self.create_backup() uses self.run_cmd(), which is a wrapper around
self.check_output(). Rework the code to call the underlying
check_output() function directly instead.
The reason we're doing this is we want run_cmd() to catch exceptions and
fail the test (i.e. in the next patch). However, we can't do that because
this test case relies on receiving the exceptions.
Tim Beale [Thu, 22 Nov 2018 00:22:19 +0000 (13:22 +1300)]
selftest: Designate one testenv as having SMBv1 disabled
We recommend users disable SMBv1 to avoid potential security holes.
However, none of the AD DC testenvs have SMBv1 disabled.
This patch disables SMBv1 on an arbitrarily-chosen testenv (restoredc).
I chose restoredc as we'll want to run the backup tool tests against
this target, and it might be useful to check we can backup a DC if it's
already been restored once.
Note that SMBv2 doesn't support POSIX extensions (only SMBv1 does),
which is why we haven't just disabled SMBv1 on *all* testenvs.
Tim Beale [Sun, 25 Nov 2018 22:58:31 +0000 (11:58 +1300)]
tests: Use s3 smbclient for testenv smoketests
smbclient4 doesn't support SMBv2 connections, i.e. it won't work against
a DC with SMBv1 disabled. The smoke-test here is that the DC accepts
the connection, so we don't really care what SMB tool we use to connect.
Tim Beale [Mon, 26 Nov 2018 01:28:59 +0000 (14:28 +1300)]
selftest: Make testenv NTVFS usage match --use-ntvfs
Regardless of whether the testenv uses --use-ntvfs as part of its
provision options, the s4 testenvs all default to using the NTVFS file
server.
It's not particularly obvious that this is happening. The new restore
DCS (restoredc, renamedc, labdc) were all using NTVFS unintentionally.
The problem is the s4 testenvs default to using services '-s3fs +smb".
provision_ad_dc() explicitly overrides this to use s3fs again
(technically it ends up with both in its smb.conf and just uses whatever
comes last).
This patch changes the testenv setup to check for the presence of the
'--use-ntvfs' option and to set the 'server services' config option
appropriately. This way, the provision command and the smb.conf options
should always line up, with respect to NTVFS.
Tim Beale [Mon, 26 Nov 2018 01:59:06 +0000 (14:59 +1300)]
selftest: Make chgdcpass's NTVFS usage more obvious
The chgdcpass testenv was not passing --use-ntvfs to the provision
command, but it was still actually using NTVFS.
The reason is the smb.conf generated by provision_raw_step1() would
always try to use the s4/NTVFS file server. Because the smb.conf already
existed, this trumped what was passed to the provision command.
This patch doesn't change the chgdcpass file server. It just makes it
more obvious that chgdcpass is using NTVFS.
Volker Lendecke [Fri, 23 Nov 2018 07:40:57 +0000 (08:40 +0100)]
libads: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov 23 20:23:57 CET 2018 on sn-devel-144
Tim Beale [Wed, 21 Nov 2018 21:35:01 +0000 (10:35 +1300)]
source4 smbd prefork: Add code comments
Add some comments to the prefork code explaining what's going on.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov 23 11:40:49 CET 2018 on sn-devel-144
Gary Lockyer [Thu, 13 Sep 2018 21:43:59 +0000 (09:43 +1200)]
source4 messaging: clean up terminated processes
Now that the smbd pre-fork process model restarts failed processes rather than
terminating, we end up with names registered to defunct processes.
This patch adds a function to clean up all the names registered to a process.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 4 Sep 2018 19:31:22 +0000 (07:31 +1200)]
source4 smbd prefork: Add backoff to process restart
Add new smbd.conf variables 'prefork backoff increment' and
'prefork maximum backoff' to control the rate at which failed pre-forked
processes are restarted.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 3 Sep 2018 22:09:38 +0000 (10:09 +1200)]
source4 smbd process: pass the fatal flag to terminate
Pass the fatal flag supplied to task_server_terminate to the process
task_terminate method. It will be used by the task_terminate methods to
set an appropriate exit code. The process_prefork model will use a non
zero exit code to indicate that the process should be restarted.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Tue, 20 Nov 2018 03:02:05 +0000 (16:02 +1300)]
replmd: remove unnecessary indent
The previous refactor now means we return early if we don't need to
re-apply isDeleted to the object. The 'else' is redundant and we can
remove it to avoid unnecessary indent.
This patch is basically just a whitespace change. It should not alter
functionality.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov 23 08:10:41 CET 2018 on sn-devel-144
Tim Beale [Mon, 19 Nov 2018 22:45:07 +0000 (11:45 +1300)]
replmd: Avoid passing msg to replmd_process_linked_attribute()
We can prevent anyone from inadvertently adding/removing msg->elements[]
in replmd_process_linked_attribute() by just not passing msg into the
function. Currently we only actually need the source DN and a memory
context for reallocating old_el->values.
