amitay/samba.git
3 years agos4/torture/smb2/oplock: fix compilation by initialising variable
Douglas Bagnall [Tue, 14 Jul 2020 10:31:02 +0000 (22:31 +1200)]
s4/torture/smb2/oplock: fix compilation by initialising variable

With gcc (Ubuntu 9.3.0-10ubuntu2) 9.3.0:

../../source4/torture/smb2/oplock.c:2709:2: error: variable 'h2' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
        torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Incorrect status");
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/torture/torture.h:734:3: note: expanded from macro 'torture_assert_ntstatus_ok_goto'
                torture_assert_ntstatus_equal_goto(torture_ctx,expr,NT_STATUS_OK,ret,label,cmt)
                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/torture/torture.h:302:6: note: expanded from macro 'torture_assert_ntstatus_equal_goto'
        if (!NT_STATUS_EQUAL(__got, __expected)) { \
            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source4/torture/smb2/oplock.c:2730:25: note: uninitialized use occurs here
        smb2_util_close(tree1, h2);
                               ^~
../../source4/torture/smb2/oplock.c:2709:2: note: remove the 'if' if its condition is always false
        torture_assert_ntstatus_ok_goto(tctx, status, ret, done, "Incorrect status");
        ^
../../lib/torture/torture.h:734:3: note: expanded from macro 'torture_assert_ntstatus_ok_goto'
                torture_assert_ntstatus_equal_goto(torture_ctx,expr,NT_STATUS_OK,ret,label,cmt)
                ^
../../lib/torture/torture.h:302:2: note: expanded from macro 'torture_assert_ntstatus_equal_goto'
        if (!NT_STATUS_EQUAL(__got, __expected)) { \
        ^
../../source4/torture/smb2/oplock.c:2652:2: note: variable 'h2' is declared here
        struct smb2_handle h, h1, h2;
        ^
1 error generated.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
3 years agos3: libsmb: Namecache. Fix bug missed by me in previous cleanup.
Jeremy Allison [Thu, 16 Jul 2020 22:47:04 +0000 (15:47 -0700)]
s3: libsmb: Namecache. Fix bug missed by me in previous cleanup.

In ipstr_list_make() we need to look at the correct array entry
to determine the ss_family for the sockaddr_storage.

Otherwise we are always storing the type of the first entry.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jul 17 05:54:31 UTC 2020 on sn-devel-184

3 years agos3-libads: Pass timeout to open_socket_out in ms
Isaac Boukris [Tue, 14 Jul 2020 20:38:06 +0000 (22:38 +0200)]
s3-libads: Pass timeout to open_socket_out in ms

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13124

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 16 10:41:40 UTC 2020 on sn-devel-184

3 years agos3: libsmb: Cleanup - Make ipstr_list_make() talloc rather than malloc.
Jeremy Allison [Wed, 15 Jul 2020 22:02:02 +0000 (15:02 -0700)]
s3: libsmb: Cleanup - Make ipstr_list_make() talloc rather than malloc.

Remove the excessive and unneeded ipstr_list_add() function,
fold it into ipstr_list_make() to make it much clearer what
we're doing.

The only use of MALLOC now is in ipstr_list_parse() returned
by namecache_fetch(). We need to fix the caller before
we can move that to talloc. As that is used inside internal_resolve_name()
which is designed to return a MALLOC'ed ip list from all
name resolution mechanisms leave that fix for another day.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jul 16 08:16:31 UTC 2020 on sn-devel-184

3 years agos3: libsmb: Cleanup - Move DEBUG -> DBG_XXX() macros.
Jeremy Allison [Wed, 15 Jul 2020 21:41:45 +0000 (14:41 -0700)]
s3: libsmb: Cleanup - Move DEBUG -> DBG_XXX() macros.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agos3: libsmb: Cleanup - make namecache_status_record_key() use talloc.
Jeremy Allison [Wed, 15 Jul 2020 21:38:23 +0000 (14:38 -0700)]
s3: libsmb: Cleanup - make namecache_status_record_key() use talloc.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agos3: libsmb: Cleanup - make namecache_key() use talloc.
Jeremy Allison [Wed, 15 Jul 2020 20:37:59 +0000 (13:37 -0700)]
s3: libsmb: Cleanup - make namecache_key() use talloc.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agos3: libsmb: Cleanup - namecache_store() - use common out.
Jeremy Allison [Wed, 15 Jul 2020 20:33:27 +0000 (13:33 -0700)]
s3: libsmb: Cleanup - namecache_store() - use common out.

Prepare for moving malloc values to talloc.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agos3: libsmb: Cleanup - namecache_store() initialize stack variables.
Jeremy Allison [Wed, 15 Jul 2020 20:31:38 +0000 (13:31 -0700)]
s3: libsmb: Cleanup - namecache_store() initialize stack variables.

Preparing for common out: exit.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agos3: libsmb: Cleanup - move talloc frame out of inner scope.
Jeremy Allison [Wed, 15 Jul 2020 20:28:33 +0000 (13:28 -0700)]
s3: libsmb: Cleanup - move talloc frame out of inner scope.

Make it available thoughout the function. Prepare to use
talloc for namecache_key().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agos3: libsmb: Cleanup modern coding standards. 'True/False' -> 'true/false'.
Jeremy Allison [Wed, 15 Jul 2020 19:12:23 +0000 (12:12 -0700)]
s3: libsmb: Cleanup modern coding standards. 'True/False' -> 'true/false'.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agos3: lib: Cleanup - make ipstr_list_make() and ipstr_list_parse() private to the only...
Jeremy Allison [Wed, 15 Jul 2020 18:58:45 +0000 (11:58 -0700)]
s3: lib: Cleanup - make ipstr_list_make() and ipstr_list_parse() private to the only user.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agos3: lib: Cleanup - nothing uses ipstr_list_free(). Remove it.
Jeremy Allison [Wed, 15 Jul 2020 18:48:30 +0000 (11:48 -0700)]
s3: lib: Cleanup - nothing uses ipstr_list_free(). Remove it.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agos3: lib: Cleanup - all the ipstr_XXX() functions are only used in namecache.c.
Jeremy Allison [Wed, 15 Jul 2020 18:43:03 +0000 (11:43 -0700)]
s3: lib: Cleanup - all the ipstr_XXX() functions are only used in namecache.c.

