked list, then execute the changes in the end_transaction hook for
the module.
During that commit phase we also fix up all the DNs that we got by
searching for their GUID, as the objects may have moved after the
linked attribute was sent, but before the end of the transaction
|
| |
|
|
|
| |
The repl_meta_data module needs to be above the linked_attributes
module, to allow linked_attributes to do its magic
|
| |
|
|
|
| |
We want to grab the whole database, or none of it.
This is also needed to get linked attributes right
|
| | |
|
