amitay/samba.git
9 months agonetcmd/ldapcmp: use set instead of list to find missing DNs
Joe Guo [Mon, 29 Oct 2018 02:00:15 +0000 (15:00 +1300)]
netcmd/ldapcmp: use set instead of list to find missing DNs

This simplify the logic and improve performance a lot.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agonetcmd/ldapcmp: avoid list comprehension in for loop
Joe Guo [Sun, 28 Oct 2018 21:16:02 +0000 (10:16 +1300)]
netcmd/ldapcmp: avoid list comprehension in for loop

The list comprehension will repeat for each item.
For large database, this make the command freeze.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agonetcmd/ldapcmp: add choices arg to --view option
Joe Guo [Sun, 28 Oct 2018 23:12:38 +0000 (12:12 +1300)]
netcmd/ldapcmp: add choices arg to --view option

So we don't need to validate ourselves.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agonetcmd/ldapcmp: add choices arg to --scope option
Joe Guo [Sun, 28 Oct 2018 22:54:57 +0000 (11:54 +1300)]
netcmd/ldapcmp: add choices arg to --scope option

So we don't need to validate ourselves.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agonetcmd/ldapcmp: rename __eq__ to diff
Joe Guo [Mon, 29 Oct 2018 01:49:28 +0000 (14:49 +1300)]
netcmd/ldapcmp: rename __eq__ to diff

This method actually changed both objects and print info.
__eq__ is not a proper name and is not designed for this case.
Rename to diff.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agonetcmd/ldapcmp: fix typo for Bundle
Joe Guo [Sun, 28 Oct 2018 23:29:58 +0000 (12:29 +1300)]
netcmd/ldapcmp: fix typo for Bundle

Bundel -> Bundle

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoreplmd: Make replmd_process_linked_attribute() mem dependencies clearer
Tim Beale [Mon, 19 Nov 2018 21:59:40 +0000 (10:59 +1300)]
replmd: Make replmd_process_linked_attribute() mem dependencies clearer

This patch should not alter functionality - it is just making memory
assumptions used in replmd_process_linked_attribute() clearer.

When adding/removing msg->elements we have to take care, as this will
invalidate things like the parsed-DN array or old ldb_message_element
pointers. This has always been the case (i.e. f6bc4c08b19f5615a49),
however, now we need to take even more care, as the msg being modified
is re-used and split across 2 different functions.

Add more code comments to highlight this. We can also free
pdn_list/old_el to prevent them being incorrectly used after realloc.
It seems appropriate to also add a sanity-check that the tmp_ctx alloc
succeeds (which all the other memory hangs off).

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Wed Nov 21 05:31:10 CET 2018 on sn-devel-144

9 months agoreplmd: Avoid redundant dsdb_get_deleted_objects_dn() checks
Tim Beale [Mon, 12 Nov 2018 02:49:28 +0000 (15:49 +1300)]
replmd: Avoid redundant dsdb_get_deleted_objects_dn() checks

Quite a bit of time was spent in dsdb_get_deleted_objects_dn()
processing during either a join (~9%) or a full-sync (~28%).

The problem is we're *always* doing the dsdb_get_deleted_objects_dn()
call for each object, regardless of whether it's actually deleted or
not. i.e. we were doing an expensive query and a lot of the time just
ignoring the query result.

If it's not a deleted object we're dealing with, we can just return
early and skip the unnecessary processing.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoreplmd: Minimize get_parsed_dns_trusted() calls during replication
Tim Beale [Sun, 11 Nov 2018 23:11:38 +0000 (12:11 +1300)]
replmd: Minimize get_parsed_dns_trusted() calls during replication

When a group has 10,000+ links, get_parsed_dns_trusted() can be costly
(simply the talloc calls alone are expensive). Instead of re-generating
the pdn_list for every single link attribute, we can change to only
re-generate it when we really need to.

When we add a new link, it reallocates old_el->values, and so we need to
recreate the pdn_list because all the memory pointers will have changed.
However, in the other cases, where we're simply updating the existing
link value (or ignoring the update, if it's already applied), we can
continue using the same pdn_list (rather than re-parsing it again).

This would generally only save time with a full-sync - it won't really
help with the join case (because every link processed results in a
realloc).

On a DB with 5000 users, this makes a full-sync about ~13% faster.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoreplmd: Pass old_el into replmd_process_linked_attribute()
Tim Beale [Sun, 11 Nov 2018 23:00:47 +0000 (12:00 +1300)]
replmd: Pass old_el into replmd_process_linked_attribute()

We should only need to lookup the msg attribute once per source object.
The old_el->values may change due to link-processing, but old_el itself
should not.

This is not aimed at improving performance, but we need to change how
old_el is used before we can change pdn_list (which is more costly
processing-wise).

