[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via a370f217bb9 replmd: Make replmd_process_linked_attribute() mem dependencies clearer via 05147d25e7b replmd: Avoid redundant dsdb_get_deleted_objects_dn() checks via 698cf271f43 replmd: Minimize get_parsed_dns_trusted() calls during replication via 90f5e49a879 replmd: Pass old_el into replmd_process_linked_attribute() via 19a36b367f1 replmd: Remove some redundant code via f53954d0fd4 replmd: Move where we update the usnChanged/whenChanged via c371fef5863 replmd: Only modify the object if it actually changed via cb3520fbaf9 replmd: replmd_process_link_attribute() returns type of change made from ad57cac7db0 source4 samr: Tidy DBG_WARNING calls https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit a370f217bb94601345ad5700ea546259e1d04bfd Author: Tim Beale Date: Tue Nov 20 10:59:40 2018 +1300 replmd: Make replmd_process_linked_attribute() mem dependencies clearer This patch should not alter functionality - it is just making memory assumptions used in replmd_process_linked_attribute() clearer. When adding/removing msg->elements we have to take care, as this will invalidate things like the parsed-DN array or old ldb_message_element pointers. This has always been the case (i.e. f6bc4c08b19f5615a49), however, now we need to take even more care, as the msg being modified is re-used and split across 2 different functions. Add more code comments to highlight this. We can also free pdn_list/old_el to prevent them being incorrectly used after realloc. It seems appropriate to also add a sanity-check that the tmp_ctx alloc succeeds (which all the other memory hangs off). Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett Autobuild-User(master): Tim Beale Autobuild-Date(master): Wed Nov 21 05:31:10 CET 2018 on sn-devel-144 commit 05147d25e7b4a9343378c59927f443b723606960 Author: Tim Beale Date: Mon Nov 12 15:49:28 2018 +1300 replmd: Avoid redundant dsdb_get_deleted_objects_dn() checks Quite a bit of time was spent in dsdb_get_deleted_objects_dn() processing during either a join (~9%) or a full-sync (~28%). The problem is we're *always* doing the dsdb_get_deleted_objects_dn() call for each object, regardless of whether it's actually deleted or not. i.e. we were doing an expensive query and a lot of the time just ignoring the query result. If it's not a deleted object we're dealing with, we can just return early and skip the unnecessary processing. Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett commit 698cf271f439c252c77f67fb88b09c9dcc84139d Author: Tim Beale Date: Mon Nov 12 12:11:38 2018 +1300 replmd: Minimize get_parsed_dns_trusted() calls during replication When a group has 10,000+ links, get_parsed_dns_trusted() can be costly (simply the talloc calls alone are expensive). Instead of re-generating the pdn_list for every single link attribute, we can change to only re-generate it when we really need to. When we add a new link, it reallocates old_el->values, and so we need to recreate the pdn_list because all the memory pointers will have changed. However, in the other cases, where we're simply updating the existing link value (or ignoring the update, if it's already applied), we can continue using the same pdn_list (rather than re-parsing it again). This would generally only save time with a full-sync - it won't really help with the join case (because every link processed results in a realloc). On a DB with 5000 users, this makes a full-sync about ~13% faster. Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett commit 90f5e49a8797f821b07ae761056ec0c5235f8978 Author: Tim Beale Date: Mon Nov 12 12:00:47 2018 +1300 replmd: Pass old_el into replmd_process_linked_attribute() We should only need to lookup the msg attribute once per source object. The old_el->values may change due to link-processing, but old_el itself should not. This is not aimed at improving performance, but we need to change how old_el is used before we can change pdn_list (which is more costly processing-wise). Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett commit 19a36b367f1a33f1eb65e0c5164a3209fcef16e6 Author: Tim Beale Date: Mon Nov 12 11:21:36 2018 +1300 replmd: Remove some redundant code At first glance, this code seemed completely unnecessary. However, it was added (by commit f6bc4c08b19f5615) for a valid reason: adding the whenChanged/uSNChanged attributes to the message can cause msg->elements to be reallocated, which means the old_el pointer (which points to msg->elements memory) can be
