ctdb:common: Do not print NULL if we don't get a sockpath

sock_socket_start_recv() might not fill sockpath if we return early.

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:torture: Do not free full_name before we printed it

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib:torture: Fix string comparison macros where we directly pass NULL

See e.g. lib/util/tests/strlist.c +177

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:torture: Do not print NULL strings we just checked before

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:ntvfs: Do not free eadb before we printed an error

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:rpc_server: Do not free the tdbname before we printed it

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:auth: Fix debug statement in gensec_gssapi

The 'role' is set to null, we should first set it to the correct value
before printing anything.

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

CID 1363286: Resource leak by failing to free tmp_ctx

There are a few oddities in this function, including a duplicated NULL
check, a talloc_free of a context which is passed in and a number of
missing frees before a return.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed May  8 00:36:14 UTC 2019 on sn-devel-184

CID 1363287: Resource leak using str_list_append

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

wafsamba: Enable warnings about zero-length formats

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May  7 18:45:06 UTC 2019 on sn-devel-184

wafsamba: Enable warnings about format overflows

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

ctdb: Fix format in db_hash_test

error: ‘%04d’ directive writing between 4 and 11 bytes into a region of
size 5 [-Werror=format-overflow=]
   sprintf(key, "key%04d", i);

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

ctdb-tests: Don't clean up test var directory in autotest target

If the directory is always cleaned up then it is not possible to look
at daemon logs to debug test failures.

This target is only really used by autobuild.py, which (optionally)
cleans up the parent directory anyway.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue May  7 06:56:01 UTC 2019 on sn-devel-184

ctdb-tests: Fix usage message

Since commit 0e9ead8f28fced3ebfa888786a1dc5bb59e734a3 daemons have
been shut down after each test, so this option no longer has anything
to do with killing daemons.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tests: Wait to allow database attach/detach to take effect

Sometimes the detach test fails:

  Check detaching single test database detach_test1.tdb
  BAD: database detach_test1.tdb is still attached
  Number of databases:4
  dbid:0x5ae995ee name:detach_test4.tdb path:tests/var/simple/node.0/db/volatile/detach_test4.tdb.0
  dbid:0xd84cc13c name:detach_test3.tdb path:tests/var/simple/node.0/db/volatile/detach_test3.tdb.0
  dbid:0x8e8e8cef name:detach_test2.tdb path:tests/var/simple/node.0/db/volatile/detach_test2.tdb.0
  dbid:0xc62491f4 name:detach_test1.tdb path:tests/var/simple/node.0/db/volatile/detach_test1.tdb.0
  Number of databases:3
  dbid:0x5ae995ee name:detach_test4.tdb path:tests/var/simple/node.1/db/volatile/detach_test4.tdb.1
  dbid:0xd84cc13c name:detach_test3.tdb path:tests/var/simple/node.1/db/volatile/detach_test3.tdb.1
  dbid:0x8e8e8cef name:detach_test2.tdb path:tests/var/simple/node.1/db/volatile/detach_test2.tdb.1
  Number of databases:4
  dbid:0x5ae995ee name:detach_test4.tdb path:tests/var/simple/node.2/db/volatile/detach_test4.tdb.2
  dbid:0xd84cc13c name:detach_test3.tdb path:tests/var/simple/node.2/db/volatile/detach_test3.tdb.2
  dbid:0x8e8e8cef name:detach_test2.tdb path:tests/var/simple/node.2/db/volatile/detach_test2.tdb.2
  dbid:0xc62491f4 name:detach_test1.tdb path:tests/var/simple/node.2/db/volatile/detach_test1.tdb.2
  *** TEST COMPLETED (RC=1) AT 2019-04-27 03:35:40, CLEANING UP...

When issued from a client, the detach control re-broadcasts itself
asynchronously to all nodes and then returns success.  The controls to
some nodes to do the actual detach may still be in flight when success
is returned to the client.  Therefore, the test should wait for a few
seconds to allow the asynchronous controls to complete.

The same is true for the attach control, so workaround the problem in
the attach test too.