The warning comment has been moved to a more appropriate place.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Tue, 20 Nov 2018 04:30:37 +0000 (17:30 +1300)]
tests: Fix flappiness in DRS tests due to RID Set changing
The test_link_utdv_hwm test case in getnc_exop has started getting
slightly flappy (8 failures in the last 2 weeks). The problem is the
test case creates a new computer, which can occasionally result in a new
RID pool being allocated.
The problem can be reproduced by running the test case repeatedly (it
usually fails after ~250 times).
This patch updates the _check_ctr6() assertion to filter out the 'CN=RID
Set' object, if it happens to be present.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Tue, 20 Nov 2018 04:15:41 +0000 (17:15 +1300)]
tests: Add better error for DRS tests
We've got a flappy test hitting this assertion failure, but we can't
tell why it's failing intermittently (probably because we're bumping the
RID-Set, but there's no way to confirm this).
Add some extra debug info if the test assertion fails.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
librpc/ndr/ndr.c:1430 runtime error: left shift of 1 by 31 places cannot
be represented in type 'int'
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Fri Nov 23 01:23:09 CET 2018 on sn-devel-144
../source4/dns_server/dlz_bind9.c:1132:4: error: 'dn' may be used uninitialized in this function [-Werror=maybe-uninitialized]
state->log(ISC_LOG_INFO, "failed to find dnsRecord for %s",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ldb_dn_get_linearized(dn));
~~~~~~~~~~~~~~~~~~~~~~~~~~
Found by Undefined Sanitizer.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Swen Schillig [Wed, 21 Nov 2018 12:30:08 +0000 (13:30 +0100)]
utils: Free host realm after processing
In case of error and at the end of processing the list
of realms have to be free'd again.
Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Nov 22 11:18:41 CET 2018 on sn-devel-144
Swen Schillig [Wed, 21 Nov 2018 09:59:31 +0000 (10:59 +0100)]
libads: set proper ads_keytab_flush() return code on error
The return code was left on success when the calls to
ads_get_machine_kvno() or ads_clear_service_principal_names()
failed and the processing had to be aborted.
Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 16 Nov 2018 20:01:19 +0000 (21:01 +0100)]
libsmb: Make cli_trans a normal subreq function
A lot of "state" variables, but still I don't think the additional complexity
is justified by saving a few lines. Make this a completely regular tevent_req
"req/subreq" function.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Joe Guo [Wed, 24 Oct 2018 03:35:50 +0000 (16:35 +1300)]
logger: use color automatically for a tty
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 21 10:46:20 CET 2018 on sn-devel-144
Joe Guo [Tue, 6 Nov 2018 09:10:55 +0000 (22:10 +1300)]
netcmd/ldapcmp: make code pythonic
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Tue, 6 Nov 2018 08:37:47 +0000 (21:37 +1300)]
netcmd/ldapcmp: promote re object to global
Then we can reuse the re obj.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Tue, 6 Nov 2018 05:16:34 +0000 (18:16 +1300)]
netcmd/ldapcmp: use set instead of list to compare attrs
This will simplify the logic and improve performance.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Tue, 6 Nov 2018 04:41:12 +0000 (17:41 +1300)]
netcmd/ldapcmp: fix wrong way for string copy
Two mistakes here:
- res[:-1] will copy but lost the last char
- string is immutable in python, there is no need to copy it explicitly
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Mon, 29 Oct 2018 04:45:28 +0000 (17:45 +1300)]
netcmd/ldapcmp: pass --skip-missing-dn to LDAPBase
This option has default value False, and was actually not passed down from cli
to LDAPBase. However, LDAPBase.__init__ has default value True for it.
After the change, a few tests using ldapcmp are affected.
Add --skip-missing-dn explicitly to keep the behavior consistent,
otherwise test will fail.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Mon, 29 Oct 2018 04:28:56 +0000 (17:28 +1300)]
netcmd/ldapcmp: avoid modifying data while looping on dict
Just define another dict for return value, seems no need to modify
original dict.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Mon, 29 Oct 2018 03:44:20 +0000 (16:44 +1300)]
netcmd/ldapcmp: rm unused global var summary
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Mon, 29 Oct 2018 02:00:15 +0000 (15:00 +1300)]
netcmd/ldapcmp: use set instead of list to find missing DNs
This simplify the logic and improve performance a lot.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Sun, 28 Oct 2018 21:16:02 +0000 (10:16 +1300)]
netcmd/ldapcmp: avoid list comprehension in for loop
The list comprehension will repeat for each item.
