Douglas Bagnall [Mon, 8 Jan 2024 02:05:35 +0000 (15:05 +1300)]
ndr: ignore trailing bytes in ndr_pull_security_ace()
This returns the behaviour with ordinary ACEs to where it was with 4.19.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Mon, 8 Jan 2024 01:50:30 +0000 (14:50 +1300)]
ndr: ndr_push_security_ace: calculate coda size once
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Sun, 31 Dec 2023 21:21:55 +0000 (10:21 +1300)]
ndr: avoid object ACE push overhead for non-object ACE
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Sun, 31 Dec 2023 21:21:33 +0000 (10:21 +1300)]
ndr: avoid object ACE pull overhead for non-object ACE
When an ACE is not an object ACE, which is common, setting the switch
value and attempting the object ACE GUID pull is just going to do
nothing, and we know that ahead of time. By noticing that we can save
a bit of time on a common operation.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Sun, 31 Dec 2023 04:45:36 +0000 (17:45 +1300)]
ndr: do not push ACE->coda.ignored blob
From 1e80221b2340de5ef5e2a17f10511bbc2c041163 (2008) until c73034cf7c4392f5d3505319948bc84634c20fa5 (conditional ACEs, etc, 2023)
we had a manual ndr_pull_security_ace() that would discard trailing
bytes, which are those bytes that we now call the coda. The ACE types
that we handled then are those that end up with a coda.ignored data
blob.
With this we effectively restore the long-standing behaviour in the
event that we push and pull an ACE -- though now we discard the
ignored bytes on push rather than pull.
This change is not because the trailing bytes caused any problems (as
far as is known), but because it is much faster to not do the push.
It may be that such ACEs no longer occur.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Fri, 29 Dec 2023 02:27:08 +0000 (15:27 +1300)]
ndr: mark invalid pull ndr_flags as unlikely
This might have little effect, but sometimes we see primatives like
ndr_pull_uint32() taking a few percent of the CPU time, and this is in
all those functions.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Fri, 29 Dec 2023 02:15:48 +0000 (15:15 +1300)]
ndr: skip talloc when pulling empty DATA_BLOB
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Sun, 31 Dec 2023 04:39:23 +0000 (17:39 +1300)]
ndr: ACE push avoids no-op coda pushes
We don't expect an ordinary ACE to have a non-empty coda, and we don't
really want to push it if it does, but for this patch we still will.
This will not change the data on the wire.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Sun, 31 Dec 2023 04:30:47 +0000 (17:30 +1300)]
ndr: make security_ace push manual
This will allow some optimisations; in this commit we just copy the
code.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Sun, 31 Dec 2023 00:06:40 +0000 (13:06 +1300)]
ndr: short-circuit ace coda if no bytes left
The overwhelmingly common case is that there are no bytes left, and
regardless of the ACE type we want to store an empty blob.
We know the blob will be empty if there are no bytes, so we don't need
to allocate a sub-ndr and tokens list and so forth.
This can save almost half the time of a security descriptor pull.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Thu, 28 Dec 2023 10:07:56 +0000 (23:07 +1300)]
pidl: calculate subcontext_size only once per pull
For security_ace_coda in security.idl, the sub-context size is
involves a slightly non-trivial function call which returns a constant
value.
In all other cases, a constant expression is used, and this makes
no difference.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Fri, 5 Jan 2024 00:19:39 +0000 (13:19 +1300)]
perftest: ndr_pack runs in none environment
This is worth changing, because having a server running in the
background can only add noise to the results.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Wed, 3 Jan 2024 12:54:29 +0000 (01:54 +1300)]
perftest:ndr_pack: spin in do_nothing for a while
The idea was to get a less jittery idea of the underlying noise, but
ut is still almost instant. This I suppose is useful in indicating
that this much of the test has very little overhead.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Wed, 3 Jan 2024 12:52:39 +0000 (01:52 +1300)]
perftest:ndr_pack: use a valid dummy SID
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
This includes removing the ANCIENT_SAMBA switch for pre-4.3, as
nobody cares anymore and many tests would not run correctly anyway.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Mon, 1 Jan 2024 08:48:15 +0000 (21:48 +1300)]
perftest: ndr_pack_performance gets more SD types
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Tue, 2 Jan 2024 20:26:51 +0000 (09:26 +1300)]
perftest:ndr_pack: rename SD tests with object ACEs
We are looking at an optimisation for non-object ACEs, which
are more common, but these tests are overwhelmed by object
(OA) ACEs.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
netcmd: models: mark some hidden fields on the base Model as readonly
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netcmd: models: model field DateTimeField returns datetime in UTC
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netcmd: models: fix build_expression on SIDField handles security.dom_sid
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netcmd: models: fix build_expression did not work with EnumField
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netcmd: models: fix BooleanField filtering didn't work on FALSE value
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netcmd: models: move expression code to Field class
This is necessary to deal with edge cases for specific fields.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netcmd: models: add AccountType enum to User model
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netcmd: models: EnumField now also supports IntFlag
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netcmd: models: check for None in build_expression instead
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netcmd: models: change import style to use brackets
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netcmd: models: enums and constants also brought forward
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Wed, 10 Jan 2024 14:43:58 +0000 (14:43 +0000)]
s3/rpc_client: cleanup unmarshalling of variant types from row columns
Prior to this change fn 'extract_variant_addresses' actually returns offsets
to the variant stored not the addresses, additionally the param in the
signature of the method is named offset where the param in reality is a
base address.
