aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* s3:secrets: clean up sid before storingHEADmasterPhilipp Gesang2018-10-191-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | SIDs may contain non-zero memory beyond SubAuthorityCount: { key(15) = "SECRETS/SID/FOO" data(68) = "\01\04\00\00\00\00\00\05\15\00\00\00}u@\8C\08\A3\06nx\95\16\FE\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00`F\92\B7\03\00\00\00\18e\92\B7\03\00\00\00@H\92\B7\00\00\00\00" } These parts are lost when converting to ``string format syntax`` so a roundtrip conversion does not result in the same binary representation. Ensure that these never reach the tdb by using an initialized copy. This allows bitwise comparisons of secrets.tdb after dumping SIDs as text and reading them back. Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Oct 19 13:59:04 CEST 2018 on sn-devel-144
* dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file pathGary Lockyer2018-10-192-14/+6
| | | | | | | | | | | | | | | | | | | Correctly handle "ldb://" and "mdb://" schemes in the file path when determining the path for the encrypted secrets key file. When creating a new user and specifying the local file path of the sam.ldb DB, it was possible to create an account that you could not login with. The path for the key file was incorrectly calculated for the "ldb://" and "mdb://" schemes, the scheme was not stripped from the path and the subsequent open of the key file failed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13653 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Oct 19 09:34:46 CEST 2018 on sn-devel-144
* dsdb encrypted_secrets tests: Allow "ldb://" in file pathGary Lockyer2018-10-196-4/+266
| | | | | | | | | | | | | When creating a new user and specifying the local file path of the sam.ldb DB, it's possible to create an account that you can't actually login with. This commit contains tests to verify the bug. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13653 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python tests Blackbox: add random_passwordGary Lockyer2018-10-194-27/+19
| | | | | | | | | Add the random_password method to the BlackboxTestCase class and remove duplicated copies from other test cases. Also use SystemRandom so that the generated passwords are more cryptographically sound. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* ldb_ldif: avoid strlen(NULL)Douglas Bagnall2018-10-191-1/+2
| | | | | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Martin Schwenke <martin@meltin.net> Autobuild-User(master): Martin Schwenke <martins@samba.org> Autobuild-Date(master): Fri Oct 19 03:43:58 CEST 2018 on sn-devel-144
* ldb_ldif: be less horribly efficient in debuggingDouglas Bagnall2018-10-181-3/+3
| | | | | | | | | | perf said all the time was in strlen. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Thu Oct 18 13:17:30 CEST 2018 on sn-devel-144
* py3_tests/kcc : test_verify can hit KCCError as well as GraphErrorDouglas Bagnall2018-10-181-19/+10
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* py3/tests/kcc: turn error into failure for flapping.d/kccDouglas Bagnall2018-10-182-2/+5
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: add tests for samba-tool drs uptodatenessJoe Guo2018-10-181-5/+138
| | | | | | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658 Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Oct 18 10:02:19 CEST 2018 on sn-devel-144
* netcmd/drs: add cmd_drs_uptodateness with json supportJoe Guo2018-10-181-0/+93
| | | | | | | | | Add cmd to print uptodateness summary with json support. Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658
* uptodateness: add get_utdv_summary functionJoe Guo2018-10-181-0/+38
| | | | | | | | | Get utdv summary from distances matrix and support attr filters. Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658
* uptodateness: migrate get_kcc_and_dsas as a functionJoe Guo2018-10-182-16/+19
| | | | | | | | | We need to reuse it in drs cmd. Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658
* uptodateness: extract get_utdv_max_distanceJoe Guo2018-10-182-5/+13
| | | | | | | | | To avoid returning 2 values from get_utdv_distances. Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658
* uptodateness: extract function get_utdv_distancesJoe Guo2018-10-182-22/+28
| | | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658
* uptodateness: extract function get_utdv_edgesJoe Guo2018-10-182-22/+32
| | | | | | | | | Extract function to reuse later. Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658
* netcmd/visualize: rm unused code lineJoe Guo2018-10-181-2/+0
| | | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658
* uptodateness: migrate more methods from visualizeJoe Guo2018-10-182-33/+41
| | | | | | | | | | Move methods from cmd_uptodateness to new module. Will reuse in drs cmd later. Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658
* uptodateness: add new module and migrate functions from visualizeJoe Guo2018-10-182-30/+54
| | | | | | | | | | Both visualize and drs cmd will have uptodateness functions. Create a new module to reuse code. Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13658
* join: Sanity-check LDB connection before failed join cleanupTim Beale2018-10-181-0/+4