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoreplmd: Remove some redundant code
Tim Beale [Sun, 11 Nov 2018 22:21:36 +0000 (11:21 +1300)]
replmd: Remove some redundant code

At first glance, this code seemed completely unnecessary. However, it
was added (by commit f6bc4c08b19f5615) for a valid reason: adding the
whenChanged/uSNChanged attributes to the message can cause msg->elements
to be reallocated, which means the old_el pointer (which points to
msg->elements memory) can be out of date.

whenChanged/uSNChanged now get added to the msg last, just before the DB
modify operation. So old_el can no longer become out of date within
replmd_process_link_attribute(), so re-fetching it is now redundant.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoreplmd: Move where we update the usnChanged/whenChanged
Tim Beale [Sun, 11 Nov 2018 22:13:28 +0000 (11:13 +1300)]
replmd: Move where we update the usnChanged/whenChanged

Move this closer to where the source object actually gets modified.

The main reason to do this is that adding fields can cause the
msg->elements to be reallocated, which will invalidate all the
old_el and pdn_list pointers which are derived from the msg.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoreplmd: Only modify the object if it actually changed
Tim Beale [Sun, 11 Nov 2018 22:00:52 +0000 (11:00 +1300)]
replmd: Only modify the object if it actually changed

Commit 775054afbe1512 reworked replmd_process_link_attribute() so that
we batch together DB operations for the same source object. However, it
was possible that the object had not actually changed at all, e.g.
- link was already processed by critical-objects-only during join, or
- we were doing a full-sync and processing info that was already
  up-to-date in our DB.

In these cases we modified the object anyway, even though nothing had
changed. This patch fixes it up, so we check that the object has
actually changed before modifying the DB.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoreplmd: replmd_process_link_attribute() returns type of change made
Tim Beale [Sun, 11 Nov 2018 21:43:39 +0000 (10:43 +1300)]
replmd: replmd_process_link_attribute() returns type of change made

In order to share work across related link attribute updates, we need
replmd_process_link_attribute() to let the caller know what actually
changed.

This patch adds an extra return type that'll be used in the next patch.
What we're interested in is: the update was ignored (i.e. it's old news),
a new link attribute was added (because this affects the overall
msg/element memory), and an existing link attribute was modified (due to
how links are actually stored, this includes deleting the link, as in
reality it simply involves setting the existing link to 'inactive').

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agosource4 samr: Tidy DBG_WARNING calls
Gary Lockyer [Tue, 20 Nov 2018 21:02:43 +0000 (10:02 +1300)]
source4 samr: Tidy DBG_WARNING calls

Move the calls to GUID_buf_string and dom_sid_str_buf into the
coresponding DBG_WARNING call, instead of using an intermediate variable.
While this violates the coding guidelines, doing this makes the code less
cluttred and means the functions are only called if the debug message is
printed.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 21 01:50:11 CET 2018 on sn-devel-144

9 months agos4-samr: Use GUID_buf_string() in dcesrv_samr_EnumDomainUsers()
Andrew Bartlett [Thu, 15 Nov 2018 00:44:29 +0000 (13:44 +1300)]
s4-samr: Use GUID_buf_string() in dcesrv_samr_EnumDomainUsers()

This avoids memory allocation.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 months agos4-samr: Use dom_sid_split_rid() to get the RID in dcesrv_samr_EnumDomainUsers
Andrew Bartlett [Wed, 14 Nov 2018 23:48:15 +0000 (12:48 +1300)]
s4-samr: Use dom_sid_split_rid() to get the RID in dcesrv_samr_EnumDomainUsers

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 months agosource4 samr: cache samr_EnumDomainUsers results
Gary Lockyer [Thu, 18 Oct 2018 00:54:31 +0000 (13:54 +1300)]
source4 samr: cache samr_EnumDomainUsers results

Add a cache of GUID's that matched the last samr_EnunDomainUsers made on a
domain handle.  The cache is cleared if resume_handle is zero, and when the
final results are returned to the caller.

The existing code repeated the database query for each chunk requested.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agotests samr: Extra tests for samr_EnumDomainUserss
Gary Lockyer [Thu, 18 Oct 2018 00:53:55 +0000 (13:53 +1300)]
tests samr: Extra tests for samr_EnumDomainUserss

Add extra tests to test the content returned by samr_EnumDomainUsers,
and tests for the result caching added in the following commit.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos4-samr: Use GUID_buf_string() in dcesrv_samr_EnumDomainGroups()
Andrew Bartlett [Thu, 15 Nov 2018 00:44:23 +0000 (13:44 +1300)]
s4-samr: Use GUID_buf_string() in dcesrv_samr_EnumDomainGroups()

This avoids memory allocation

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 months agos4-samr: Use dom_sid_split_rid() to get the RID in dcesrv_samr_EnumDomainGroups
Gary Lockyer [Thu, 18 Oct 2018 00:54:31 +0000 (13:54 +1300)]
s4-samr: Use dom_sid_split_rid() to get the RID in dcesrv_samr_EnumDomainGroups