This change makes fn 'extract_variant_addresses' actually return addresses
instead of offsets and also changes the name of the incoming param. The
resulting changes are propaged to callers which hopefully makes what the
code is actually doing a little clearer
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Jan 30 17:22:37 UTC 2024 on atb-devel-224
Noel Power [Mon, 8 Jan 2024 15:56:38 +0000 (15:56 +0000)]
s3/utils: use full 64 bit address for getrows (with 64bit offsets)
if 64bit offsets are used the hi 32-bits of address are stored in
the ulreserved2 member of the message header field and the low 32-bits
are stored in the ulclientbase member of the cpmgetrows message
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Noel Power [Mon, 8 Jan 2024 15:12:35 +0000 (15:12 +0000)]
s3/rpc_client: change type of offset to uint64_t
Offset can be a 32 or 64 bit address depending on the indexing addressing
mode negotiated by the client
With a 32 bit param we can only specify a 32 bit base address. This change
alone doesn't affect anything as it is the client itself that choses and
passes the base address offset and wspsearch is the only current user of
this code.
In this case even with 64bit addressing negotiated the address passed
represents only the lower 32-bits part of the address.
However, for coverage purposes it would be better for the client to use an
address that covers the full 64bit range of the address (when 64 bit
addressing is negotiated).
This change will alow the wspsearch client in a future commit to pass a
base address value with both the hi and low 32 bits values set to make up
the full 64 bit address.
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Anoop C S [Tue, 30 Jan 2024 09:03:07 +0000 (14:33 +0530)]
docs-xml: Build and install man page for wspsearch
Commit 49b6137f7c2244aeb3cf9b65fc9d46fcf0b8dc55 switched the default
to install `wspsearch` client from False to True but missed to build
and install the corresponding man page. Therefore adding wspsearch.1
to the list of man pages to be built and installed by default.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Jan 30 14:38:58 UTC 2024 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 30 07:18:05 UTC 2024 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 29 10:37:29 UTC 2024 on atb-devel-224
python:gp: Do not print an error if template already exists
We will get an exit status for duplicate in future:
https://www.pagure.io/certmonger/issue/269
We can't really fix that right now, as older version of certmonger
don't support the `-v` option.
python:gp: Do not print an error, if CA already exists
We will get an exit status for duplicate in future:
https://www.pagure.io/certmonger/issue/269
We can't really fix that right now, as older version of certmonger
don't support the `-v` option.
Anoop C S [Tue, 16 Jan 2024 06:17:27 +0000 (11:47 +0530)]
vfs_ceph: Use ceph_fdopendir() when available for SMB_VFS_FDOPENDIR
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Sat Jan 27 00:01:12 UTC 2024 on atb-devel-224
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jan 26 18:04:10 UTC 2024 on atb-devel-224
s3:rpc_server/witness: add implementation based on CTDB_SRVID_IPREALLOCATED and ctdbd_all_ip_foreach()
The design is relatively simple in the end:
- We use ctdbd_all_ip_foreach() in order to build an
in memory list of interfaces(ip addresses) and
record if:
- they are currently available or not
- if they node local or not
- The current list is would we use for the
GetInterfaceList() call.
- Register[Ex] will create an in memory structure
holding a queue for pending AsyncNotify requests.
- Unregister() will cancel pending AsyncNotify requests and
let them return NOT_FOUND.
- CTDB_SRVID_IPREALLOCATED messages will cause we refresh
with ctdbd_all_ip_foreach():
- this will detect changes in the interface state
and remove stale interfaces.
- for each change the list of registrations is checked
for a matching ip address and a RESOURCE_CHANGE
will be scheduled in the queue of the registration,
the started queue will trigger AsyncNotify responses
- We also register the connections with ctdb in order
to give other nodes a chance to generate tickle-acks
for the witness tcp connections.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
Anoop C S [Tue, 9 Jan 2024 05:41:40 +0000 (11:11 +0530)]
vfs_ceph: Implement SMB_VFS_FSTATAT
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jan 26 16:56:59 UTC 2024 on atb-devel-224
Anoop C S [Thu, 25 Jan 2024 17:26:26 +0000 (22:56 +0530)]
source3/wscript: Announce deprecation of old Ceph version support
*at() variants for various libcephfs APIs were added with Ceph v17.x.
Any other version less than v17.x is soon to be considered EOL[1] which
we will now indicate with the help of a warning message during configure
time. Going further such a situation will result in disabling the module
altogether with the next major Samba version after v4.20.
projects / thirdparty / samba.git / log
