Age | Commit message (Collapse) | Author | Files | Lines |
|
This program allows the administrator to enable or disable AES
encryption when using vfs_smb_traffic_analyzer. It also generates new
keys, stores them to a file, so that the file can be reused on another
client or server.
|
|
When a samba server process dies hard, it has no chance to clean up its entries
in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb.
For locking.tdb and brlock.tdb Samba is robust by checking every time we read
an entry from the database if the corresponding process still exists. If it
does not exist anymore, the entry is deleted. This is not 100% failsafe though:
On systems with a limited PID space there is a non-zero chance that between the
smbd's death and the fresh access, the PID is recycled by another long-running
process. This renders all files that had been locked by the killed smbd
potentially unusable until the new process also dies.
This patch is supposed to fix the problem the following way: Every process ID
in every database is augmented by a random 64-bit number that is stored in a
serverid.tdb. Whenever we need to check if a process still exists we know its
PID and the 64-bit number. We look up the PID in serverid.tdb and compare the
64-bit number. If it's the same, the process still is a valid smbd holding the
lock. If it is different, a new smbd has taken over.
I believe this is safe against an smbd that has died hard and the PID has been
taken over by a non-samba process. This process would not have registered
itself with a fresh 64-bit number in serverid.tdb, so the old one still exists
in serverid.tdb. We protect against this case by the parent smbd taking care of
deregistering PIDs from serverid.tdb and the fact that serverid.tdb is
CLEAR_IF_FIRST.
CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not
work when all smbds are restarted. For this, "net serverid wipe" has to be run
before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up
sessionid.tdb and connections.tdb.
While there, this also cleans up overloading connections.tdb with all the
process entries just for messaging_send_all().
Volker
|
|
|
|
Now that cifs-utils are their own project, we need to go ahead and pull
them out of the samba tree. This patch represents the first step toward
that end.
Remove the cifs-utilities from the source3 and source4 builds. Please
pay particular attention to the source4 piece. I'm not at all familiar
with the build system there, and would appreciate someone sanity
checking my changes.
It also adds a small README.cifs-utils file in the topdir. This is
optional, but I think it's a good idea to carry this for a release or
two.
Once this patch looks ok, I'll plan to do another patch to actually
remove the client dir and the relevant docs-xml files from the tree
altogether.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
Group mapping needs to be cluster aware, and this means using the tdb backend.
Remove ldb group mapping as this is not cluster aware.
|
|
|
|
Make calling schannel much easier by removing the need to explicitly open the
database. Let the abstraction do it instead.
|
|
|
|
|
|
This is the basis to implement global locks in ctdb without depending on a
shared file system. The initial goal is to make ctdb persistent transactions
deterministic without too many timeouts.
|
|
require it
|
|
|
|
|
|
This requires to call configure with --enable-static which isn't the case
by default.
|
|
|
|
I hope this fixes the build on Tru64, IRIX and maybe bug #6983
|
|
Uses the winbind ccache to do authentication if asked to do so
|
|
|
|
|
|
|
|
|
|
(but not built in Samba4 for now)
|
|
This just does a NULL RPC call through an existing NETLOGON connection. If
someone knows an operation that "just works" and does not return NOT_SUPPORTED,
please tell me :-)
|
|
|
|
Michael
|
|
Michael
|
|
Michael
|
|
|
|
The size went down from 6.4M to 104K on my box.
Guenther
|
|
This can be used to also test tdb transactions on clustered installations
throught ctdb. The test is modeled after the ctdb_transaction.c test program
from the ctdb source code. It runs transactions in a tight loop on a test
database called "transactions.tdb" (by default), increasing a counter in each
iteration. In a clustered environment, a counter is maintained for each node.
Michael
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Andrew Bartlett
|
|
|
|
This problem became visible after adding the picky -z defs linker option: On
Solaris libreplace had unresolved symbols, which showed up in the libtalloc
build. PAM_WINBIND_EXTRA_LIBS and WINBIND_NSS_EXTRA_LIBS had been workarounds
to make things work at two placeѕ. These variables have been obsoleted now.
This patch introduces LIBREPLACE_LIBS which contans the linker flags needed for
linking anything using libreplace.
|
|
a tdb.
Guenther
|
|
Guenther
|
|
blobs. Next I'll change the create timestamp and dos attribute
code to use this.
|
|
Add libc as explicit dependency where we use "-z defs" linker flags. This is
to silence the Sun linker. Otherwise it whines:
malloc ... (symbol belongs to implicit dependency /lib/libc.so.1)
|
|
Guenther
|
|
Jeremy.
|
|
|
|
except for the Samba internal plugins unresolved symbol references should not
show up in shared libraries. For historical reasons it's the default behaviour
of linkers to ignore those in shared libs. We use -z defs (alias
--no-undefined) to not ignore them in shared libs.
|
|
internal libs have unresolved symbols intentionally.
Thanks to Buchan Milne for suggestion and patch. This addresses #6792.
|
|
Guenther
|
|
When parsing a SPNEGO session setup retry (falling back from KRB5 to NTLMSSP),
we failed to parse the ASN1_ENUMERATED negResult in the negTokenTarg, thus
failing spnego_parse_auth() completely.
By just using the shared spnego/asn1 code, we get the parsing the correct way.
Guenther
|