| | | | | | | | | | | | | | | | | | | Joining a large DB can take so long that the LDAP connection times out. The previous patch fixed the 'happy case' where the join succeeds. However, if the commit or replication fails (throwing an exception), then the cleanup code can also fail when it tries to delete objects from the remote DC. This then gives you an error pointing to cleanup_old_accounts() rather than what actually went wrong. This patch adds a sanity-check that if the join fails, that the LDB connection to the remote DC is still alive, before we start deleting objects. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13612 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* join: Avoid searching for more than strictly required during sanity checkAndrew Bartlett2018-10-181-3/+3
| | | | | | | | | We check for the default base DN as this does require authentication, but we do not need to search for more than just that (so use SCOPE_BASE) and we need no attributes, so ask for none Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* join: LDAP connection to remote DC can timeout in large joinTim Beale2018-10-181-0/+21
| | | | | | | | | | | | | | | When joining a very large domain (e.g. 100K users), the replication can take so long that the LDAP connection to the remote DC times out. This patch avoids the problem by adding in a sanity-check after the replication finishes that the LDB connection is still alive. If not, then we reconnect. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13612 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* gencache: Remove a redundant checkVolker Lendecke2018-10-171-3/+0
| | | | | | | | | | tdb_storev itself is robust against overflow due to multiple buffers Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Oct 17 22:22:51 CEST 2018 on sn-devel-144
* gencache: Remove a redundant checkVolker Lendecke2018-10-171-3/+0
| | | | | | | gencache_pull_timeout checks for NULL ptr already Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* gencache: Make gencache_pull_timeout return a payload DATA_BLOBVolker Lendecke2018-10-171-12/+10
| | | | | | | Both relevant callers created one anyway. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* gencache: Make gencache_pull_timeout a bit more robustVolker Lendecke2018-10-171-7/+12
| | | | | | | | | The previous version assumed a well-formed "val", we just handed it to strtol without properly checking that it contains the delimiter. So strtol could well run off the end of "val" in case of data corruption. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* gencache: Call string_term_tdb_data() only onceVolker Lendecke2018-10-171-4/+6
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* gencache: Swap tests: Do cheapest firstVolker Lendecke2018-10-171-4/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* gencache: Avoid counting characters manuallyVolker Lendecke2018-10-171-4/+6
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* auth3: Avoid an explicit ZERO_STRUCTVolker Lendecke2018-10-171-3/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* netsamlogon_cache: Improve a DBG messageVolker Lendecke2018-10-171-1/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* netsamlogon_cache: Add some error checksVolker Lendecke2018-10-171-0/+6
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* netsamlogon_cache: Use "goto fail", save some linesVolker Lendecke2018-10-171-9/+5
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* netsamlogon_cache: Fix talloc_stackframe error return leaksVolker Lendecke2018-10-171-0/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* drs_util: Improve memory usage when joining large DBTim Beale2018-10-171-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | drs_Replicate.replicate() could consume a large amount of memory when replicating a large DB. This is not a leak - the memory gets freed when the function returns (i.e. once the partition is fully replicated). However, while the partition is in the process of being replicated, it accumulates memory for each replication chunk it receives. This can have considerable overhead with 1000s of objects/links in the partition. This was exhausting memory when joining a VM with 1Gb RAM to a DC with 25K users (average ~15 group memberships per user). It seems that by storing a reference to something that's on the ctr's talloc tree, it doesn't free up the memory for each ctr message (until the function actually returns and req is destroyed). With 10K users (and average 15 group memberships per user), .replicate() consumed 211Mb of memory, according to talloc.report_full(). With this patch, it goes down to just the current ctr message (1-2Mb). Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Oct 17 08:56:42 CEST 2018 on sn-devel-144
* libnet/drs: Update replication debug to report link progressTim Beale2018-10-171-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the replication debug (for joins/backups) so that it's easier to see how far through syncing the links we are. E.g. with 150,000 links, you just get screeds of debug like this, with no real idea how far through the replication is. Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720] linked_values[1500/150024] Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720] linked_values[1500/150024] Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720] linked_values[1500/150024] This patch now applies to links the same debug logic we use for objects, and changes it to look like: Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720] linked_values[57024/150024] Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720] linked_values[58524/150024] Partition[DC=addom,DC=samba,DC=example,DC=com] objects[11816/11720] linked_values[60024/150024] Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns: dlz_bind9 reference count loggingAaron Haslett2018-10-171-1/+12