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 months agosource4 samr: cache samr_EnumDomainGroups results
Gary Lockyer [Wed, 17 Oct 2018 21:16:24 +0000 (10:16 +1300)]
source4 samr: cache samr_EnumDomainGroups results

Add a cache of GUID's that matched the last samr_EnunDomainGroups made on a
domain handle.  The cache is cleared if resume_handle is zero, and when the
final results are returned to the caller.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agotest samr: Extra tests for samr_EnumDomainGroups
Gary Lockyer [Thu, 11 Oct 2018 22:21:10 +0000 (11:21 +1300)]
test samr: Extra tests for samr_EnumDomainGroups

Add extra tests to test the content returned by samr_EnumDomainGroups,
and tests for the result caching added in the following commit.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos4-samr: Use dom_sid_split_rid() to get the RID in dcesrv_samr_QueryDisplayInfo
Andrew Bartlett [Wed, 14 Nov 2018 20:53:25 +0000 (09:53 +1300)]
s4-samr: Use dom_sid_split_rid() to get the RID in dcesrv_samr_QueryDisplayInfo

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
9 months agosource4 samr: cache samr_QueryDisplayInfo results
Gary Lockyer [Tue, 9 Oct 2018 20:20:25 +0000 (09:20 +1300)]
source4 samr: cache samr_QueryDisplayInfo results

Add a cache of GUID's that matched the last samr_QueryDisplayInfo made on a
domain handle.  The cache is cleared if the requested start index is
zero, or if the level does not match that in the cache.

The cache is maintained in the guid_caches array of the dcesrv_handle.

Note: that currently this cache exists for the lifetime of the RPC
      handle.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agotests samr: remove PEP8 warnings
Gary Lockyer [Mon, 8 Oct 2018 22:11:12 +0000 (11:11 +1300)]
tests samr: remove PEP8 warnings

Remove PEP8 warnings from the samr tests.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agotests samr: Extra tests for samr_QueryDisplayInfo
Gary Lockyer [Mon, 8 Oct 2018 22:09:20 +0000 (11:09 +1300)]
tests samr: Extra tests for samr_QueryDisplayInfo

Add extra tests to test the content returned by samr_QueryDisplayInfo,
which is not tested for the ADDC.  Also adds tests for the result
caching added in the following commit.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoldb_controls: Add some talloc error checking for controls
Garming Sam [Tue, 13 Nov 2018 21:29:01 +0000 (10:29 +1300)]
ldb_controls: Add some talloc error checking for controls

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agosync_passwords: Remove dirsync cookie logging for continuous operation
Garming Sam [Sun, 18 Nov 2018 22:05:59 +0000 (11:05 +1300)]
sync_passwords: Remove dirsync cookie logging for continuous operation

Under normal operation, users shouldn't see giant cookies in their logs.
We still log the initial cookie retrieved from the cache database, which
should still be helpful for identifying corrupt cookies.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agodirsync: Allow arbitrary length cookies
Garming Sam [Fri, 26 Oct 2018 00:38:02 +0000 (13:38 +1300)]
dirsync: Allow arbitrary length cookies

The length of the cookie is proportional to the number of DCs ever in
the domain (as it stores the uptodateness vector which has stale
invocationID).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoreplmd: Cache recycle-bin state to avoid DB lookup
Tim Beale [Fri, 26 Oct 2018 02:04:42 +0000 (15:04 +1300)]
replmd: Cache recycle-bin state to avoid DB lookup

By caching the recycle-bin state we can save ~6% of the join time.

Checking whether the recycle-bin is enabled involves an underlying DSDB
search. We do this ~4 times for each link we replicate (twice for the
link source and target). By caching the recycle-bin's state over the
duration of the replication, we can save 1000s of unnecessary DB
searches.

With 5K users this makes the join time ~5 secs faster.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Tue Nov 20 08:40:16 CET 2018 on sn-devel-144

9 months agoreplmd: Split some code out into create_la_entry() helper function
Tim Beale [Fri, 9 Nov 2018 01:29:14 +0000 (14:29 +1300)]
replmd: Split some code out into create_la_entry() helper function

replmd_store_linked_attributes() has gotten in szie and complexity. This
refactors some code out into a separate function to make things a bit
more manageable.

This patch should not alter functionality.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoreplmd: Minor change to replmd_verify_link_target() args
Tim Beale [Fri, 9 Nov 2018 01:13:11 +0000 (14:13 +1300)]
replmd: Minor change to replmd_verify_link_target() args

We were passing in the entire src_msg, but all we really need is the
source object's DN (and even then, it's only used in error messages).

Change it so we only pass in what the function actually needs. This
makes it a bit easier to see what src_msg is actually used for.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoreplmd: Skip redundant source object link checks
Tim Beale [Fri, 9 Nov 2018 01:06:16 +0000 (14:06 +1300)]
replmd: Skip redundant source object link checks

We receive the links grouped together by source object. We can save
ourselves some work by not looking up the source object for every single
link (if it's still the same object we're dealing with).