For large database, this make the command freeze.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Sun, 28 Oct 2018 23:12:38 +0000 (12:12 +1300)]
netcmd/ldapcmp: add choices arg to --view option
So we don't need to validate ourselves.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Sun, 28 Oct 2018 22:54:57 +0000 (11:54 +1300)]
netcmd/ldapcmp: add choices arg to --scope option
So we don't need to validate ourselves.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Mon, 29 Oct 2018 01:49:28 +0000 (14:49 +1300)]
netcmd/ldapcmp: rename __eq__ to diff
This method actually changed both objects and print info.
__eq__ is not a proper name and is not designed for this case.
Rename to diff.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Sun, 28 Oct 2018 23:29:58 +0000 (12:29 +1300)]
netcmd/ldapcmp: fix typo for Bundle
Bundel -> Bundle
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Mon, 19 Nov 2018 21:59:40 +0000 (10:59 +1300)]
replmd: Make replmd_process_linked_attribute() mem dependencies clearer
This patch should not alter functionality - it is just making memory
assumptions used in replmd_process_linked_attribute() clearer.
When adding/removing msg->elements we have to take care, as this will
invalidate things like the parsed-DN array or old ldb_message_element
pointers. This has always been the case (i.e. f6bc4c08b19f5615a49),
however, now we need to take even more care, as the msg being modified
is re-used and split across 2 different functions.
Add more code comments to highlight this. We can also free
pdn_list/old_el to prevent them being incorrectly used after realloc.
It seems appropriate to also add a sanity-check that the tmp_ctx alloc
succeeds (which all the other memory hangs off).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Wed Nov 21 05:31:10 CET 2018 on sn-devel-144
Quite a bit of time was spent in dsdb_get_deleted_objects_dn()
processing during either a join (~9%) or a full-sync (~28%).
The problem is we're *always* doing the dsdb_get_deleted_objects_dn()
call for each object, regardless of whether it's actually deleted or
not. i.e. we were doing an expensive query and a lot of the time just
ignoring the query result.
If it's not a deleted object we're dealing with, we can just return
early and skip the unnecessary processing.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Sun, 11 Nov 2018 23:11:38 +0000 (12:11 +1300)]
replmd: Minimize get_parsed_dns_trusted() calls during replication
When a group has 10,000+ links, get_parsed_dns_trusted() can be costly
(simply the talloc calls alone are expensive). Instead of re-generating
the pdn_list for every single link attribute, we can change to only
re-generate it when we really need to.
When we add a new link, it reallocates old_el->values, and so we need to
recreate the pdn_list because all the memory pointers will have changed.
However, in the other cases, where we're simply updating the existing
link value (or ignoring the update, if it's already applied), we can
continue using the same pdn_list (rather than re-parsing it again).
This would generally only save time with a full-sync - it won't really
help with the join case (because every link processed results in a
realloc).
On a DB with 5000 users, this makes a full-sync about ~13% faster.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Sun, 11 Nov 2018 23:00:47 +0000 (12:00 +1300)]
replmd: Pass old_el into replmd_process_linked_attribute()
We should only need to lookup the msg attribute once per source object.
The old_el->values may change due to link-processing, but old_el itself
should not.
This is not aimed at improving performance, but we need to change how
old_el is used before we can change pdn_list (which is more costly
processing-wise).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Sun, 11 Nov 2018 22:21:36 +0000 (11:21 +1300)]
replmd: Remove some redundant code
At first glance, this code seemed completely unnecessary. However, it
was added (by commit f6bc4c08b19f5615) for a valid reason: adding the
whenChanged/uSNChanged attributes to the message can cause msg->elements
to be reallocated, which means the old_el pointer (which points to
msg->elements memory) can be out of date.
whenChanged/uSNChanged now get added to the msg last, just before the DB
modify operation. So old_el can no longer become out of date within
replmd_process_link_attribute(), so re-fetching it is now redundant.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Sun, 11 Nov 2018 22:13:28 +0000 (11:13 +1300)]
replmd: Move where we update the usnChanged/whenChanged
Move this closer to where the source object actually gets modified.
The main reason to do this is that adding fields can cause the
msg->elements to be reallocated, which will invalidate all the
old_el and pdn_list pointers which are derived from the msg.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Sun, 11 Nov 2018 22:00:52 +0000 (11:00 +1300)]
replmd: Only modify the object if it actually changed
Commit 775054afbe1512 reworked replmd_process_link_attribute() so that
we batch together DB operations for the same source object. However, it
was possible that the object had not actually changed at all, e.g.