An alternative is to make the attach and detach controls synchronous
by avoiding the broadcast and waiting for the results of the
individual controls sent to the nodes.  However, a simple
implementation would involve adding new nested event loops.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tests: Avoid bulk output in $out, prefer $outfile

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tests: Make try_command_on_node less error-prone

This sometimes fails, apparently due to a cat process in onnode
getting EAGAIN.  The conclusion is that tests that process large
amounts of output should not depend on a sub-shell delivering that
output into a shell variable.

Change try_command_on_node() to leave all of the output in file
$outfile and just put the first 1KB into $out.  $outfile is removed
after each test completes.

Change the implementation of sanity_check_output() to use $outfile
instead of $out.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tests: Change sanity_check_output() to internally use $out

All callers are currently passed $out.  Global variable $out is used
in many other places so use it here to simplify the interface and make
future changes simpler.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-scripts: Drop script configuration variable CTDB_MONITOR_SWAP_USAGE

CTDB's system memory monitoring in 05.system.script monitors both main
memory and swap.  The swap monitoring was originally based on
the (possibly incorrect, see below) idea that swap space stacks on top
of main memory, so that when a system starts filling swap space then
this is supposed to be a good sign that the system is running out of
memory.  Additionally, performance on a Linux system tends to be
destroyed by the I/O associated with a lot of swapping to spinning
disks.

However, some platforms default to creating only 4GB of swap space
even when there is 128GB of main memory.  With such a small swap to
main memory ratio, memory pressure can force swap to be nearly full
even when a significant amount of main memory is still available and
the system is performing well.  This suggests that checking swap
utilisation might be less than useful in many circumstances.

So, remove the separate swap space checking and change the memory
check to cover the total of main memory and swap space.

Test function set_mem_usage() still takes an argument for each of main
memory and swap space utilisation.  For simplicity, the same number is
now passed twice to make the intended results comprehensible.  This
could be changed later.

A couple of tests are cleaned up to no longer use hard-coded
/proc/meminfo and ps output.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tests: Extend test to cover ctdb rddumpmemory

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13923

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tools: Fix ctdb dumpmemory to avoid printing trailing NUL

Fix ctdb rddumpmemory too.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13923

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-daemon: Log when ctdbd CPU utilisation exceeds a threshold

This is to help us notice when ctdbd is using the full capacity of a
CPU, so is saturated.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-build: Add check for getrusage()

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

s4 dns_server Bind9: Log opertion durations

Add duration debug logging to the samba bind9 dlz driver and the
dnsserver_common routines.  This should aid future diagnosis of
performance issues, and could be used to monitor DNS performance.

The logs are currently Human readable text only, i.e. no JSON formatted
output.

Log lines are of the form:

<function>: DNS timing: result: [<result>] \
duration: (<duration>) zone: [<zone>] name: [<name>] \
data: [<data>]

e.g.

dns_common_wildcard_lookup: DNS timing: result: [WERR_OK] \
duration: (111) zone: [] \
name: [DC=_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones,\
DC=chgdcpassword.samba.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,\
DC=chgdcpassword,DC=samba,DC=example,DC=com] data: []

Enabled by setting log level to "dns:10"

durations are in microseconds.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May  7 05:03:26 UTC 2019 on sn-devel-184

lib:crypto: Remove unused SHA512

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:smbd: Use GnuTLS SHA512 in smb2 session setup

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:smbd: Use GnuTLS SHA512 in smb2 server

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:smb: Use GnuTLS SHA512 in smbXcli_base

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

gitlab-ci: Enable building on CentOS7

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May  7 01:45:37 UTC 2019 on sn-devel-184

bootstrap: Install correct python modules on CentOS7

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

bootstrap: Move to python 3.6 on CentOS

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

bootstrap: Make sure that the python3 interpreter is installed

We need it for waf ;-)

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

bootstrap: Fix yum commands

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

waf: Also check for gnutls_privkey_export_x509()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

nsswitch pam_winbind: Fix Asan use after free

Fix use after free condition detected by Address Sanitizer triggered by
wbcLogonUserInfoDestructor, wbcFreeMemory has code to detect and prevent a
double free.  This patch prevents the Address Sanitizer error, allowing
tests to be run with Address Sanitizer enabled.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13927

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon May  6 08:55:22 UTC 2019 on sn-devel-184

selftest: Utils.cmd_output returns byte string

Convert the returned byte string into a string.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4 heimdal_build: disable leak checks for asn1 compiler

Disable Address Sanitizer leak checking for the heimdal asn1 compiler, this
allows a samba build with Address Sanitizer enabled.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4/scripting/bin Remove unecessary scripts

Apparently we get official schema from MS these days

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libnet: Remove unused source4/libnet/libnet_sam{dump,sync}:

The last caller was removed in samba-tool: Remove C version of samba-tool
(e2af38415163f248e3dbd5a2abc156761e74b87c) by Amitay Isaacs in 2011

This was a tool to dump a genine NT4 DC (never Samba) into smbpasswd file.