We've already made this change to replmd_process_linked_attribute().
This patch makes the same change to replmd_store_linked_attributes().
(We verify that we know about each link source/target as we receive each
replication chunk. replmd_process_linked_attribute() kicks in later as
the transaction completes).

Note some care is needed to hold onto the tmp_ctx/src_msg across
multiple passes of the for loop.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoreplmd: Split up replmd_verify_linked_attribute() into src/target checks
Tim Beale [Fri, 26 Oct 2018 02:43:33 +0000 (15:43 +1300)]
replmd: Split up replmd_verify_linked_attribute() into src/target checks

Refactor replmd_verify_linked_attribute() so we split out the link
attribute source/target checks. This patch should not alter
functionality.

The source object check has been moved out to where
replmd_verify_linked_attribute() was called.

replmd_verify_linked_attribute() has been renamed, as it's now only
checking the link target.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agowaf: Load the C compiler correctly
Andreas Schneider [Tue, 25 Sep 2018 16:13:09 +0000 (18:13 +0200)]
waf: Load the C compiler correctly

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 20 04:47:24 CET 2018 on sn-devel-144

9 months agolibrpc/tables.pl: remove unused $opt_output option
Stefan Metzmacher [Thu, 15 Nov 2018 19:15:37 +0000 (20:15 +0100)]
librpc/tables.pl: remove unused $opt_output option

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agowafsamba: simplify SAMBA_PIDL_TABLES() rule
Stefan Metzmacher [Thu, 15 Nov 2018 12:37:58 +0000 (13:37 +0100)]
wafsamba: simplify SAMBA_PIDL_TABLES() rule

The builddir is not bin/default/ instead of just bin/,
so we don't need to strip 'default/' anymore.

And the '--output ${TGT}' part is not really implemented.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agowafsamba: remove unused Build.BuildContext.pre_build overload
Stefan Metzmacher [Tue, 13 Nov 2018 16:04:39 +0000 (17:04 +0100)]
wafsamba: remove unused Build.BuildContext.pre_build overload

This is not needed and also fixed the interaction between
vim and ':make'

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agowafsamba: remove the need of BuildContext.bdir
Stefan Metzmacher [Thu, 15 Nov 2018 10:41:07 +0000 (11:41 +0100)]
wafsamba: remove the need of BuildContext.bdir

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agowafsamba: remove hardcoded '..' and '/default/' from SAMBA_PIDL()
Stefan Metzmacher [Thu, 15 Nov 2018 11:51:37 +0000 (12:51 +0100)]
wafsamba: remove hardcoded '..' and '/default/' from SAMBA_PIDL()

This makes it possible to remove some move waf 1.8 compat code.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agowafsamba: add a fix for broken python threading if just one job is forced
Stefan Metzmacher [Thu, 15 Nov 2018 18:35:27 +0000 (19:35 +0100)]
wafsamba: add a fix for broken python threading if just one job is forced

This fixes random failures during (at least) configure on AIX.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agowafsamba: fix CHECK_MAKEFLAGS() with waf 2.0.8
Stefan Metzmacher [Tue, 13 Nov 2018 14:58:17 +0000 (15:58 +0100)]
wafsamba: fix CHECK_MAKEFLAGS() with waf 2.0.8

Changing Options.options.jobs in the build() hook
is too late in waf 2.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos4:heimdal_build: make use of libreplace getprogname() replacement
Stefan Metzmacher [Thu, 15 Nov 2018 18:53:41 +0000 (19:53 +0100)]
s4:heimdal_build: make use of libreplace getprogname() replacement

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agodsdb group_audit tests: fix use of strncmp
Gary Lockyer [Wed, 14 Nov 2018 01:03:37 +0000 (14:03 +1300)]
dsdb group_audit tests: fix use of strncmp

Replace the uses of:
   strncmp(expected, value, strlen(expected))
With:
    strcmp(expected, value)

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agonetcmd: Flush replUpToDateVector when restoring offline backup
Tim Beale [Thu, 8 Nov 2018 04:34:26 +0000 (17:34 +1300)]
netcmd: Flush replUpToDateVector when restoring offline backup

The replUpToDateVector could be incorrect after an offline backup was
restored. This means replication propagation dampening doesn't work
properly. In the worst case, a singleton DC would have no
replUpToDateVector at all, and so *all* objects created on that DC get
replicated every time a new DRS connection is established between 2 DCs.
This becomes a real problem if you used that singleton DC to create 100K
objects...

This patch flushes the replUpToDateVector when an offline backup gets
restored. We need to do this before we add in the new DC and remove the
old DCs.

