Douglas Bagnall [Sat, 27 Oct 2018 21:43:42 +0000 (10:43 +1300)]
tests/samba_tool/provision_password_check: follow super inheritance
We were skipping a level in the inheritance chain, which had no effect
in this case (no .setUps or .tearDowns were missed) but it would be
confusing if the parents ever changed.
Note: in python 3, you just call super() with no args, and it works
out the right thing.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <noel.power@suse.com>
Volker Lendecke [Fri, 5 Oct 2018 14:27:48 +0000 (16:27 +0200)]
nsswitch: Run nsswitch thread test
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 1 05:06:23 CET 2018 on sn-devel-144
Ralph Wuerthner [Tue, 2 Oct 2018 11:41:00 +0000 (13:41 +0200)]
nsswitch: protect access to wb_global_ctx by a mutex
This change will make libwbclient thread safe for all API calls not using a
context. Especially there are no more conflicts with threads using nsswitch
and libwbclient in parallel.
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Tue, 30 Oct 2018 17:47:16 +0000 (18:47 +0100)]
s3: winbind: Remove fstring from wb_acct_info struct
The group enumeration backend functions try to allocate an array of
wb_acct_info structs with a number of elements equal to the number of
groups. In domains with a large number of groups this allocation may
fail due to the size of the chunk.
Found while trying to enumerate the groups in a domain with more than
700k groups.
Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Ralph Boehme [Wed, 22 Aug 2018 13:25:26 +0000 (15:25 +0200)]
vfs_fruit: let fruit_open_meta() with O_CREAT return a fake-fd
This is the final step in implementing the needed macOS semantics on the
FinderInfo stream: as long as the client hasn't written a non-zero
FinderInfo blob to the stream, there mustn't be a visible filesystem
entry for other openers.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 1 01:14:23 CET 2018 on sn-devel-144
Ralph Boehme [Sat, 20 Oct 2018 21:40:14 +0000 (23:40 +0200)]
vfs_fruit: let fruit_pwrite_meta_stream also ftruncate empty FinderInfo
fruit_streaminfo currently filters out the FinderInfo stream is
delete-on-close is set. We set it here internally, but the client may
also set it over SMB. Turns out that the macOS SMB server does NOT
filter out FinderInfo stream with delete-on-close set, so we must change
the way filtering is done in fruit_streaminfo.
Filtering is now done based on the FinderInfo stream being 0-bytes large which
is why I'm adding the ftruncate here.
No idea why the tests that check the filtering passed the commits
leading up to this one, but if you revert this commit after applying the
whole patchset, the "delete AFP_AfpInfo by writing all 0" test will fail.
Ralph Boehme [Sat, 20 Oct 2018 21:46:43 +0000 (23:46 +0200)]
vfs_fruit: pass stream size to delete_invalid_meta_stream()
delete_invalid_meta_stream() is meant to guard against random data being
present in the FinderInfo stream. If the stream size is 0, it's likely a
freshly created stream where no data has been written to yet, so don't
delete it.
Ralph Boehme [Wed, 22 Aug 2018 14:49:23 +0000 (16:49 +0200)]
vfs_fruit: do ino calculation
As we'll start returning fake fds in open shortly, we can't rely on the
next module to calculat correct inode numbers for streams and must take
over that responsibility.
Ralph Boehme [Wed, 22 Aug 2018 13:21:08 +0000 (15:21 +0200)]
vfs_fruit: prepare fruit_pwrite_meta() for on-demand opening and writing
This avoid creating files or blobs in our streams backend when a client
creates a stream but hasn't written anything yet. This is the only sane
way to implement the following semantics:
* client 1: create stream "file:foo"
* client 2: open stream "file:foo"
The second operation of client 2 must fail with NT_STATUS_NOT_FOUND.
Ralph Boehme [Mon, 22 Oct 2018 14:21:21 +0000 (16:21 +0200)]
s4:torture/vfs/fruit: add test "empty_stream"
One to rule them all: consistently test critical operations on all
streams relevant to macOS clients: the FinderInfo stream, the Resource
Fork stream and an arbitrary stream that macOS maps to xattrs when
written to on a macOS SMB server.
Ralph Boehme [Sat, 20 Oct 2018 12:53:50 +0000 (14:53 +0200)]
vfs_fruit: filter empty streams
First step in achieving macOS compliant behaviour wrt to empty streams:
- hide empty streams in streaminfo
- prevent opens of empty streams
This means that we may carry 0-byte sized streams in our streams
backend, but this shouldn't really hurt.
The previous attempt of deleting the streams when an SMB setinfo eof to
0 request came in, turned out be a road into desaster.