Move them there. Will remove from the global namespace next.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agoctdb-tools: Improve onnode's ShellCheck credibility
Martin Schwenke [Wed, 3 Jun 2020 23:59:59 +0000 (09:59 +1000)]
ctdb-tools: Improve onnode's ShellCheck credibility

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Jul 16 06:51:47 UTC 2020 on sn-devel-184

3 years agoctdb-tools: Allow onnode -P to respect ONNODE_SSH
Martin Schwenke [Wed, 3 Jun 2020 23:58:41 +0000 (09:58 +1000)]
ctdb-tools: Allow onnode -P to respect ONNODE_SSH

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tools: Whitespace fixups
Martin Schwenke [Wed, 3 Jun 2020 23:48:03 +0000 (09:48 +1000)]
ctdb-tools: Whitespace fixups

Drop some unnecessary whitespace and re-indent push().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoctdb-tools: Drop undocumented ONNODE_SSH_OPTS variable
Martin Schwenke [Wed, 3 Jun 2020 23:45:26 +0000 (09:45 +1000)]
ctdb-tools: Drop undocumented ONNODE_SSH_OPTS variable

Options can be set in ONNODE_SSH, so this variable is unnecessary.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
3 years agoutil: Fix a signed/unsigned comparison
Martin Schwenke [Thu, 7 May 2020 07:14:34 +0000 (17:14 +1000)]
util: Fix a signed/unsigned comparison

[107/390] Compiling lib/util/time.c
../../../lib/util/time.c: In function ‘timespec_string_buf’:
../../../lib/util/time.c:416:10: warning: comparison of integer expressions of different signedness: ‘size_t’ {aka ‘long unsigned int’} and ‘int’ [-Wsign-compare]
  416 |  if (len == -1) {
      |          ^~

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jul 16 04:00:52 UTC 2020 on sn-devel-184

3 years agotdb: Fix some signed/unsigned comparisons
Martin Schwenke [Thu, 7 May 2020 06:57:07 +0000 (16:57 +1000)]
tdb: Fix some signed/unsigned comparisons

[207/389] Compiling lib/tdb/tools/tdbdump.c
../../../lib/tdb/tools/tdbrestore.c: In function ‘read_linehead’:
../../../lib/tdb/tools/tdbrestore.c:43:13: warning: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’ [-Wsign-compare]
   43 |  for (i=0; i<sizeof(prefix); i++) {
      |             ^
../../../lib/tdb/tools/tdbrestore.c: In function ‘read_data’:
../../../lib/tdb/tools/tdbrestore.c:95:13: warning: comparison of integer expressions of different signedness: ‘int’ and ‘size_t’ {aka ‘long unsigned int’} [-Wsign-compare]
   95 |  for (i=0; i<size; i++) {
      |             ^

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agosmbd: Remove code inside #ifdef HAVE_BROKEN_READDIR_NAME
Christof Schmitt [Tue, 23 Jun 2020 18:55:05 +0000 (11:55 -0700)]
smbd: Remove code inside #ifdef HAVE_BROKEN_READDIR_NAME

This is dead code, the define is never set.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agolib/util: Remove code inside #ifdef HAVE_BROKEN_READDIR_NAME
Christof Schmitt [Tue, 23 Jun 2020 18:51:41 +0000 (11:51 -0700)]
lib/util: Remove code inside #ifdef HAVE_BROKEN_READDIR_NAME

This is dead code, the define is never set.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agolib/util: Remove code inside #ifdef NEXT2
Christof Schmitt [Tue, 23 Jun 2020 18:49:46 +0000 (11:49 -0700)]
lib/util: Remove code inside #ifdef NEXT2

This is dead code, the define is never set.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agos4:client: Remove code inside #ifdef NEXT2
Christof Schmitt [Tue, 23 Jun 2020 18:48:53 +0000 (11:48 -0700)]
s4:client: Remove code inside #ifdef NEXT2

This is dead code, the define is never set.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agosmbd: Remove code inside #ifdef NEXT2
Christof Schmitt [Tue, 23 Jun 2020 18:46:38 +0000 (11:46 -0700)]
smbd: Remove code inside #ifdef NEXT2

This is dead code, the define is never set.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agos3:smbd: stop accepting multichannel connections early in exit_server_common()
Stefan Metzmacher [Mon, 6 Jul 2020 14:51:05 +0000 (16:51 +0200)]
s3:smbd: stop accepting multichannel connections early in exit_server_common()

This is just a step in the correct direction, but there's still a
possible race...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14433

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Jul 14 14:59:19 UTC 2020 on sn-devel-184

3 years agos3:smbd: move exit_firsttime checking to the start of exit_server_common()
Stefan Metzmacher [Mon, 6 Jul 2020 14:42:46 +0000 (16:42 +0200)]
s3:smbd: move exit_firsttime checking to the start of exit_server_common()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14433

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
3 years agos4:torture/smb2: make smb2.durable-v2-delay tests more robust
Stefan Metzmacher [Sat, 4 Jul 2020 09:50:14 +0000 (11:50 +0200)]
s4:torture/smb2: make smb2.durable-v2-delay tests more robust

We should not crash when the test fails, so we use a 2nd independent
connection to unlink the file at the end.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
3 years agos4:torture/smb2: split replay_smb3_specification into durable handle and multichannel
Stefan Metzmacher [Fri, 3 Jul 2020 08:09:16 +0000 (10:09 +0200)]
s4:torture/smb2: split replay_smb3_specification into durable handle and multichannel

It's better to have durable handles and multichannel tested separate:
1. we test both cases in the server
2. it makes it easier to deal with knownfail entries if only one
   of these features is active on the server.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
3 years agos3: lib: Fix missing TALLOC_FREE in error code path.
Jeremy Allison [Mon, 13 Jul 2020 17:08:47 +0000 (10:08 -0700)]
s3: lib: Fix missing TALLOC_FREE in error code path.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14441