Note that this is only a problem for offline backups. The online/rename
backups are received over DRS, and as part of the replication they
receive the latest replUpToDateVector from the DC being backed up.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agonetcmd: Small backup refactor to avoid compatiblity problems
Tim Beale [Thu, 8 Nov 2018 04:07:08 +0000 (17:07 +1300)]
netcmd: Small backup refactor to avoid compatiblity problems

It will be easy to forget that the backupType marker doesn't exist on
v4.9. However, this seems like a dumb reason not to support v4.9
backup-files. Add a wrapper function to avoid potential problems
cropping up in future.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agonetcmd: Add backupType marker to backed-up DB
Tim Beale [Thu, 8 Nov 2018 03:41:52 +0000 (16:41 +1300)]
netcmd: Add backupType marker to backed-up DB

We are starting to hit restore cases that are only applicable to a
particular type of backup. We already had a marker to differentiate
renames, but differentiating offline backups would also be useful.

Note that this raises a slight compatibility issue for backups created
on v4.9, as the marker won't exist. However, it's only offline backups
we will use this marker for (at the moment), and this option doesn't
exist on v4.9, so there's no problem.

Removing the markers has been refactored out into a separate function to
handle the optional presence of the new marker.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agotests: Add assertion that replUpToDateVector is present after backup
Tim Beale [Wed, 7 Nov 2018 23:20:30 +0000 (12:20 +1300)]
tests: Add assertion that replUpToDateVector is present after backup

We noticed that offline backups were missing a replUpToDateVector for
the original DC, if the backup was taken on a singleton DC. This patch
adds an assertion to the existing test-cases to highlight the problem.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoWHATSNEW: Added samba-tool 'backup offline' and 'groups stats'
Tim Beale [Thu, 15 Nov 2018 00:14:48 +0000 (13:14 +1300)]
WHATSNEW: Added samba-tool 'backup offline' and 'groups stats'

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agosmbtorture: Close unused pipe fds in kernel_oplocks8
Christof Schmitt [Wed, 14 Nov 2018 22:13:03 +0000 (15:13 -0700)]
smbtorture: Close unused pipe fds in kernel_oplocks8

This fixes a hang of the testcase when hitting an error in the child (e.g.
localdir does not exist)

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 16 21:52:13 CET 2018 on sn-devel-144

9 months agodsdb: Slightly simplify samdb_check_password
Volker Lendecke [Thu, 15 Nov 2018 09:40:50 +0000 (10:40 +0100)]
dsdb: Slightly simplify samdb_check_password

Avoid an "else" where we have the early return

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
9 months agolib: Fix CID 1441264 Error handling issues (CHECKED_RETURN)
Volker Lendecke [Wed, 14 Nov 2018 20:02:01 +0000 (21:02 +0100)]
lib: Fix CID 1441264 Error handling issues (CHECKED_RETURN)

This is not worth keeping a CID around :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
9 months agotorture: Fix the 32-bit build
Volker Lendecke [Thu, 15 Nov 2018 14:21:36 +0000 (15:21 +0100)]
torture: Fix the 32-bit build

Unfortunately there's no off_t printf specifier as there's one for
size_t. So we have to use intmax_t.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 15 19:45:24 CET 2018 on sn-devel-144

9 months agos3: VFS: fake_acls: Fix Coverity CID 1435850 Uninitialized pointer read.
Jeremy Allison [Fri, 9 Nov 2018 22:13:47 +0000 (14:13 -0800)]
s3: VFS: fake_acls: Fix Coverity CID 1435850 Uninitialized pointer read.

map_acl_perms_to_permset() can return an error, check it.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
9 months agoctdb-tests: Make the debug hung script test cope with unreadable stacks
Martin Schwenke [Wed, 14 Nov 2018 03:09:42 +0000 (14:09 +1100)]
ctdb-tests: Make the debug hung script test cope with unreadable stacks

Ideally this would just involve using "test -r".  However, operating
system security features may mean that kernel stacks are not readable
even though they appear to be.

Instead, try reading that stack of a process on the test node.  If
that succeeds then so should reading the stack of the "stuck" sleep
process in the test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13684

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Thu Nov 15 08:15:32 CET 2018 on sn-devel-144

9 months agothird_party: Update socket_wrapper to version 1.2.1
Andreas Schneider [Wed, 2 May 2018 13:57:38 +0000 (15:57 +0200)]
third_party: Update socket_wrapper to version 1.2.1

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 15 04:50:31 CET 2018 on sn-devel-144

9 months agos4:torture: Use 65520 for maxopenfiles
Andreas Schneider [Mon, 12 Nov 2018 10:51:17 +0000 (11:51 +0100)]
s4:torture: Use 65520 for maxopenfiles

The socket_wrapper limit is 65535 open sockets.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
9 months agos3: VFS: Remove logically dead code. Coverity CID: 1419117
Jeremy Allison [Fri, 9 Nov 2018 19:23:21 +0000 (11:23 -0800)]
s3: VFS: Remove logically dead code. Coverity CID: 1419117

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 14 21:35:45 CET 2018 on sn-devel-144

9 months agos3:passdb: Use discard_const_p() in py_passdb
Andreas Schneider [Mon, 12 Nov 2018 17:27:44 +0000 (18:27 +0100)]
s3:passdb: Use discard_const_p() in py_passdb