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ad57cac7db0 source4 samr: Tidy DBG_WARNING calls via 1719f8b9cd9 s4-samr: Use GUID_buf_string() in dcesrv_samr_EnumDomainUsers() via 53c20e1096d s4-samr: Use dom_sid_split_rid() to get the RID in dcesrv_samr_EnumDomainUsers via 64007aa3825 source4 samr: cache samr_EnumDomainUsers results via fa3ea1cfc18 tests samr: Extra tests for samr_EnumDomainUserss via 8d8303b0aec s4-samr: Use GUID_buf_string() in dcesrv_samr_EnumDomainGroups() via b6241852937 s4-samr: Use dom_sid_split_rid() to get the RID in dcesrv_samr_EnumDomainGroups via 564813b5883 source4 samr: cache samr_EnumDomainGroups results via 7dd7800a88e test samr: Extra tests for samr_EnumDomainGroups via fc1a16ff61a s4-samr: Use dom_sid_split_rid() to get the RID in dcesrv_samr_QueryDisplayInfo via 10efdac356d source4 samr: cache samr_QueryDisplayInfo results via d9f7b6d63f9 tests samr: remove PEP8 warnings via 9a1277c1ecd tests samr: Extra tests for samr_QueryDisplayInfo via ad8bb6fcd08 ldb_controls: Add some talloc error checking for controls via ac90c9faa78 sync_passwords: Remove dirsync cookie logging for continuous operation via b7a0d3b1106 dirsync: Allow arbitrary length cookies from 8b47443b871 replmd: Cache recycle-bin state to avoid DB lookup https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ad57cac7db0873cbe1c42173ed36ad41a75ed9a4 Author: Gary Lockyer Date: Wed Nov 21 10:02:43 2018 +1300 source4 samr: Tidy DBG_WARNING calls Move the calls to GUID_buf_string and dom_sid_str_buf into the coresponding DBG_WARNING call, instead of using an intermediate variable. While this violates the coding guidelines, doing this makes the code less cluttred and means the functions are only called if the debug message is printed. Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Wed Nov 21 01:50:11 CET 2018 on sn-devel-144 commit 1719f8b9cd98cf54a297ef59c68db68945bf6f0f Author: Andrew Bartlett Date: Thu Nov 15 13:44:29 2018 +1300 s4-samr: Use GUID_buf_string() in dcesrv_samr_EnumDomainUsers() This avoids memory allocation. Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer commit 53c20e1096d8aa4879ddf22df3cc3651eb73f8f7 Author: Andrew Bartlett Date: Thu Nov 15 12:48:15 2018 +1300 s4-samr: Use dom_sid_split_rid() to get the RID in dcesrv_samr_EnumDomainUsers Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer commit 64007aa3825be8a3c5678cbc636efa8ecb09c4b1 Author: Gary Lockyer Date: Thu Oct 18 13:54:31 2018 +1300 source4 samr: cache samr_EnumDomainUsers results Add a cache of GUID's that matched the last samr_EnunDomainUsers made on a domain handle. The cache is cleared if resume_handle is zero, and when the final results are returned to the caller. The existing code repeated the database query for each chunk requested. Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett commit fa3ea1cfc181dc9119c5fb0c6a1a12a7d31bfac2 Author: Gary Lockyer Date: Thu Oct 18 13:53:55 2018 +1300 tests samr: Extra tests for samr_EnumDomainUserss Add extra tests to test the content returned by samr_EnumDomainUsers, and tests for the result caching added in the following commit. Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett commit 8d8303b0aecb472de33f7dbd87c80e939e98034a Author: Andrew Bartlett Date: Thu Nov 15 13:44:23 2018 +1300 s4-samr: Use GUID_buf_string() in dcesrv_samr_EnumDomainGroups() This avoids memory allocation Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer commit b6241852937e7e2d6254b3e9bba221d34edc5571 Author: Gary Lockyer Date: Thu Oct 18 13:54:31 2018 +1300 s4-samr: Use dom_sid_split_rid() to get the RID in dcesrv_samr_EnumDomainGroups Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer commit 564813b58830142699edb4f82539f0834434c2e4 Author: Gary Lockyer Date: Thu Oct 18 10:16:24 2018 +1300 source4 samr: cache samr_EnumDomainGroups results Add a cache of GUID's that matched the last samr_EnunDomainGroups made on a domain handle. The cache is cleared if resume_handle is zero, and when the final results are returned to the caller. Signed-off-by: Gary Lockyer Reviewed-by: Andrew Bartlett commit 7dd7800a88e6ece0606d6d94718318e2dc067d58 Author: Gary Lockyer Date: Fri Oct 12 11:21:10 2018 +1300 test samr: Extra tests for samr_EnumDomainGroups Add extra tests to test the content returned by samr_EnumDomainGroups, and tests for the result caching added in the
