Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 7 01:45:37 UTC 2019 on sn-devel-184
Gary Lockyer [Wed, 17 Apr 2019 21:29:28 +0000 (09:29 +1200)]
nsswitch pam_winbind: Fix Asan use after free
Fix use after free condition detected by Address Sanitizer triggered by
wbcLogonUserInfoDestructor, wbcFreeMemory has code to detect and prevent a
double free. This patch prevents the Address Sanitizer error, allowing
tests to be run with Address Sanitizer enabled.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon May 6 08:55:22 UTC 2019 on sn-devel-184
This was a tool to dump a genine NT4 DC (never Samba) into smbpasswd file.
It did work against Windows AD, but DRS replication is much
more comprehensive.
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon May 6 07:11:51 UTC 2019 on sn-devel-184
The last caller was removed in s4-drs: GetNCChanges() to return correct (in AD-way) ATTIDs
(6a51afcfdbcbce7813fb59c0655e4178268ca70e) by Kamen Mazdrashki in 2010
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Aaron Haslett [Thu, 28 Mar 2019 02:54:06 +0000 (15:54 +1300)]
selftest: correcting empty attribute usage in requests
Many parts of Samba use an empty attribute list in requests expecting
all attributes to be returned in the response, which is incorrect. This
patch corrects the instances found by current CI tests. Static analysis
and debugging will need to be done before changing ildap to the correct
semantics.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon May 6 05:45:55 UTC 2019 on sn-devel-184
Aaron Haslett [Wed, 20 Mar 2019 06:17:07 +0000 (19:17 +1300)]
ldap: test for empty attributes list
Test for LDAP request with an empty attribute list. LDB responds with
no attributes, but LDAP responds with all attributes. Fix is attached
to the bug below but we can't push it upstream until we've found all
instances of incorrect empty attribute list usage in Samba.
Gary Lockyer [Wed, 17 Apr 2019 22:23:22 +0000 (10:23 +1200)]
lib util debug: Increase format buffer to 4KiB
Increase the debug line buffer to 4KiB, the existing size of 1KiB is too
small for dsdbChange JSON audit messages. These messages were then
split across multipe lines causing issues in log ingestion tools
expecting single line messages.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon May 6 01:18:22 UTC 2019 on sn-devel-184
Joe Guo [Wed, 1 May 2019 23:04:05 +0000 (11:04 +1200)]
.gitlab-ci.yml: add docker tag back for private jobs
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun May 5 23:22:54 UTC 2019 on sn-devel-184
Joe Guo [Wed, 1 May 2019 23:05:23 +0000 (11:05 +1200)]
.gitlab-ci.yml: rm abs path in artifacts
According to doc: https://docs.gitlab.com/ee/user/project/pipelines/job_artifacts.html#defining-artifacts-in-gitlab-ciyml
all paths in artifacts must be relative to the cloned repo, so this line
actually never worked.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Fri, 3 May 2019 02:21:24 +0000 (14:21 +1200)]
bootstrap: add lcov to generate code coverage report
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 3 23:45:55 UTC 2019 on sn-devel-184
smbd: Use smbd_check_access_rights in reply_setatr()
That was the only caller of check_access outside of trans2.c, and it
passed an explicit NULL for fsp. Use the lower-level call, so we can
make check_access() static to trans2.c
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Robert Sander <r.sander@heinlein-support.de> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 2 19:34:11 UTC 2019 on sn-devel-184
Windows 10 (1803 and higher) support and use
SMB_FILE_NORMALIZED_NAME_INFORMATION calls over the network. As a
fallback (in case the server don't support it) the client traverses all
path components, which is very expensive.
Implementing SMB_FILE_NORMALIZED_NAME_INFORMATION is very cheap for us
as the open already went through unix_convert() and we have the
information the client is asking for.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 1 18:33:00 UTC 2019 on sn-devel-184
Douglas Bagnall [Sun, 31 Mar 2019 03:07:57 +0000 (16:07 +1300)]
script/attr_count_read: load and correlate all data
This changes script/attr_count_read to take the samba private directory
as an argument and load all the databases at once, printing them as
one big table. It isn't extremely clear what it all means, but it
*tries* to tell you.
With --plot, it will attempt to load matplotlib and plot the number of
requested attributes against the number returned, with colour
of each point indicating its relative frequency. It is a scatterplot
that wants to be a heatmap.
With --no-casefold, you can get an extra confusing table where,
for instance, something repeatedly asks for "attributeId" which is not
accounted for, while in a completely different row an unrequested
"attributeID" is found many times over.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 1 06:46:36 UTC 2019 on sn-devel-184
Douglas Bagnall [Thu, 28 Mar 2019 03:07:48 +0000 (16:07 +1300)]
dsdb/modules: a module to count attribute searches and results
The dsdb module stack can turn a simple search request into a
complicated tree of sub-queries that include attributes not originally
asked for and excluding those that were. The corresponding replies
might contain unrequested attributes or (for good reasons, according
to some module) hide requested ones. The entire stack is there to
meddle and that is what is does. Except *this* module. It just counts.
To understand dsdb performance it helps to have some idea what
requests and replies are flying too and fro. This module, when
inserted anywhere in the stack, counts the requests and replies
passing through and the attributes they contain. This data is stored
in on-disk tdbs in the private/debug directory.