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 14 11:46:06 CET 2018 on sn-devel-144

9 months agos4:dsdb: Use const char in py_dsdb_garbage_collect_tombstones()
Andreas Schneider [Mon, 12 Nov 2018 17:20:49 +0000 (18:20 +0100)]
s4:dsdb: Use const char in py_dsdb_garbage_collect_tombstones()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
9 months agos4:librpc: Use discard_const_p for ndr/py_misc
Andreas Schneider [Mon, 12 Nov 2018 17:19:51 +0000 (18:19 +0100)]
s4:librpc: Use discard_const_p for ndr/py_misc

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
9 months agolibldb: Fix const char in pyldb
Andreas Schneider [Mon, 12 Nov 2018 16:19:21 +0000 (17:19 +0100)]
libldb: Fix const char in pyldb

../lib/ldb/pyldb.c: In function ‘PyDict_AsMessage’:
../lib/ldb/pyldb.c:90:22: error: initialization discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
 #define PyStr_AsUTF8 PyUnicode_AsUTF8
                      ^~~~~~~~~~~~~~~~
../lib/ldb/pyldb.c:1359:19: note: in expansion of macro ‘PyStr_AsUTF8’
   char *key_str = PyStr_AsUTF8(key);
                   ^~~~~~~~~~~~
../lib/ldb/pyldb.c: In function ‘py_ldb_msg_getitem_helper’:
../lib/ldb/pyldb.c:3336:7: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
  name = PyStr_AsUTF8(py_name);
       ^
../lib/ldb/pyldb.c: In function ‘py_ldb_msg_setitem’:
../lib/ldb/pyldb.c:3502:12: error: assignment discards ‘const’ qualifier from pointer target type [-Werror=discarded-qualifiers]
  attr_name = PyStr_AsUTF8(name);
            ^

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
9 months agoCI: Autobuild: Remove build_samba_ad_dc_2_py3 CI job
Noel Power [Thu, 25 Oct 2018 16:54:38 +0000 (17:54 +0100)]
CI: Autobuild: Remove build_samba_ad_dc_2_py3 CI job

We now run a purepython3 ad-dc-2 test job, later when the whole
build is running under python3 we will resurrect build_samba_ad_dc_2_py3
but as (build_samba_ad_dc_py2) for python2

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 14 08:20:55 CET 2018 on sn-devel-144

9 months agoCI: Add new CI job for new purepy3-ad-dc-2 autobuild task
Noel Power [Thu, 25 Oct 2018 16:53:35 +0000 (17:53 +0100)]
CI: Add new CI job for new purepy3-ad-dc-2 autobuild task

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoscript: Add new (temporary) pure python3 ad-dc-2 test
Noel Power [Thu, 25 Oct 2018 16:50:18 +0000 (17:50 +0100)]
script: Add new (temporary) pure python3 ad-dc-2 test

Ideally we want all the tests to run under python3 by default (no
special task for this) and then convert the existing '-py3' tasks
to run the python tests with python3.
However at the moment the convertion process is not ready to do this,
for a while we need to run separate autobuild tasks for this.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos4/scripting/bin: gensec_client.update needs bytes
Noel Power [Tue, 30 Oct 2018 13:29:13 +0000 (13:29 +0000)]
s4/scripting/bin: gensec_client.update needs bytes

PY3 test was failing as param passed to update was str rather than bytes

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agopython/samba/tests: Ensure samba_dnsupdate called with correct python version
Noel Power [Tue, 30 Oct 2018 13:22:11 +0000 (13:22 +0000)]
python/samba/tests: Ensure samba_dnsupdate called with correct python version

We need to examine the contents of PYTHON env variable which should defined the
python version to be used when running tests.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos4/scripting/bin: PY3 convert servicePrincipalName attr to string
Tim Beale [Tue, 30 Oct 2018 12:51:54 +0000 (12:51 +0000)]
s4/scripting/bin: PY3 convert servicePrincipalName attr to string

res[0]["servicePrincipalName"] is an instance of ldb.bytes in PY3
If we wish to get the string value we need to call the custom
str function which attempts to decode the bytes to 'utf8'

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed by: Noel Power <npower@samba.org>

9 months agopython/samba/tests: PY3 Fix str/bytes issue for json.loads
Noel Power [Thu, 25 Oct 2018 18:10:30 +0000 (19:10 +0100)]
python/samba/tests: PY3 Fix str/bytes issue for json.loads

Python 3.4 seems to need a string

    parsed = json.loads (out_jsobj)
  File "/usr/lib/python3.4/json/__init__.py", line 312, in loads
    s.__class__.__name__))
TypeError: the JSON object must be str, not 'bytes'

however Python 3.5 seems to be happy to consume bytes (or string)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agopython/samba: PY3 fix can't compare string with int
Noel Power [Fri, 12 Oct 2018 16:15:39 +0000 (17:15 +0100)]
python/samba: PY3 fix can't compare string with int