Reported by Alexander Pyhalov <apyhalov@gmail.com>

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul 14 07:42:54 UTC 2020 on sn-devel-184

3 years agonet: ignore possible SIGPIPE upon ldap_unbind when over TLS
Isaac Boukris [Sat, 11 Jul 2020 03:04:59 +0000 (05:04 +0200)]
net: ignore possible SIGPIPE upon ldap_unbind when over TLS

From local tests with strace:

socket(AF_UNIX, SOCK_STREAM, 0) = 12
write(2, "Connecting to 10.53.57.21 at por"..., 38) = 38
...
write(2, "ads_domain_func_level: 3\n", 25) = 25
write(12, "\27\3\3\0\37\0\0\0\0\0\0\0\16nl[\374\375i\325\334\25\227kxG@\326\311R\225x"..., 36) = 36
write(12, "\25\3\3\0\32\0\0\0\0\0\0\0\17Hh\304\254\244\17\342<\334\210L&\20_\177\307\232P", 31) = -1 EPIPE (Broken pipe)
--- SIGPIPE {si_signo=SIGPIPE, si_code=SI_USER, si_pid=12089, si_uid=1000} ---
+++ killed by SIGPIPE +++

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Mon Jul 13 12:06:07 UTC 2020 on sn-devel-184

3 years agoads: set sasl-wrapping to plain when over TLS
Isaac Boukris [Thu, 2 Jul 2020 07:33:12 +0000 (09:33 +0200)]
ads: set sasl-wrapping to plain when over TLS

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agoFix ads_set_sasl_wrap_flags to only change sasl flags
Isaac Boukris [Thu, 2 Jul 2020 08:59:18 +0000 (10:59 +0200)]
Fix ads_set_sasl_wrap_flags to only change sasl flags

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agoDecouple ldap-ssl-ads from ldap-ssl option
Isaac Boukris [Wed, 24 Jun 2020 12:28:45 +0000 (15:28 +0300)]
Decouple ldap-ssl-ads from ldap-ssl option

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agoselftest: add tests for net-ads over TLS
Isaac Boukris [Mon, 29 Jun 2020 13:55:33 +0000 (16:55 +0300)]
selftest: add tests for net-ads over TLS

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
3 years agodocs: Fix documentation for require_membership_of of pam_winbind
Andreas Schneider [Thu, 9 Jul 2020 09:48:26 +0000 (11:48 +0200)]
docs: Fix documentation for require_membership_of of pam_winbind

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul 10 09:40:37 UTC 2020 on sn-devel-184

3 years agowinbind: Fix lookuprids cache problem
Volker Lendecke [Wed, 8 Jul 2020 13:09:45 +0000 (15:09 +0200)]
winbind: Fix lookuprids cache problem

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14435
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jul  9 21:40:52 UTC 2020 on sn-devel-184

3 years agowinbind: Add test for lookuprids cache problem
Volker Lendecke [Wed, 8 Jul 2020 13:00:49 +0000 (15:00 +0200)]
winbind: Add test for lookuprids cache problem

When reading entries from gencache, wb_cache_rids_to_names() can
return STATUS_SOME_UNMAPPED, which _wbint_LookupRids() does not handle
correctly.

This test enforces this situation by filling gencache with one wbinfo
-R and then erasing the winbindd_cache.tdb. This forces winbind to
enter the domain helper process, which will then read from gencache
filled with the previous wbinfo -R.

Without having the entries cached this does not happen because
wb_cache_rids_to_names() via the do_query: path calls deep inside
calls dcerpc_lsa_lookup_sids_noalloc(), which hides the
STATUS_SOME_UNMAPPED that came in as lsa_LookupSids result value.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14435
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
3 years agotorture3: Align integer types
Volker Lendecke [Tue, 7 Jul 2020 06:50:31 +0000 (08:50 +0200)]
torture3: Align integer types

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
3 years agotorture3: Silence two signed/unsigned warnings
Volker Lendecke [Tue, 7 Jul 2020 06:48:58 +0000 (08:48 +0200)]
torture3: Silence two signed/unsigned warnings

A longer fix would be to change the callbacks to use "int" instead of
"unsigned". Arguably that might be cleaner, but as this is torture
code I opted for the minimum necessary change.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
3 years agolibcli/ldap: Fix decoding struct ldap_ExtendedResponse
Volker Lendecke [Tue, 23 Jun 2020 17:09:28 +0000 (19:09 +0200)]
libcli/ldap: Fix decoding struct ldap_ExtendedResponse

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
3 years agolibcli/ldap: Test decoding an exop response
Volker Lendecke [Tue, 23 Jun 2020 17:14:37 +0000 (19:14 +0200)]
libcli/ldap: Test decoding an exop response

ldap-starttls-response.dat is a reply to a starttls extended
operation. Right now ldap_decode() does not handle this correctly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
3 years agoWHATSNEW: Start release notes for Samba 4.14.0pre1.
Karolin Seeger [Thu, 9 Jul 2020 04:48:47 +0000 (06:48 +0200)]
WHATSNEW: Start release notes for Samba 4.14.0pre1.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Jul  9 08:43:25 UTC 2020 on sn-devel-184

3 years agoVERSION: Bump version to 4.14.0pre1...
Karolin Seeger [Thu, 9 Jul 2020 04:46:58 +0000 (06:46 +0200)]
VERSION: Bump version to 4.14.0pre1...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
3 years agoVERSION: Disable GIT_SNAPSHOT for the 4.13.0rc1 release.
Karolin Seeger [Thu, 9 Jul 2020 04:44:53 +0000 (06:44 +0200)]
VERSION: Disable GIT_SNAPSHOT for the 4.13.0rc1 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
3 years agoWHATSNEW: Add release notes for Samba 4.13.0rc1.
Karolin Seeger [Wed, 8 Jul 2020 11:36:43 +0000 (13:36 +0200)]
WHATSNEW: Add release notes for Samba 4.13.0rc1.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
3 years agos3:smbd: skip ctdb public ips in fsctl_network_iface_info()
Stefan Metzmacher [Thu, 25 Jun 2020 13:32:11 +0000 (15:32 +0200)]
s3:smbd: skip ctdb public ips in fsctl_network_iface_info()