It did work against Windows AD, but DRS replication is much
more comprehensive.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon May  6 07:11:51 UTC 2019 on sn-devel-184

libnet: Remove unused source4/libnet/libnet_samsync_ldb.c

The last caller was removed in samba-tool: Remove C version of samba-tool
(e2af38415163f248e3dbd5a2abc156761e74b87c) by Amitay Isaacs in 2011

This was a prototype tool to sync a genine NT4 DC (never Samba) into ldb.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

torture: Remove unused dsdb_attribute_ldb_to_drsuapi()

The last caller was removed in s4-drs: GetNCChanges() to return correct (in AD-way) ATTIDs
(6a51afcfdbcbce7813fb59c0655e4178268ca70e) by Kamen Mazdrashki in 2010

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

torture: Remove unused torture_join_server_dn_str()

The last caller was removed in 2010 by
s4:torture Rework NET-API-BECOMEDC test to use libnet_vampire callbacks.
in ecf782da87b67b8d977aa1bbfce21f1b6ed8288a

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

torture: Remove unused torture_ldap_connection2()

The last caller was removed by 'r7626: a new ldap client library'
in 2005 with bab977dad76e9204278c7afe0bb905cda064f488.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

lib/tls: Remove unused source4/lib/tls/tls.c (tls socket wrapper)

The last caller was removed in 72c79e30f07bcc98610cca878f5de50e7db239a0
to remove the web server as all other callers use tls_tstream.

Found by callcatcher.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

s4-winbindd: Removed unused wb_utils.c

Garming noticed this was untested code in the lcov report, and it turns out to be unused.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

build: Remove ndr_PyLong_FromUnsignedLongLong wrapper from NT_STATUS and W_ERROR table generator

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

pidl: Call PyLong_FromUnsignedLongLong directly rather than via inline helper

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

pidl: Call PyLong_FromLongLong() directly rather than via inline helper

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

pidl: Always call PyLong_FromUnsignedLongLong() in ndr_PyLong_FromUnsignedLongLong()

The C type is "unsigned long long" so use that always, as the Python type is now always the same.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

pidl: Always call PyLong_FromLongLong() in ndr_PyLong_FromLongLong()

The C type is "long long" so use that always, as the Python type is now always the same.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

pidl: No longer use Python3 compat define: PyInt_FromLong -> PyLong_FromLong

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

talloc: Follow pattern of ldb and tdb to ensure "make test" depends on a build

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

replace: Fix "make test" to actually test libreplace

Found by Joe Guo during preperation for automated code coverage output.

In order to allow the Makefile wrapper to work we need to rename the
test directory to tests.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

build: Remove build of replacetort

This is built close to the code it tests in lib/replace/wscript_build as
replace_testsuite.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

selftest: correcting empty attribute usage in requests

Many parts of Samba use an empty attribute list in requests expecting
all attributes to be returned in the response, which is incorrect.  This
patch corrects the instances found by current CI tests.  Static analysis
and debugging will need to be done before changing ildap to the correct
semantics.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon May  6 05:45:55 UTC 2019 on sn-devel-184

ldap: test for empty attributes list

Test for LDAP request with an empty attribute list.  LDB responds with
no attributes, but LDAP responds with all attributes.  Fix is attached
to the bug below but we can't push it upstream until we've found all
instances of incorrect empty attribute list usage in Samba.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13852

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib util debug: Increase format buffer to 4KiB

Increase the debug line buffer to 4KiB, the existing size of 1KiB is too
small for dsdbChange JSON audit messages.  These messages were then
split across multipe lines causing issues in log ingestion tools
expecting single line messages.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13902

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon May  6 01:18:22 UTC 2019 on sn-devel-184