Testing a string against an int value is illegal and
is not necessary in this case, this patch removes the
problematic test.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos4/dsdb/tests: PY3 port of samba4.ldap.acl.python
Noel Power [Thu, 11 Oct 2018 13:36:06 +0000 (14:36 +0100)]
s4/dsdb/tests: PY3 port of samba4.ldap.acl.python

convert various attribute results to str so assert function
as expected for tests.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos4/dsdb/tests/python: PY3 port samba4.ldap.secdesc
Noel Power [Wed, 10 Oct 2018 20:48:38 +0000 (21:48 +0100)]
s4/dsdb/tests/python: PY3 port samba4.ldap.secdesc

User str/bytes as needed for various asserts

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos4/dsdb/tests/python: PY3 port samba4.ldap_schema.python
Noel Power [Thu, 1 Nov 2018 14:20:20 +0000 (14:20 +0000)]
s4/dsdb/tests/python: PY3 port samba4.ldap_schema.python

+ Misc attributes needed to be converted to strings from bytes to
ensure various asserts work as expected.
+ Fix ndr_unpack call which needs bytes not str

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agopython/samba/netcmd: PY3 port samba4.blackbox.ldapcmp_restore
Noel Power [Wed, 10 Oct 2018 18:46:42 +0000 (19:46 +0100)]
python/samba/netcmd: PY3 port samba4.blackbox.ldapcmp_restore

Convert attribute from bytes to str
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agopython/samba/netcmd: PY3 port samba.tests.samba_tool.edit
Noel Power [Wed, 10 Oct 2018 18:19:24 +0000 (19:19 +0100)]
python/samba/netcmd: PY3 port samba.tests.samba_tool.edit

Need to write bytes to file

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos3/torture: PY3 port samba.ntlm_auth
Noel Power [Wed, 10 Oct 2018 17:45:32 +0000 (18:45 +0100)]
s3/torture: PY3 port samba.ntlm_auth

Use bytes in test rather than str

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agopython/samba/tests: PY3 port samba.tests.blackbox.netads_json
Noel Power [Wed, 10 Oct 2018 16:35:53 +0000 (17:35 +0100)]
python/samba/tests: PY3 port samba.tests.blackbox.netads_json

convert output from check_output to text
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agopython/samba/tests: Port samba.tests.blackbox.samba_dnsupdate for PY2/PY3
Noel Power [Tue, 30 Oct 2018 13:25:59 +0000 (13:25 +0000)]
python/samba/tests: Port samba.tests.blackbox.samba_dnsupdate for PY2/PY3

Make sure either the output of tests and/or the item we are searching match
in type. Output of cmd in python3 is bytes, depending on the was the test is
written it may be easier just to convert all output or just a single string
that is used in the test

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agotestprogs/blackbox: PY3 bulk change for python scripts use correct python
Noel Power [Wed, 10 Oct 2018 16:14:39 +0000 (17:14 +0100)]
testprogs/blackbox: PY3 bulk change for python scripts use correct python

Change all instance where python scripts are called so that the
correct python version as specified by $PYTHON is used

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agopython/samba/provision: PY3 port samba4.dlz_bind9.version
Noel Power [Wed, 10 Oct 2018 15:34:52 +0000 (16:34 +0100)]
python/samba/provision: PY3 port samba4.dlz_bind9.version

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agoctdb: Fix an out of bound array access
Andreas Schneider [Mon, 12 Nov 2018 09:21:15 +0000 (10:21 +0100)]
ctdb: Fix an out of bound array access

Found by cppcheck.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13680

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agolib:util Always initialize start and space
Andreas Schneider [Mon, 12 Nov 2018 09:17:37 +0000 (10:17 +0100)]
lib:util Always initialize start and space

Found by cppcheck.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13680

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agolibgpo: Make sure status is intialized
Andreas Schneider [Mon, 12 Nov 2018 09:16:06 +0000 (10:16 +0100)]
libgpo: Make sure status is intialized

Found by cppcheck.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13680

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agolibrpc:ndr: Initialize inblob
Andreas Schneider [Mon, 12 Nov 2018 09:13:51 +0000 (10:13 +0100)]
librpc:ndr: Initialize inblob

Found by cppcheck.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13680

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos3:rpcclient: Initialize domain_name
Andreas Schneider [Mon, 12 Nov 2018 09:09:23 +0000 (10:09 +0100)]
s3:rpcclient: Initialize domain_name

This could be passed uninitialized to dcerpc_netr_DsRGetDCName()

Found by cppcheck.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13680

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
9 months agos3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID: 1433607
Jeremy Allison [Mon, 12 Nov 2018 19:37:31 +0000 (11:37 -0800)]
s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID: 1433607

Firstly, make the exit condition from the loop explicit (we must
never write into byte n, where n >= sizeof(name->name).