Multi-Channel clients should not connect to ctdb public ip addresses
(which move between nodes).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11898

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul  8 17:16:40 UTC 2020 on sn-devel-184

3 years agos3:smbd: disconnect the all client connections if a ctdb public ip dropped
Stefan Metzmacher [Thu, 25 Jun 2020 13:59:42 +0000 (15:59 +0200)]
s3:smbd: disconnect the all client connections if a ctdb public ip dropped

For now we keep it simple and any disconnect on a connection that
used a ctdb public address, will disconnect all other remaining
connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11898

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: make smbXsrv_client_connection_pass_loop() more robust
Stefan Metzmacher [Fri, 3 Jul 2020 08:08:08 +0000 (10:08 +0200)]
s3:smbd: make smbXsrv_client_connection_pass_loop() more robust

Don't leak fds in the error paths.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11898

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: make sure smbXsrv_connection_disconnect_transport() closes the socket fd
Stefan Metzmacher [Fri, 3 Jul 2020 07:55:57 +0000 (09:55 +0200)]
s3:smbd: make sure smbXsrv_connection_disconnect_transport() closes the socket fd

I assumed that TALLOC_FREE(xconn->transport.fde) would close the socket,
but until now we didn't use tevent_fd_set_auto_close().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11898

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: make sure we detect stale smbXsrv_connection pointers in smbXsrv_session_auth0
Stefan Metzmacher [Wed, 1 Jul 2020 16:02:16 +0000 (18:02 +0200)]
s3:smbd: make sure we detect stale smbXsrv_connection pointers in smbXsrv_session_auth0

Pointer values can be reused (yes, I hit that during my testing!).
Introduce a channel_id to identify connections and also add
some timestamps to make debugging easier.

This makes smbXsrv_session_find_auth() much more robust.

This is a similar change as 0cec96526bf4d3209caf36c4a19632ff5d5dd112:
 "smb2_server: make sure we detect stale smbXsrv_connection pointers in smbXsrv_channel_global"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11898

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: fill in xconn->client early in smbd_add_connection()
Stefan Metzmacher [Thu, 25 Jun 2020 20:45:07 +0000 (22:45 +0200)]
s3:smbd: fill in xconn->client early in smbd_add_connection()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11898

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: handle NETWORK_ACCESS_DENIED in smbXsrv_client_connection_pass_loop()
Stefan Metzmacher [Thu, 25 Jun 2020 20:43:47 +0000 (22:43 +0200)]
s3:smbd: handle NETWORK_ACCESS_DENIED in smbXsrv_client_connection_pass_loop()

smbd_add_connection() may return a valid connection together with
NT_STATUS_NETWORK_ACCESS_DENIED.

We need additional cleanup for that case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11898

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: consistently use DLIST_ADD* to fill client->connections in smbd_add_connection()
Stefan Metzmacher [Thu, 25 Jun 2020 20:42:18 +0000 (22:42 +0200)]
s3:smbd: consistently use DLIST_ADD* to fill client->connections in smbd_add_connection()

We should not just overwrite the client->connections pointer if we
reject the connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11898

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:ctdbd_conn: add ctdbd_control_get_public_ips() and ctdbd_find_in_public_ips()
Stefan Metzmacher [Thu, 25 Jun 2020 13:14:04 +0000 (15:14 +0200)]
s3:ctdbd_conn: add ctdbd_control_get_public_ips() and ctdbd_find_in_public_ips()

These will be used in the multi channel code in order to handle
public ip addresses, which can move arround ctdb nodes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11898

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:ctdbd_conn: make use of samba_sockaddr in ctdbd_connect()
Stefan Metzmacher [Thu, 25 Jun 2020 13:11:44 +0000 (15:11 +0200)]
s3:ctdbd_conn: make use of samba_sockaddr in ctdbd_connect()

This avoids compiler warnings like this:
dereferencing type-punned pointer might break strict-aliasing rules [-Wstrict-aliasing]

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11898

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:ctdbd_conn: make use of ctdbd_control_local() in ctdbd_register_ips()
Stefan Metzmacher [Thu, 25 Jun 2020 12:00:27 +0000 (14:00 +0200)]
s3:ctdbd_conn: make use of ctdbd_control_local() in ctdbd_register_ips()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11898

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agoselftest/Samba3: make use of 'smbd:FSCTL_SMBTORTURE = yes'
Stefan Metzmacher [Tue, 23 Jun 2020 13:56:34 +0000 (15:56 +0200)]
selftest/Samba3: make use of 'smbd:FSCTL_SMBTORTURE = yes'

This makes sure the lease/oplock break retry logic based on
missing TCP acks is tested.

We're still not able to run multichannel tests automatically,
as socket wrapper doesn't support fd-passing yet.

But this testing this with single channels is a good start.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: implement FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT
Stefan Metzmacher [Mon, 8 Jun 2020 14:33:45 +0000 (16:33 +0200)]
s3:smbd: implement FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT

This will be used by smbtorture in order to simulate channel failures
without relying on iptables.

'smbd:FSCTL_SMBTORTURE = yes' is required in order to active this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: make use of the new ack infrastructure for oplock/lease breaks
Stefan Metzmacher [Fri, 5 Jun 2020 20:11:26 +0000 (22:11 +0200)]
s3:smbd: make use of the new ack infrastructure for oplock/lease breaks

This finally implements the retry of failed oplock/lease breaks.

Before smbd_smb2_break_send/recv completed directly after
sendmsg() passed the pdu to the kernel.

Now the completion is (at least) deferred until the
the next smbXsrv_connection_ack_checker() run happens
and smbd_smb2_send_queue_ack_bytes() found that
all bytes of the break notification left the kernel
send queue (and were TCP acked).