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 7cd5db7a63d ctdb-tests: Make the debug hung script test cope with unreadable stacks via 041e0945cb5 s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd via 77cf7167374 s4:torture/smb2/session: session reauth response must be signed via f2c456aa1b7 s4:torture/smb2/session: add force_signing to test_session_expire1i via 2b164eca304 s4:torture/smb2/session: require a signed session setup reauth response via ff0db7ec9c2 s4:torture/smb2/session: invalidate credential cache via 6c3577a5885 libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming() via 6ca7a8a2ffb libcli/smb: defer singing check a little bit via cd8ea322a32 libcli/smb: maintain require_signed_response in smbXcli_req_state via 4f5af7ba729 libcli/smb: add smb2cli_session_require_signed_response() via 052df0f679d s3:selftest: also run smb2.session torture testsuite against ad_member via e71252ecb2b s3:selftest: split "raw.session" and "smb2.session" from 299e6edd0e6 torture: Fix the 32-bit build https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 7cd5db7a63db2746c600e740e33e426a975bd901 Author: Martin Schwenke Date: Wed Nov 14 14:09:42 2018 +1100 ctdb-tests: Make the debug hung script test cope with unreadable stacks Ideally this would just involve using "test -r". However, operating system security features may mean that kernel stacks are not readable even though they appear to be. Instead, try reading that stack of a process on the test node. If that succeeds then so should reading the stack of the "stuck" sleep process in the test. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13684 Signed-off-by: Martin Schwenke Reviewed-by: Tim Beale Autobuild-User(master): Tim Beale Autobuild-Date(master): Thu Nov 15 08:15:32 CET 2018 on sn-devel-144 (cherry picked from commit c1dd6382e3211792e313f7d559b943f55c9cb0e1) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Tue Nov 20 15:50:33 CET 2018 on sn-devel-144 commit 041e0945cb559c492a3f741cdaab48c85c0dde04 Author: Ralph Boehme Date: Thu Nov 8 17:31:41 2018 +0100 s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd We talloc_move() session_info to session->global->auth_session_info which sets session_info to NULL. This means security_session_user_level(NULL, NULL) will always return SECURITY_ANONYMOUS so we never sign the session setup response. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Nov 13 14:22:46 CET 2018 on sn-devel-144 (cherry picked from commit bb93e691ca9b1922bf552363a1e7d70792749d67) commit 77cf7167374b65258ff9da9aaf6118ba0e63f1aa Author: Ralph Boehme Date: Fri Nov 9 12:39:41 2018 +0100 s4:torture/smb2/session: session reauth response must be signed This test checks that a session setup reauth is signed even when neither client nor server require signing. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider (cherry picked from commit 181f18c4bf70754a6f3132375d06250baab2871b) commit f2c456aa1b7d0a90d73265085d53275d868b56ac Author: Ralph Boehme Date: Fri Nov 9 12:19:16 2018 +0100 s4:torture/smb2/session: add force_signing to test_session_expire1i Existing callers pass true, so no change in behaviour. The next commit adds an additional test that passes force_signing=false. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider (cherry picked from commit 5fdea4095ac82536192c8d91c411b22e2683a5c1) commit 2b164eca30453381d666b9ed190880272ba7a165 Author: Ralph Boehme Date: Fri Nov 9 15:34:24 2018 +0100 s4:torture/smb2/session: require a signed session setup reauth response All existing tests using this function require signing, so currently this passes. A subsequent commit adds a test where neither client nor server require signing and that's where this trap will explode. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider (cherry picked from commit ffc424ee6bedc3c208acb4c0c83da836a12d6123) commit ff0db7ec9c2f7bae0b90b92dabbb611520f8d310 Author: Ralph Boehme Date: Thu Nov 8 15:42:46 2018 +0100 s4:torture/smb2/session: invalidate credential cache Invalidate credential cache bef