Secondly ensure exiting from the loop that n==MAX_NETBIOSNAME_LEN,
as this is the sign of a correct NetBIOS name encoding (RFC1002)
in order to properly read the NetBIOS name type (which is always
encoded in byte 16 == name->name[15]).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Nov 13 20:54:56 CET 2018 on sn-devel-144

9 months agolibcli/smb: don't overwrite status code
Ralph Boehme [Wed, 7 Nov 2018 13:00:25 +0000 (14:00 +0100)]
libcli/smb: don't overwrite status code

The original commit c5cd22b5bbce724dcd68fe94320382b3f772cabf from bug
9175 never worked, as the preceeding signing check overwrote the status
variable.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144

9 months agos4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works
Ralph Boehme [Tue, 13 Nov 2018 11:08:10 +0000 (12:08 +0100)]
s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works

This adds a simple test that verifies that after having set
smbXcli_session_set_disconnect_expired() a session gets disconnected
when it expires.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
9 months agos3:smb2_sesssetup: check session_info security level before it gets talloc_move'd
Ralph Boehme [Thu, 8 Nov 2018 16:31:41 +0000 (17:31 +0100)]
s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd

We talloc_move() session_info to session->global->auth_session_info
which sets session_info to NULL.

This means security_session_user_level(NULL, NULL) will always return
SECURITY_ANONYMOUS so we never sign the session setup response.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 13 14:22:46 CET 2018 on sn-devel-144

9 months agos4:torture/smb2/session: session reauth response must be signed
Ralph Boehme [Fri, 9 Nov 2018 11:39:41 +0000 (12:39 +0100)]
s4:torture/smb2/session: session reauth response must be signed

This test checks that a session setup reauth is signed even when neither
client nor server require signing.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
9 months agos4:torture/smb2/session: add force_signing to test_session_expire1i
Ralph Boehme [Fri, 9 Nov 2018 11:19:16 +0000 (12:19 +0100)]
s4:torture/smb2/session: add force_signing to test_session_expire1i

Existing callers pass true, so no change in behaviour. The next commit
adds an additional test that passes force_signing=false.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
9 months agos4:torture/smb2/session: require a signed session setup reauth response
Ralph Boehme [Fri, 9 Nov 2018 14:34:24 +0000 (15:34 +0100)]
s4:torture/smb2/session: require a signed session setup reauth response

All existing tests using this function require signing, so currently
this passes. A subsequent commit adds a test where neither client nor
server require signing and that's where this trap will explode.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
9 months agos4:torture/smb2/session: invalidate credential cache
Ralph Boehme [Thu, 8 Nov 2018 14:42:46 +0000 (15:42 +0100)]
s4:torture/smb2/session: invalidate credential cache

Invalidate credential cache before connecting to the server, otherwise
we will reuse the credentials from the credential cache populated by the
preceeding tests.

Also invalidate it at the end, otherwise subsequent tests might run into
problems if the credentials expire while authenticating.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
9 months agolibcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming()
Ralph Boehme [Sat, 10 Nov 2018 21:00:04 +0000 (22:00 +0100)]
libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming()

This can be used by the upper layers to force checking a response is
signed. It will be used to implement verification of session setup
reauth responses in a torture test. That comes next.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
9 months agolibcli/smb: defer singing check a little bit
Ralph Boehme [Sat, 10 Nov 2018 20:56:28 +0000 (21:56 +0100)]
libcli/smb: defer singing check a little bit

This allows adding an additional condition to the if check where the
condition state may be modified in the "if (opcode ==
SMB2_OP_SESSSETUP)" case directly above.

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
9 months agolibcli/smb: maintain require_signed_response in smbXcli_req_state
Ralph Boehme [Fri, 9 Nov 2018 14:26:44 +0000 (15:26 +0100)]
libcli/smb: maintain require_signed_response in smbXcli_req_state

Not used for now, that comes next.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
9 months agolibcli/smb: add smb2cli_session_require_signed_response()
Ralph Boehme [Fri, 9 Nov 2018 14:17:19 +0000 (15:17 +0100)]
libcli/smb: add smb2cli_session_require_signed_response()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
9 months agos3:selftest: also run smb2.session torture testsuite against ad_member
Ralph Boehme [Fri, 9 Nov 2018 11:33:29 +0000 (12:33 +0100)]
s3:selftest: also run smb2.session torture testsuite against ad_member

The next commit adds a subtest to the smb2.session testsuite that
requires Kerberos (ad_dc would work), but where neither SMB2 server or
client must require signing (ad_dc, being an AD DC, requires signing).

The ad_member environment supports Kerberos with the SMB2 server not
mandating signing, that'll do.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
9 months agos3:selftest: split "raw.session" and "smb2.session"
Ralph Boehme [Thu, 8 Nov 2018 15:24:45 +0000 (16:24 +0100)]
s3:selftest: split "raw.session" and "smb2.session"

The next commit is going to add a testsuite to "smb2.session".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>