If the connection is disconnected all pending break
notifications are completed with an error, which is
then returned by smbd_smb2_break_recv().
smbXsrv_pending_break_submit() will then submit
another break notification via the next available
connection/channel.

The smbXsrv_connection_ack_checker() runs each
rto_usecs (between 0.2s and 1.0s). smbd_smb2_break_send()
will set a timeout of 6*rto_usecs (between 1.2s and 6s).
If smbXsrv_connection_ack_checker() detects via
smbd_smb2_send_queue_ack_bytes() that a pending break
notification is pending for more than its timeout
we'll disconnect the connection with NT_STATUS_IO_TIMEOUT.
This will be handled as any other disconnect and
will in turn also trigger the retry on the next channel.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: force multi-channel to be turned off without FreeBSD/Linux support
Stefan Metzmacher [Mon, 8 Jun 2020 10:23:47 +0000 (12:23 +0200)]
s3:smbd: force multi-channel to be turned off without FreeBSD/Linux support

For now it's safer to disable multi-channel without having support
for TIOCOUTQ/FIONWRITE on tcp sockets.

Using a fixed retransmission timeout (rto) of 1 second would be ok,
but we better require kernel support for requesting for unacked bytes
in the kernel send queue.

"force:server multi channel support = yes" can be used to overwrite
the compile time restriction (mainly for testing).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: add infrastructure to wait for TCP acks
Stefan Metzmacher [Wed, 3 Jun 2020 08:57:59 +0000 (10:57 +0200)]
s3:smbd: add infrastructure to wait for TCP acks

This will be the core of the logic that allows
us to retry break notifications.

When we start the "pending break cycle" we ask for
the current retransmission timemout (rto) on the TCP connection
and remember how many unacked bytes are in the kernel's
send queue. Each time we send bytes into the kernel
we add them to the unacked bytes.
We use a timer using the rto interval in order
to check the amount of unacked bytes again.
The provides send_queu_entry.ack.req will be completed
with tevent_req_done() when everything is completely acked,
tevent_req_nterror(NT_STATUS_IO_TIMEOUT) when
send_queu_entry.ack.timeout is expired or
tevent_req_nterror(connection_error) when the connection
gets disconnected.

It works with support from the FreeBSD and Linux kernels.
For other platforms we just have a fixed rto of 1 second.
And pretend all bytes are acked when we recheck after 1 second.
So only a connection error could trigger tevent_req_nterror(),
but there's no timeout. A follow up commit will most likely
disable support for multi-channel if we don't have kernel support.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: add logic to retry break notifications on all available channels
Stefan Metzmacher [Tue, 2 Jun 2020 16:05:39 +0000 (18:05 +0200)]
s3:smbd: add logic to retry break notifications on all available channels

For leases we need to use any available connection with the same
client_guid. That means all connections in the client->connections list.

We try the oldest connection first, as that's what windows is doing.

For oplocks we implement the same as that's what the specification
says. Windows behaves different and we have
'smb2 disable oplock break retry = yes' in order to behave like Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agodocs-xml/smbdotconf: add "smb2 disable oplock break retry"
Stefan Metzmacher [Tue, 23 Jun 2020 15:39:10 +0000 (17:39 +0200)]
docs-xml/smbdotconf: add "smb2 disable oplock break retry"

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: convert smbd_smb2_send_break() into async smbd_smb2_break_send/recv()
Stefan Metzmacher [Tue, 2 Jun 2020 16:05:39 +0000 (18:05 +0200)]
s3:smbd: convert smbd_smb2_send_break() into async smbd_smb2_break_send/recv()

This will make it possible to detect errors in order to retry sending
the break on another connection.

For now we always report NT_STATUS_OK, when we delivered the break
notification to the kernel send queue. But that will change in
the following commits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: add smbd_smb2_send_queue.sendfile_body_size
Stefan Metzmacher [Fri, 5 Jun 2020 18:14:10 +0000 (20:14 +0200)]
s3:smbd: add smbd_smb2_send_queue.sendfile_body_size

The following patches require the size of the full sendfile() pdu.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: introduce smbXsrv_pending_break infrastructure
Stefan Metzmacher [Tue, 2 Jun 2020 15:13:22 +0000 (17:13 +0200)]
s3:smbd: introduce smbXsrv_pending_break infrastructure

This prepares support for oplock/lease break replay from
the server to the client.

We need some state in order to do replays later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: avoid dereferencing client->connections
Stefan Metzmacher [Wed, 8 Jul 2020 08:15:56 +0000 (10:15 +0200)]
s3:smbd: avoid dereferencing client->connections

There're typically better ways to get the same information.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: setup client->global->client_guid even without multichannel support
Stefan Metzmacher [Wed, 8 Jul 2020 11:59:26 +0000 (13:59 +0200)]
s3:smbd: setup client->global->client_guid even without multichannel support

It's too confusing if client->global->client_guid and
client->connections->smb2.client.guid don't have the same value.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: pass down smbXsrv_client to smbd_smb2_send_{oplock,lease}_break()
Stefan Metzmacher [Tue, 2 Jun 2020 14:50:22 +0000 (16:50 +0200)]
s3:smbd: pass down smbXsrv_client to smbd_smb2_send_{oplock,lease}_break()

Which connection is actually used should not matter to the main logic.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: pass smbXsrv_client to downgrade_lease()
Stefan Metzmacher [Tue, 2 Jun 2020 14:33:23 +0000 (16:33 +0200)]
s3:smbd: pass smbXsrv_client to downgrade_lease()

This prepares for multichannel support, where breaks are not bound
to a single connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: add smbd_server_disconnect_client[_ex]()
Stefan Metzmacher [Tue, 2 Jun 2020 14:43:43 +0000 (16:43 +0200)]
s3:smbd: add smbd_server_disconnect_client[_ex]()

With multichannel things may not happen only on one connection.
We may need to disconnect all connections of a client, when something
bad happens.

The first users of this will be the lease/oplock break code,
if they are not able allocate memory or something similar
we need to bail out.