.gitlab-ci.yml: add docker tag back for private jobs

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun May  5 23:22:54 UTC 2019 on sn-devel-184

.gitlab-ci.yml: rm abs path in artifacts

According to doc: https://docs.gitlab.com/ee/user/project/pipelines/job_artifacts.html#defining-artifacts-in-gitlab-ciyml
all paths in artifacts must be relative to the cloned repo, so this line
actually never worked.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

bootstrap: add lcov to generate code coverage report

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: Use "ISDOT" in reply_setatr

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May  3 23:45:55 UTC 2019 on sn-devel-184

libcli: Align integer types

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli: Remove an unnecessary #include

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Use a struct initializer

With -O3 this saves 32 bytes of .text

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Make "check_access()" static to trans2.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Use smbd_check_access_rights in reply_setatr()

That was the only caller of check_access outside of trans2.c, and it
passed an explicit NULL for fsp. Use the lower-level call, so we can
make check_access() static to trans2.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3: modules: ceph: use current working directory instead of share path

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13918

Signed-off-by: Robert Sander <r.sander@heinlein-support.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May  2 19:34:11 UTC 2019 on sn-devel-184

smbd: implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling

Windows 10 (1803 and higher) support and use
SMB_FILE_NORMALIZED_NAME_INFORMATION calls over the network. As a
fallback (in case the server don't support it) the client traverses all
path components, which is very expensive.

Implementing SMB_FILE_NORMALIZED_NAME_INFORMATION is very cheap for us
as the open already went through unix_convert() and we have the
information the client is asking for.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May  1 18:33:00 UTC 2019 on sn-devel-184

s4:torture/smb2: add smb2.getinfo.normalized test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:libcli/raw: add RAW_FILEINFO_NORMALIZED_NAME_INFORMATION support

This is supported over the wire in SMB 3.1.1 on starting with
Windows 10 1803.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: allow case insensitive opens of named streams

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:torture/smb2: add smb2.stream.names3 test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

script/attr_count_read: load and correlate all data

This changes script/attr_count_read to take the samba private directory
as an argument and load all the databases at once, printing them as
one big table. It isn't extremely clear what it all means, but it
*tries* to tell you.

With --plot, it will attempt to load matplotlib and plot the number of
requested attributes against the number returned, with colour
of each point indicating its relative frequency. It is a scatterplot
that wants to be a heatmap.

With --no-casefold, you can get an extra confusing table where,
for instance, something repeatedly asks for "attributeId" which is not
accounted for, while in a completely different row an unrequested
"attributeID" is found many times over.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May  1 06:46:36 UTC 2019 on sn-devel-184

dsdb/modules: a module to count attribute searches and results

The dsdb module stack can turn a simple search request into a
complicated tree of sub-queries that include attributes not originally
asked for and excluding those that were. The corresponding replies
might contain unrequested attributes or (for good reasons, according
to some module) hide requested ones. The entire stack is there to
meddle and that is what is does. Except *this* module. It just counts.
To understand dsdb performance it helps to have some idea what
requests and replies are flying too and fro. This module, when
inserted anywhere in the stack, counts the requests and replies
passing through and the attributes they contain. This data is stored
in on-disk tdbs in the private/debug directory.

The module is not loaded by default. To load it you need to patch the
source4/dsdb/samdb/ldb_modules/samba_dsdb.c and put "count_attrs"
somewhere in the module lists in the samba_dsdb_init() function. For
example, to examine the traffic between repl_meta_data and
group_audit_log, you would do something like this around line 316:

          "subtree_delete",
          "repl_meta_data",
  +       "count_attrs",
          "group_audit_log",
          "encrypted_secrets",

and recompile. Samba will then write to a number of tdb files in the
debug directory as requests and replies pass through. A simple script
is included to read these files. Doing this:

./script/attr_count_read st/ad_dc/private/debug/debug/attr_counts_not_found.tdb

will print a table showing how often various attritbutes were
requested but not found (from the point of view of the module).

A more sophisticated version of the script is coming in the next
commit, but this one is included first because in its simplicity it
documents the storage format reasonably well. The tdb keys are
attribute names, and the values are uint32_t in machine native order.

When the module is included in the stack there will be a very small
decrease in performance.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytests: slightly better errors in Testcase.insta_creds()

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytests: try ldap.modify_order with normal user

We run the tests again, trying to modify as a normal user rather than
Administrator.