- link was already processed by critical-objects-only during join, or
- we were doing a full-sync and processing info that was already
up-to-date in our DB.
In these cases we modified the object anyway, even though nothing had
changed. This patch fixes it up, so we check that the object has
actually changed before modifying the DB.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Sun, 11 Nov 2018 21:43:39 +0000 (10:43 +1300)]
replmd: replmd_process_link_attribute() returns type of change made
In order to share work across related link attribute updates, we need
replmd_process_link_attribute() to let the caller know what actually
changed.
This patch adds an extra return type that'll be used in the next patch.
What we're interested in is: the update was ignored (i.e. it's old news),
a new link attribute was added (because this affects the overall
msg/element memory), and an existing link attribute was modified (due to
how links are actually stored, this includes deleting the link, as in
reality it simply involves setting the existing link to 'inactive').
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 20 Nov 2018 21:02:43 +0000 (10:02 +1300)]
source4 samr: Tidy DBG_WARNING calls
Move the calls to GUID_buf_string and dom_sid_str_buf into the
coresponding DBG_WARNING call, instead of using an intermediate variable.
While this violates the coding guidelines, doing this makes the code less
cluttred and means the functions are only called if the debug message is
printed.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 21 01:50:11 CET 2018 on sn-devel-144
Gary Lockyer [Thu, 18 Oct 2018 00:54:31 +0000 (13:54 +1300)]
source4 samr: cache samr_EnumDomainUsers results
Add a cache of GUID's that matched the last samr_EnunDomainUsers made on a
domain handle. The cache is cleared if resume_handle is zero, and when the
final results are returned to the caller.
The existing code repeated the database query for each chunk requested.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Wed, 17 Oct 2018 21:16:24 +0000 (10:16 +1300)]
source4 samr: cache samr_EnumDomainGroups results
Add a cache of GUID's that matched the last samr_EnunDomainGroups made on a
domain handle. The cache is cleared if resume_handle is zero, and when the
final results are returned to the caller.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Tue, 9 Oct 2018 20:20:25 +0000 (09:20 +1300)]
source4 samr: cache samr_QueryDisplayInfo results
Add a cache of GUID's that matched the last samr_QueryDisplayInfo made on a
domain handle. The cache is cleared if the requested start index is
zero, or if the level does not match that in the cache.
The cache is maintained in the guid_caches array of the dcesrv_handle.
Note: that currently this cache exists for the lifetime of the RPC
handle.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Gary Lockyer [Mon, 8 Oct 2018 22:09:20 +0000 (11:09 +1300)]
tests samr: Extra tests for samr_QueryDisplayInfo
Add extra tests to test the content returned by samr_QueryDisplayInfo,
which is not tested for the ADDC. Also adds tests for the result
caching added in the following commit.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Garming Sam [Sun, 18 Nov 2018 22:05:59 +0000 (11:05 +1300)]
sync_passwords: Remove dirsync cookie logging for continuous operation
Under normal operation, users shouldn't see giant cookies in their logs.
We still log the initial cookie retrieved from the cache database, which
should still be helpful for identifying corrupt cookies.
Tim Beale [Fri, 26 Oct 2018 02:04:42 +0000 (15:04 +1300)]
replmd: Cache recycle-bin state to avoid DB lookup
By caching the recycle-bin state we can save ~6% of the join time.
Checking whether the recycle-bin is enabled involves an underlying DSDB
search. We do this ~4 times for each link we replicate (twice for the
link source and target). By caching the recycle-bin's state over the
duration of the replication, we can save 1000s of unnecessary DB
searches.
With 5K users this makes the join time ~5 secs faster.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Tue Nov 20 08:40:16 CET 2018 on sn-devel-144
Tim Beale [Fri, 9 Nov 2018 01:29:14 +0000 (14:29 +1300)]
replmd: Split some code out into create_la_entry() helper function
replmd_store_linked_attributes() has gotten in szie and complexity. This
refactors some code out into a separate function to make things a bit
more manageable.
This patch should not alter functionality.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tim Beale [Fri, 9 Nov 2018 01:06:16 +0000 (14:06 +1300)]
replmd: Skip redundant source object link checks
We receive the links grouped together by source object. We can save
ourselves some work by not looking up the source object for every single
link (if it's still the same object we're dealing with).
We've already made this change to replmd_process_linked_attribute().
This patch makes the same change to replmd_store_linked_attributes().
(We verify that we know about each link source/target as we receive each
replication chunk. replmd_process_linked_attribute() kicks in later as
the transaction completes).
Note some care is needed to hold onto the tmp_ctx/src_msg across
multiple passes of the for loop.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 20 04:47:24 CET 2018 on sn-devel-144
projects / thirdparty / samba.git / log