Having a special smbXsrv_client based function is better than
calling exit_server*() directly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: remove unused session,tcon parameters from smbd_smb2_send_oplock_break()
Stefan Metzmacher [Tue, 19 May 2020 12:10:21 +0000 (14:10 +0200)]
s3:smbd: remove unused session,tcon parameters from smbd_smb2_send_oplock_break()

They are no longer used. However we'll make use of
op->compat->vuid in the next commits, as the session id should be part
of oplock breaks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: pass down session_id to smbd_smb2_send_break()
Stefan Metzmacher [Fri, 5 Jun 2020 18:12:57 +0000 (20:12 +0200)]
s3:smbd: pass down session_id to smbd_smb2_send_break()

Oplock break should contain a valid session id of the open file handle,
as file handles are relative to a session.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:smbd: remove dead code from smbd_smb2_send_break()
Stefan Metzmacher [Tue, 19 May 2020 11:33:27 +0000 (13:33 +0200)]
s3:smbd: remove dead code from smbd_smb2_send_break()

Starting with commit 0a924d13cf4bb570cce3955cf0de9d8678b37dbe
("smbd: Send SMB2 oplock breaks unencrypted") we always passed in
session=NULL and tcon=NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:torture/smb2: add smb2.multichannel.oplocks.test3{_windows,specification}
Stefan Metzmacher [Mon, 8 Jun 2020 13:03:30 +0000 (15:03 +0200)]
s4:torture/smb2: add smb2.multichannel.oplocks.test3{_windows,specification}

This is similar to the smb2.multichannel.leases.test5,
but it tests the oplock case instead of leases.

With Oplocks Windows only sends a single break on the latest channel,
this is not what the spec says...

Maybe we should have a similar test that would expect the
behavior from the [MS-SMB2] (3/4/2020 rev 60.0)
"3.3.4.6 Object Store Indicates an Oplock Break":

  ...

  If the server implements the SMB 3.x dialect family, SMB2 Oplock Break
  Notification MUST be sent to the client using the first available
  connection in Open.Session.ChannelList where Channel.Connection is not
  NULL. If the server fails to send the notification to the client, the
  server MUST retry the send using an alternate connection, if available,
  in Open.Session.ChannelList.
  ...

Here I add one test that demonstrates the Windows behavior:
 smb2.multichannel.oplocks.test3_windows
and a 2nd test that demonstrates the behavior from MS-SMB2.
 smb2.multichannel.oplocks.test3_specification

Note that Windows 10 seems to behave differently and it's not
possible to open all 32 channel used by this test.

Against remote servers it's required to run iptables as root:

 #> smbtorture //server/torture -Uu%p \
    --option="torture:use_iptables=yes" \
    --option="torture:iptables_command=sudo /sbin/iptables" \
    smb2.multichannel.oplocks.test3_windows

 #> smbtorture //server/torture -Uu%p \
    --option="torture:use_iptables=yes" \
    --option="torture:iptables_command=sudo /sbin/iptables" \
    smb2.multichannel.oplocks.test3_specification

The test will also work against a Samba server
with 'smbd:FSCTL_SMBTORTURE = yes', and won't require iptables
in that case.

Samba will get a "smb2 disable oplock break retry" configuration
option to switch between both behaviors, as it's much more common with Samba
that leases are not supported and clients will fallback to
oplocks together with multichannel.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:torture/smb2: (re-)add smb2.multichannel.leases.test4
Stefan Metzmacher [Mon, 8 Jun 2020 13:03:30 +0000 (15:03 +0200)]
s4:torture/smb2: (re-)add smb2.multichannel.leases.test4

This tests 32 channels, which is the maximum Windows Server
versions support. (Note that Windows 10 (a Client OS as SMB server,
seems to support only 20 channels and may differ in other aspects,
so we ignore that for now).

This works at least against Windows Server 2019
and we see lease break notification retries every ~ 1.3 seconds
with ~ 5 TCP retransmissions. At that rate we see the remaining
5 retries after the conflicting SMB2 Create already returned.

Older Windows Server versions use much longer timeouts in the TCP-stack,
they send lease break notification retries less often and only 4 in
total, all other channels get TCP-RST packets because of missing
TCP keepalive packets before they're used.
The intervals between lease break notification retries are
~19 seconds for 2012[_R2] and ~25 seconds for 2016.
It means that only ~2 lease break notifications arrive before
the open returns after ~35 seconds.

Note that Windows 10 seems to behave differently and it's not
possible to open all 32 channel used by this test.

Against remote servers it's required to run iptables as root:

 #> smbtorture //server/torture -Uu%p \
    --option="torture:use_iptables=yes" \
    --option="torture:iptables_command=sudo /sbin/iptables" \
    smb2.multichannel.leases.test4

The test will also work against a Samba server
with 'smbd:FSCTL_SMBTORTURE = yes', and won't require iptables
in that case.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:torture/smb2: remove useless 'smb2.multichannel.leases.test4'
Stefan Metzmacher [Tue, 23 Jun 2020 14:01:54 +0000 (16:01 +0200)]
s4:torture/smb2: remove useless 'smb2.multichannel.leases.test4'

Having a test that would only pass against Samba makes things way
to complex, they're already complex and we should try to behave
like windows as much as possible.