The module is not loaded by default. To load it you need to patch the
source4/dsdb/samdb/ldb_modules/samba_dsdb.c and put "count_attrs"
somewhere in the module lists in the samba_dsdb_init() function. For
example, to examine the traffic between repl_meta_data and
group_audit_log, you would do something like this around line 316:
and recompile. Samba will then write to a number of tdb files in the
debug directory as requests and replies pass through. A simple script
is included to read these files. Doing this:
will print a table showing how often various attritbutes were
requested but not found (from the point of view of the module).
A more sophisticated version of the script is coming in the next
commit, but this one is included first because in its simplicity it
documents the storage format reasonably well. The tdb keys are
attribute names, and the values are uint32_t in machine native order.
When the module is included in the stack there will be a very small
decrease in performance.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 18 Apr 2019 01:39:58 +0000 (13:39 +1200)]
pytests: try ldap.modify_order with normal user
We run the tests again, trying to modify as a normal user rather than
Administrator.
It turns out that we do not always return the same error code as
Windows, but in all these tests both Windows and Samba always return
some kind of error (as you might hope).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 12 Apr 2019 04:09:55 +0000 (16:09 +1200)]
dsdb/pytest/ldap: revive commented out test for attr size range
The test was presumably commented out because we fail it, and
known-failing it would have hidden the attr-too-short tests that it
was bundled with. If we disentangle them we can knwn-fail it, which
serves as a TODO list.
(passes against WIN2012R2).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Wed, 1 May 2019 03:18:31 +0000 (15:18 +1200)]
.gitlab-ci.yml: keep samba-ci-private tag only for private jobs
This will help us give the legacy 'private' tag, used in branches
under maintenance, more resources without those jobs running on the
normal production runners (therefore avoiding the additional cost for
the 90% of builds that are for master).
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 1 05:02:22 UTC 2019 on sn-devel-184
Douglas Bagnall [Tue, 30 Apr 2019 22:41:41 +0000 (10:41 +1200)]
s4/replmd delete: optimise attribute preservation with binary search
When we get here it is very likely that the attribute will not be
preserved, as the preserved ones should have had the flag set, but we
still end up loking through the whole list to confirm. With a binary
search, we end up looking at ~5 attributes to confirm.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 30 Apr 2019 22:35:46 +0000 (10:35 +1200)]
s4/replmd: delete checks flag before laborious search
Most (perhaps all) attributes that are in the "must not remove" list also
have the PRESERVEONDELETE bit set, and checking bits is much cheaper
than a linear search involving strcasecmp. If we check the bit first
we save work.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
smbd: Move deadtime default to parameter definition and man page
The code has a default of one week (10080 minutes) if the parameter is
set to 0. Make this the public default of the parameter, instead of
hiding it in the code. This change also has the code match the
documentation that setting this parameter to 0 disables the check.
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joe Guo [Tue, 26 Mar 2019 04:48:39 +0000 (17:48 +1300)]
traffic: load dns query from file and write stats to file
Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 1 01:10:42 UTC 2019 on sn-devel-184
Tim Beale [Wed, 10 Apr 2019 01:12:30 +0000 (13:12 +1200)]
traffic_replay: Avoid Exception if no packet rate is specified
traffic_replay would throw an exception if you didn't specify some sort
of packet rate. We can avoid this by using --scale-traffic=1.0 as the
default if nothing else was specified.
script/traffic_replay model.txt $SERVER.$REALM --duration=10
--fixed-password=blahblah12# -U$USERNAME%$PASSWORD
INFO 2019-04-10 01:03:01,809 pid:47755 script/traffic_replay #280: Using
the specified model file to generate conversations
Traceback (most recent call last):
File "script/traffic_replay", line 438, in <module>
main()
File "script/traffic_replay", line 293, in main
opts.conversation_persistence)
File "bin/python/samba/emulate/traffic.py", line 1295, in
generate_conversation_sequences
target_packets = int(packet_rate * duration)
TypeError: unsupported operand type(s) for *: 'NoneType' and 'float'
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Tim Beale [Wed, 10 Apr 2019 00:55:26 +0000 (12:55 +1200)]
traffic_replay: Assign users to groups by default
The traffic_replay script has a myriad of options, but by default when
it creates user accounts it does not assign these users to any groups
(you have to specify extra options to do that). This isn't really a fair
test of samba performance, because it's unlikely that real world setups
will have users that are in no groups (other than the default ones).
This patch changes the default behaviour so that it will assign the new
users to groups automatically, if no other group options were
specified.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Thu, 25 Apr 2019 11:12:42 +0000 (13:12 +0200)]
.gitlab-ci.yml: Allow overriding the default image using a variable
This way one can run all tests in a different container without having
to modify the gitlab ci file, just setting the SAMBA_CI_CONTAINER_IMAGE
variable in the gitlab's GUI.
Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 30 18:48:18 UTC 2019 on sn-devel-184
wafsamba: Enable warnings for missing field initializer
enabled a compiler check for warnings about missing initializers for all
developer builds. This fails with older compilers, e.g. gcc on RHEL7.
Add a waf check around adding the compiler option to avoid the failure
with older compilers.
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Wed, 27 Mar 2019 16:12:09 +0000 (17:12 +0100)]
credentials: Workaround krb5_cc_remove_cred not implemented in MIT kerberos
Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Apr 29 19:15:48 UTC 2019 on sn-devel-184
projects / thirdparty / samba.git / log