| | | | | | | | | | | | | dlz_bind9 has to count the number of times the plugin is 'created' by bind's plugin manager so it doesn't repeat setup. Logging doesn't reflect this reference counting logic properly and so messages like "samba_dlz: shutdown" can, confusingly, come up when the database connection has not actually been severed. This patch adds the necessary logging. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13655 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib: Move the "expired" for gencache_parse calculation into gencache.cVolker Lendecke2018-10-167-26/+60
| | | | | | | | | | Make it more robust Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Oct 16 21:20:19 CEST 2018 on sn-devel-144
* namemap_cache: Absorb the expired calculation into namemap_cache.cVolker Lendecke2018-10-164-27/+56
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* winbindd_cache: Fix timeout calculation for sid<->name cacheVolker Lendecke2018-10-161-2/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:lib:popt: Use memset_s() to burn password stringAndreas Schneider2018-10-161-1/+1
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Oct 16 11:38:40 CEST 2018 on sn-devel-144
* replace: Add memset_s() if not availableAndreas Schneider2018-10-163-0/+56
| | | | | | | See https://en.cppreference.com/w/c/string/byte/memset Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* samba-tool drs showrepl: do not crash if no dnsHostName foundDouglas Bagnall2018-10-121-2/+2
| | | | | | | | | | | This should not happen, but it does sometimes in an autobuild environment. Rather than reporting this by crashing, we report it by showing there is no DNS name. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Fri Oct 12 15:27:07 CEST 2018 on sn-devel-144
* dsdb: Add dsdb_request_has_control() helper functionTim Beale2018-10-122-2/+9
| | | | | | | | | | | | | | Most of the DSDB modules only want to check the existence of a control, rather than access the control itself. Adding a helper function allows the code to ask more natural-sounding yes/no questions, and tidies up an ugly-looking long-line in extended_dn_out.c. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Fri Oct 12 07:23:26 CEST 2018 on sn-devel-144
* netcmd: Change Py3 incompatible long() for tombstone expungeTim Beale2018-10-121-2/+2
| | | | | | | | | | | | | | The code to expunge tombstones uses long(), which is not Python3 compatible. Python3 uses int() instead, and works out how big it needs to be. As long as we don't run the samba-tool command on a 32-bit machine after the year 2038, then we should avoid any integer overflow on Python 2.x. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* dsdb: Remove redundant variable/checkTim Beale2018-10-121-6/+4
| | | | | | | | | | | | Previously, this code used to live inside the loop, so the checked_reveal_control was needed to save ourselves unnecessary work. However, now that the code has been moved outside the loop, the checked_reveal_control variable is just unnecessary complication. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* dsdb: Ensure that a DN (now) pointing at a deleted object counts for ↵Andrew Bartlett2018-10-122-5/+11
| | | | | | | | | | | | | | | | | | | | | | | | objectclass-based MUST Add the 'reveal_internals' controls when performing objectclass-based checks of mandatory attributes. This prevents the extended_dn DSDB module from suppressing attributes that point to deleted (i.e. non-existent/expunged) objects. This ensures that, when modifying an object (and often not even touching the mandatory attribute) that the fact that an attribute is a DN, and the DN target is deleted, that the schema check will still pass. Otherwise a fromServer pointing at a dead server can cause failures, i.e. you can't modify the affected object at all, because the DSDB thinks a mandatory attribute is missing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13621 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* tests: Add corner-case test: fromServer points to dead serverTim Beale2018-10-123-0/+160
| | | | | | | | | | | | | | | | | | | The fromServer attribute is slightly unique, in that it's a DN (similar to a one-way link), but it is also a mandatory attribute. Currently, if fromServer gets a bad value (i.e. a dead server that has been expunged), the DSDB rejects any attempts to modify the associated nTDSConnection object (regardless of whether or not you're actually changing the fromServer attribute). This patch adds a test-case that demonstrates how the DB can get into such a state. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13621 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* s4/script/samba_upgradeprovision: set global dnNotToRecalculateFound varDouglas Bagnall2018-10-121-1/+2
| | | | | | | | as probably intended. Without this the local variable shadows the global one and is never used while the global one is never changed. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <noel.power@suse.com>
* s4/script/samba_upgradeprovision: remove unused variableDouglas Bagnall2018-10-121-1/+0
| | | | | | | A similarly named variable is always set two lines down, so we don't need this Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <noel.power@suse.com>
* s4/script/samba_upgradeprovision: remove duplicate (contradictory) dict keyDouglas Bagnall2018-10-121-1/+0
| | | | | | | The second, winning, entry says '"defaultSecurityDescriptor": replace + add' Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <noel.power@suse.com>