We could set delete-on-close on the stream, but that means we'd have to
check for it for every write on a stream and checking the
delete-on-close bits requires fetching the locking.tdb record, so this
is expensive and I'd like to avoid that overhead.
Ralph Boehme [Mon, 22 Oct 2018 12:01:34 +0000 (14:01 +0200)]
s4:torture/vfs/fruit: enable AAPL extensions in a bunch of tests
These tests check for macOS SMB server specific behaviour. They work
currently against Samba without enabling AAPL because in vfs_fruit we're
currently don't check whether AAPL has been negotiated in one place. A
subsequent commit will change that and this commit prepares for that
change.
This caused all sort of havoc with subsequent SMB request that acted on
the handle of the then deleted backend storage (file or blob, depending
on the used streams module).
Ralph Boehme [Sat, 20 Oct 2018 12:52:23 +0000 (14:52 +0200)]
s4:torture/vfs/fruit: write some data to a just created teststream
Doesn't currently make a difference, but this prepares for a later
change in vfs_fruit that will filter out empty streams (which is the
macOS behaviour).
Ralph Boehme [Mon, 22 Oct 2018 10:43:16 +0000 (12:43 +0200)]
s4:torture/vfs/fruit: expand test "setinfo eof stream"
o Adds checks verifying that after setting eof to 0 on a stream, a
subsequent open gets ENOENT, before and after closing the handle that
had been used to set eof to 0.
o Verify that a write to a handle succeeds after that handle has been
used to set eof to 0 on a stream.
Ralph Boehme [Mon, 15 Oct 2018 13:17:08 +0000 (15:17 +0200)]
s4:torture/vfs/fruit: update test "creating rsrc with read-only access" for newer macOS versions
While this operation failed against older macOS versions, it passes
against versions 10.12 and newer. Update the test accordingly, a
subsequent commit will then update our implementation.
Ralph Boehme [Tue, 2 Oct 2018 14:05:28 +0000 (16:05 +0200)]
vfs_fruit: detect empty resource forks in ad_convert()
For some reason the macOS client often writes AppleDouble files with a
non-zero sized resource fork, but the resource fork data is just
boilerplate data with the following string close to the start
Tim Beale [Thu, 18 Oct 2018 04:08:32 +0000 (17:08 +1300)]
netcmd: Add 'samba-tool group stats' command
With large domains it's hard to get an idea of how many groups there
are, and how many users are in each group, on average. However, this
could have a big impact on whether a problem can be reproduced or not.
This patch dumps out some summary information so that you can get a
quick idea of how big the groups are.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Oct 31 03:40:41 CET 2018 on sn-devel-144
Tim Beale [Thu, 18 Oct 2018 03:59:24 +0000 (16:59 +1300)]
netcmd: Include num-members in 'samba-tool group list --verbose'
This adds an easy way for users to see (via samba-tool) how many members
are in various groups, without querying the members for each individual
group.
For example, you could pipe this output to grep to check for groups with
zero or one members (i.e. historic groups that may no longer make
sense).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Tim Beale [Mon, 22 Oct 2018 21:19:38 +0000 (10:19 +1300)]
traffic_replay: logger was ignoring smb.conf log-level
We were trying to access the debug-level (in python C bindings) before
the smb.conf had been loaded and actually set the debug-level. So it
would default to zero, regardless of what was in the smb.conf.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Tim Beale [Thu, 11 Oct 2018 01:47:28 +0000 (14:47 +1300)]
traffic_replay: Generate users faster by writing to local DB
We can create user accounts much faster if the LDB connection talks
directly to the local sam.ldb file rather than going via LDAP. This
patch allows the 'host' argument to the tool to be a .ldb file (e.g.
"/usr/local/samba/private/sam.ldb") instead of a server name/IP.
In most cases, the traffic_replay tool wants to run on a remote device
(because the point of it is to send traffic to the DC). However, the
--generate-users-only is one case where the tool can be run locally,
directly on the test DC. (The traffic_replay user generation is handy
for standalone testing, because it also handles assigning group
memberships to the generated user accounts).
Note that you also need to use '--option="ldb:nosync = true"' to get
the improvement in performance.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Gary Lockyer [Wed, 24 Oct 2018 21:52:55 +0000 (10:52 +1300)]
dsdb group audit tests: log_membership_changes extra tests
Add extra tests to ensure better test coverage of log_membership_changes
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Oct 30 20:20:26 CET 2018 on sn-devel-144
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 30 10:32:51 CET 2018 on sn-devel-144
projects / thirdparty / samba.git / log