It turns out that we do not always return the same error code as
Windows, but in all these tests both Windows and Samba always return
some kind of error (as you might hope).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

dsdb pytests: test the effect of reordering modify requests

Do we interpret these the same way as Windows? In many cases, no.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4/tests.py: shorten lines with common path

A small step

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

dsdb/pytest/ldap: use idiomatic 'e' for exceptions

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

dsdb/pytest/ldap: revive commented out test for attr size range

The test was presumably commented out because we fail it, and
known-failing it would have hidden the attr-too-short tests that it
was bundled with. If we disentangle them we can knwn-fail it, which
serves as a TODO list.

(passes against WIN2012R2).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

.gitlab-ci.yml: keep samba-ci-private tag only for private jobs

This will help us give the legacy 'private' tag, used in branches
under maintenance, more resources without those jobs running on the
normal production runners (therefore avoiding the additional cost for
the 90% of builds that are for master).

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s4:samdb: Make sure value is initialized with 0

Found by csbuild.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May  1 05:02:22 UTC 2019 on sn-devel-184

lib:torture: Fix size type in torture macro

Found by csbuild.
https://gitlab.com/samba-team/devel/samba/-/jobs/204481431

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4/replmd delete: optimise attribute preservation with binary search

When we get here it is very likely that the attribute will not be
preserved, as the preserved ones should have had the flag set, but we
still end up loking through the whole list to confirm. With a binary
search, we end up looking at ~5 attributes to confirm.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4/replmd: delete checks flag before laborious search

Most (perhaps all) attributes that are in the "must not remove" list also
have the PRESERVEONDELETE bit set, and checking bits is much cheaper
than a linear search involving strcasecmp. If we check the bit first
we save work.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: Move deadtime default to parameter definition and man page

The code has a default of one week (10080 minutes) if the parameter is
set to 0. Make this the public default of the parameter, instead of
hiding it in the code. This change also has the code match the
documentation that setting this parameter to 0 disables the check.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

traffic: load dns query from file and write stats to file

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May  1 01:10:42 UTC 2019 on sn-devel-184

traffic: define kerberos_state to simplify code

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

traffic: make code more pythonic

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

traffic_replay: Avoid Exception if no packet rate is specified

traffic_replay would throw an exception if you didn't specify some sort
of packet rate. We can avoid this by using --scale-traffic=1.0 as the
default if nothing else was specified.

 script/traffic_replay model.txt $SERVER.$REALM --duration=10
   --fixed-password=blahblah12# -U$USERNAME%$PASSWORD
INFO 2019-04-10 01:03:01,809 pid:47755 script/traffic_replay #280: Using
the specified model file to generate conversations
Traceback (most recent call last):
  File "script/traffic_replay", line 438, in <module>
    main()
  File "script/traffic_replay", line 293, in main
    opts.conversation_persistence)
  File "bin/python/samba/emulate/traffic.py", line 1295, in
generate_conversation_sequences
    target_packets = int(packet_rate * duration)
TypeError: unsupported operand type(s) for *: 'NoneType' and 'float'

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

traffic_replay: Assign users to groups by default

The traffic_replay script has a myriad of options, but by default when
it creates user accounts it does not assign these users to any groups
(you have to specify extra options to do that). This isn't really a fair
test of samba performance, because it's unlikely that real world setups
will have users that are in no groups (other than the default ones).

This patch changes the default behaviour so that it will assign the new
users to groups automatically, if no other group options were
specified.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

lib:crypto: Remove unused SHA256 and HMAC SHA256

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth:gensec: Add return code for netsec_do_sign()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth:gensec: Use GnuTLS SHA256 HMAC for schannel

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:smb: Use smb2_signing_key for smb2_signing_check_pdu()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:smb: Use smb2_signing_key for smb2_signing_sign_pdu()

This caches the gnutls hmac handle in the struct so we only allocate it
once.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:smb: Add smb2_signing_key_destructor()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:smbd: Start to use the smb2_signing_key structure

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:librpc: Add smb2_signing_key to smbXsrv.idl

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:librpc: Rename the data blobs for keys in smbXsrv.idl

The original names will be used with a new structure to cache mac and
cipher handles for gnutls later.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>