The next commit will add a better test that will work against Windows
Servers and the future Samba servers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:torture/smb2: fix smb2.multichannel.leases.test2 against windows
Stefan Metzmacher [Tue, 23 Jun 2020 10:38:49 +0000 (12:38 +0200)]
s4:torture/smb2: fix smb2.multichannel.leases.test2 against windows

We still receive the break on the blocked channel,
it's only the response ACKs, which we are blocking (or simulate to
block).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:torture/smb2: split smb2.oplock.batch22 into a and b
Stefan Metzmacher [Mon, 22 Jun 2020 22:09:38 +0000 (00:09 +0200)]
s4:torture/smb2: split smb2.oplock.batch22 into a and b

batch22a tests the timeout on a valid connection
and batch22b tests the timeout on a broken/blocked connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:torture/smb2: move smb2_transport blocking to the generic block.[ch]
Stefan Metzmacher [Mon, 22 Jun 2020 15:30:28 +0000 (17:30 +0200)]
s4:torture/smb2: move smb2_transport blocking to the generic block.[ch]

We may want to use this in other places too, not only multichannel.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:torture/smb2: make use of FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT
Stefan Metzmacher [Mon, 8 Jun 2020 14:33:45 +0000 (16:33 +0200)]
s4:torture/smb2: make use of FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT

This is a way to test without being able to use iptables.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:torture/smb2: refactor block.c to block the OUTPUT path
Stefan Metzmacher [Fri, 29 May 2020 16:18:12 +0000 (09:18 -0700)]
s4:torture/smb2: refactor block.c to block the OUTPUT path

In order to create useful tests, we should block the outgoing
tcp packets only. That means we're able to see incoming
break notifications, but prevent outgoing TCP ACKs to be delivered
to the server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:torture/smb2: add break_info.oplock_skip_ack
Stefan Metzmacher [Tue, 2 Jun 2020 12:52:07 +0000 (14:52 +0200)]
s4:torture/smb2: add break_info.oplock_skip_ack

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:torture/smb2: move interface_info test to smb2.multichannel.generic
Günther Deschner [Thu, 26 Sep 2019 08:18:04 +0000 (10:18 +0200)]
s4:torture/smb2: move interface_info test to smb2.multichannel.generic

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
3 years agos4:torture/smb2: make use of transport_options.only_negprot for multichannel connections
Stefan Metzmacher [Wed, 1 Jul 2020 16:37:44 +0000 (18:37 +0200)]
s4:torture/smb2: make use of transport_options.only_negprot for multichannel connections

This avoid useless session setups and tree connects on the wire.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:torture/smb2: simplify code to generate list of smb2 channels
Günther Deschner [Thu, 26 Sep 2019 08:18:33 +0000 (10:18 +0200)]
s4:torture/smb2: simplify code to generate list of smb2 channels

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
3 years agos4:torture/smb2: add const to options for test_multichannel_create_channel()
Stefan Metzmacher [Fri, 3 Jul 2020 09:56:19 +0000 (11:56 +0200)]
s4:torture/smb2: add const to options for test_multichannel_create_channel()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:libcli/smb2: add const to struct smbcli_options *options for smb2_connect()
Stefan Metzmacher [Fri, 3 Jul 2020 09:54:42 +0000 (11:54 +0200)]
s4:libcli/smb2: add const to struct smbcli_options *options for smb2_connect()

It will just be passed to smb2_connect_ext(), which already takes a
const pointer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:libcli/smb2: allow smb2_connect*() to fake session and tcon
Stefan Metzmacher [Wed, 1 Jul 2020 16:27:40 +0000 (18:27 +0200)]
s4:libcli/smb2: allow smb2_connect*() to fake session and tcon

For multichannel connection we want a way to have just a connection
with a negprot finished.

For now we just fake a tcon and session in order to avoid changes in the
caller. We can clean that up later if needed.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:param: use struct initializer in lpcfg_smbcli_session_options()
Stefan Metzmacher [Thu, 2 Jul 2020 11:25:43 +0000 (13:25 +0200)]
s4:param: use struct initializer in lpcfg_smbcli_session_options()

We should zero all fields not initialiazed explicitly.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos4:param: use struct initializer in lpcfg_smbcli_options()
Stefan Metzmacher [Thu, 2 Jul 2020 11:25:43 +0000 (13:25 +0200)]
s4:param: use struct initializer in lpcfg_smbcli_options()

We should zero all fields not initialiazed explicitly.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agolibcli/smb: define FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT
Stefan Metzmacher [Mon, 8 Jun 2020 14:33:45 +0000 (16:33 +0200)]
libcli/smb: define FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUT

This will be used by smbtorture in order to simulate channel failures
without relying on iptables.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agos3:includes: change OPLOCK_BREAK_TIMEOUT from 30 to 35 seconds
Stefan Metzmacher [Wed, 3 Jun 2020 12:41:12 +0000 (14:41 +0200)]
s3:includes: change OPLOCK_BREAK_TIMEOUT from 30 to 35 seconds

This is what windows is using for normal oplock and lease breaks.

Note that windows uses higher values for persistent handles,
they use 60 seconds for oplocks and 180 seconds for leases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
3 years agolib/util: allow to set TCP_USER_TIMEOUT socket option
Günther Deschner [Wed, 20 Sep 2017 18:21:49 +0000 (20:21 +0200)]
lib/util: allow to set TCP_USER_TIMEOUT socket option

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
3 years agos3:dbwrap_watch: avoid recursion into dbwrap_do_locked() from dbwrap_watched_do_locke...
Stefan Metzmacher [Thu, 14 May 2020 11:32:47 +0000 (13:32 +0200)]
s3:dbwrap_watch: avoid recursion into dbwrap_do_locked() from dbwrap_watched_do_locked_{storev,delete}()

This avoids a lot of overhead!

Using smbtorture3 //foo/bar -U% local-g-lock-ping-pong -o 500000
under valgrind --tool=callgrind...

This change replaces this:

 6,877,542,529  PROGRAM TOTALS

   590,000,773  lib/tdb/common/lock.c:tdb_lock_list
   479,000,608  lib/tdb/common/lock.c:tdb_unlock
   446,500,532  lib/tdb/common/io.c:tdb_read
   364,000,824  lib/tdb/common/hash.c:tdb_jenkins_hash
   285,000,532  lib/tdb/common/io.c:tdb_write
   262,054,669  /x86_64/multiarch/memmove-vec-unaligned-erms.S:__memcpy_avx_unaligned_erms
   206,500,496  lib/tdb/common/mutex.c:tdb_mutex_lock
   193,000,176  lib/tdb/common/tdb.c:tdb_find
   160,000,256  lib/talloc/talloc.c:_talloc_get_type_abort
   148,500,297  lib/tdb/common/tdb.c:tdb_storev
   140,000,196  lib/tdb/common/lock.c:tdb_lock
   130,000,858  lib/util/debug.c:debuglevel_get_class
   128,003,722  lib/talloc/talloc.c:_talloc_free
   128,000,118  lib/tdb/common/tdb.c:tdb_parse_record
   126,000,576  lib/tdb/common/lock.c:tdb_brlock.part.3
   121,000,272  lib/tdb/common/mutex.c:tdb_mutex_unlock
   118,000,225  /nptl/pthread_mutex_lock.c:__pthread_mutex_lock_full
   112,750,222  lib/tdb/common/freelist.c:tdb_allocate_from_freelist
   108,500,168  lib/tdb/common/io.c:tdb_ofs_read
   102,500,000  lib/tdb/common/io.c:tdb_parse_data

by this:

 5,706,522,398  PROGRAM TOTALS

   434,000,617  lib/tdb/common/lock.c:tdb_lock_list
   389,500,494  lib/tdb/common/io.c:tdb_read
   359,000,488  lib/tdb/common/lock.c:tdb_unlock
   285,000,532  lib/tdb/common/io.c:tdb_write
   237,554,655  /x86_64/multiarch/memmove-vec-unaligned-erms.S:__memcpy_avx_unaligned_erms
   208,000,668  lib/tdb/common/hash.c:tdb_jenkins_hash
   206,500,496  lib/tdb/common/mutex.c:tdb_mutex_lock
   160,000,256  lib/talloc/talloc.c:_talloc_get_type_abort
   148,500,297  lib/tdb/common/tdb.c:tdb_storev
   136,000,132  lib/tdb/common/tdb.c:tdb_find
   130,000,858  lib/util/debug.c:debuglevel_get_class
   126,000,576  lib/tdb/common/lock.c:tdb_brlock.part.3
   121,000,272  lib/tdb/common/mutex.c:tdb_mutex_unlock
   118,000,225  /nptl/pthread_mutex_lock.c:__pthread_mutex_lock_full
   112,750,222  lib/tdb/common/freelist.c:tdb_allocate_from_freelist
   112,000,168  lib/tdb/common/lock.c:tdb_lock
    94,500,154  lib/tdb/common/io.c:tdb_ofs_read
    94,000,188  /nptl/pthread_mutex_unlock.c:__pthread_mutex_unlock_full
    86,000,086  lib/dbwrap/dbwrap.c:dbwrap_lock_order_lock
    83,000,083  lib/dbwrap/dbwrap_tdb.c:db_tdb_do_locked

time smbtorture3 //foo/bar -U% local-g-lock-ping-pong -o 5000000

gives:

  902834 locks/sec

 real    0m11,103s
 user    0m8,233s
 sys     0m2,868s

vs.

 1037262 locks/sec

 real    0m9,685s
 user    0m6,788s
 sys     0m2,896s

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jul  8 11:02:39 UTC 2020 on sn-devel-184

3 years agos3:locking: convert share_mode_lock.c to generate_unique_u64()
Stefan Metzmacher [Tue, 7 Jul 2020 09:49:27 +0000 (11:49 +0200)]
s3:locking: convert share_mode_lock.c to generate_unique_u64()

Instead of a sequence number that gets incremented we just
need a value that's not reused.

The is a similar change like the commit before at the g_lock.c
layer.

I expect a similar performance improvement here, but
I don't know a specific benchmark test to check.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agos3:g_lock: avoid very expensive generate_random_buffer() in g_lock_parse()
Stefan Metzmacher [Tue, 19 May 2020 00:58:23 +0000 (02:58 +0200)]
s3:g_lock: avoid very expensive generate_random_buffer() in g_lock_parse()

We don't require a sequence number that is incremented,
we just need a value that's not reused.
We use the new generate_unique_u64(), which is much cheaper!

Using smbtorture3 //foo/bar -U% local-g-lock-ping-pong -o 500000
under valgrind --tool=callgrind...

This change replaces this:

 13,129,925,659  PROGRAM TOTALS

  4,125,752,958  ???:_nettle_sha256_compress [/usr/lib/x86_64-linux-gnu/libnettle.so.6.4]
  1,257,005,866  ???:_nettle_aes_encrypt [/usr/lib/x86_64-linux-gnu/libnettle.so.6.4]
    590,000,773  bin/default/../../lib/tdb/common/lock.c:tdb_lock_list
    571,503,429  ???:_nettle_aes_set_key [/usr/lib/x86_64-linux-gnu/libnettle.so.6.4]
    479,000,608  bin/default/../../lib/tdb/common/lock.c:tdb_unlock
    ...

by this:

  6,877,826,377  PROGRAM TOTALS

    590,000,773  bin/default/../../lib/tdb/common/lock.c:tdb_lock_list
    479,000,608  bin/default/../../lib/tdb/common/lock.c:tdb_unlock
    ...
     12,500,033  bin/default/../../lib/util/genrand_util.c:generate_unique_u64
    ...
     8,996,970  ???:_nettle_sha256_compress [/usr/lib/x86_64-linux-gnu/libnettle.so.6.4]

time smbtorture3 //foo/bar -U% local-g-lock-ping-pong -o 5000000

gives:

   537426 locks/sec

  real    0m19,071s
  user    0m15,061s
  sys     0m3,999s

vs.

   900956 locks/sec

  real    0m11,155s
  user    0m8,293s
  sys     0m2,860s

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agolib/util: add generate_unique_u64() helper function
Stefan Metzmacher [Tue, 9 Jun 2020 14:19:50 +0000 (16:19 +0200)]
lib/util: add generate_unique_u64() helper function

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
3 years agos3:smbcacls: Add support for DFS path
Anubhav Rakshit [Sun, 7 Jun 2020 19:09:59 +0000 (00:39 +0530)]
s3:smbcacls: Add support for DFS path

smbcacls does not handle DFS paths correctly. This is beacuse once the
command encounters a path which returns STATUS_PATH_NOT_COVERED, it does
not attempt a GET REFERRAL.

We use cli_resolve_path API to perform a DFS path resolution to solve
the above problem.

Additionally this removes the known fail against smbcacls tests
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul  7 23:03:00 UTC 2020 on sn-devel-184