[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0f4eca775aa tests/krb5: Add tests for AS-REQ to self with FAST via 100be7eb8e7 tests/krb5: Correctly determine whether tickets are service tickets via 1eb91291b54 tests/krb5: Generate unique UPNs for enterprise tests via 3b23ae59ac4 s4:torture: Fix typo via 030afa6c01b s4:torture: Remove comments that are no longer relevant via bba30095ca1 kdc: Pad UPN_DNS_INFO PAC buffer via 31f3e815799 Revert "s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows" via 7dfcbc4e381 tests/krb5: Add tests for PAC buffer alignment via abbeb5c2175 s4:mitkdc: Call krb5_pac_init() in kdb_samba_db_sign_auth_data() via 3a3f7feac59 s4:mitkdc: Do not allocate the PAC buffer in samba_make_krb5_pac() via 731d9c42d07 s4:mitkdc: Pass NULL to ks_get_pac() as the client_key via e95fb04c5de s4:mitkdc: Add support for pac_attrs and requester_sid via b46a942f95b s4:mitkdc: Reset errno to 0 for com_err messages via c69bfa0939d s4:mitkdc: Use talloc_get_type_abort() in ks_get_context() via f00eb8485f4 s4:mitkdc: Initilalize is_error with errno instead of EPERM(1) from 5b526f4533b tdb: Raw performance torture to beat tdb_increment_seqnum https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0f4eca775aa52cfe40a25ead90c560d76b286ad9 Author: Joseph Sutton Date: Tue Dec 14 19:16:15 2021 +1300 tests/krb5: Add tests for AS-REQ to self with FAST Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Wed Dec 15 04:33:11 UTC 2021 on sn-devel-184 commit 100be7eb8e70ba270a8e92957a5e47466160a901 Author: Joseph Sutton Date: Tue Dec 14 19:16:00 2021 +1300 tests/krb5: Correctly determine whether tickets are service tickets Previously we expected tickets to contain a ticket checksum if the sname was not the krbtgt. However, the ticket checksum should not be present if we are performing an AS-REQ to our own account. Now we determine a ticket is a service ticket only if the request is also a TGS-REQ. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 1eb91291b54b194d8312dac6dd605c793eabfd53 Author: Joseph Sutton Date: Tue Dec 14 19:16:26 2021 +1300 tests/krb5: Generate unique UPNs for enterprise tests This helps to avoid problems with account creation on Windows due to UPN uniqueness constraints. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 3b23ae59ac4953d20ca4422b567a15227a17c545 Author: Joseph Sutton Date: Thu Dec 9 13:18:54 2021 +1300 s4:torture: Fix typo Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 030afa6c01bfc0bfd20a204a5cc7c9d33032a1e7 Author: Joseph Sutton Date: Thu Dec 9 13:18:45 2021 +1300 s4:torture: Remove comments that are no longer relevant Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit bba30095ca14dd947cb32a4403e351b0523304dd Author: Joseph Sutton Date: Fri Dec 10 14:59:22 2021 +1300 kdc: Pad UPN_DNS_INFO PAC buffer Padding this buffer to a multiple of 8 bytes allows the PAC buffer padding to match Windows. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 31f3e815799a205f48bebae666deb327e1058674 Author: Joseph Sutton Date: Tue Dec 14 19:19:42 2021 +1300 Revert "s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows" This alignment should be done on the Samba side instead. This reverts commit 28a5a586c8e9cd155d676dcfcb81a2587ace99d1. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 7dfcbc4e381080b3e3e1777134aecef5522d1f01 Author: Joseph Sutton Date: Thu Dec 9 11:56:55 2021 +1300 tests/krb5: Add tests for PAC buffer alignment Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit abbeb5c2175ad9574d75e852c101887d6e642cb4 Author: Andreas Schneider Date: Mon Dec 13 08:31:49 2021 +0100 s4:mitkdc: Call krb5_pac_init() in kdb_samba_db_sign_auth_data() Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett commit 3a3f7feac59feba08438831cb02564e9b80cdc59 Author: Andreas Schneider Date: Thu Oct 7 15:12:35 2021 +0200 s4:mitkdc: Do not allocate the PAC buffer in samba_make_krb5_pac() This will be allocated by the KDC in MIT KRB5 1.20 and newer. Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett commit 731d9c42d0775d9b1a7475ad2efbe23c2439f6db Author: Andreas Schneider Date: Mon Dec 13 15:48:08 2021 +0100 s4:mitkdc: Pass NULL to ks_get_pac() as the client_key This is unused with MIT KRB5 < 1.20 as this is probably not the right key. Signed-off-by:
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 5b526f4533b tdb: Raw performance torture to beat tdb_increment_seqnum via b9f06ab3472 tdb: Use atomic operations for tdb_[increment|get]_seqnum via 62dab3921b3 configure: Check for __atomic_add_fetch() and __atomic_load() from 1dc803048f8 lib/util: Add signal.h include https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 5b526f4533bda42b51326c3b60fd771bc1cd88e7 Author: Volker Lendecke Date: Mon Dec 13 17:49:51 2021 +0100 tdb: Raw performance torture to beat tdb_increment_seqnum Running this on sn-devel-184 takes ~14 seconds with the atomic ops. Without them I did not wait for it to finish. After reducing NPROCS from 500 to 50 it still ran for more than a minute. Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Dec 15 01:03:56 UTC 2021 on sn-devel-184 commit b9f06ab3472352d064082a44f7d5077c8c13931c Author: Volker Lendecke Date: Mon Dec 13 17:42:12 2021 +0100 tdb: Use atomic operations for tdb_[increment|get]_seqnum With locking.tdb now based on g_lock.c code, we change locking.tdb a lot more often. I have a customer case where LDX tortures smbd very hard with 800+ concurrent connections, which now completely falls over where 4.12 still worked fine. Some debugging showed a thundering herd on fcntl locking.tdb index 48 (TDB_SEQNUM_OFS). We still use fcntl for the seqnum, back when we converted the chainlocks to mutexes we did not consider it to be a problem. Now it is, but all we need to do with the SEQNUM is to increment it, so an __atomic_add_fetch() of one is sufficient. I've taken a look at the C11 standard atomics, but I could not figure out how to use them properly, to me they seem more general to be initialized first etc. All we need is a X86 "lock incl 48(%rax)" to be emitted, and the gcc __atomic_add_fetch seems to do this. Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison commit 62dab3921b335d47a0c9c419714d0e2ea2320f74 Author: Volker Lendecke Date: Mon Dec 13 17:40:52 2021 +0100 configure: Check for __atomic_add_fetch() and __atomic_load() To be used in the tdb_seqnum code soon Signed-off-by: Volker Lendecke Reviewed-by: Jeremy Allison --- Summary of changes: lib/replace/wscript| 16 ++ lib/tdb/common/tdb.c | 24 + lib/tdb/tools/tdbtortseq.c | 123 + lib/tdb/wscript| 5 ++ 4 files changed, 168 insertions(+) create mode 100644 lib/tdb/tools/tdbtortseq.c Changeset truncated at 500 lines: diff --git a/lib/replace/wscript b/lib/replace/wscript index a928b80f2f7..e60ff15f903 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -313,6 +313,22 @@ def configure(conf): headers='stdint.h sys/atomic.h', msg='Checking for atomic_add_32 compiler builtin') +conf.CHECK_CODE(''' +uint32_t i,j; +j = __atomic_add_fetch(,1,__ATOMIC_SEQ_CST) +''', +'HAVE___ATOMIC_ADD_FETCH', +headers='stdint.h', +msg='Checking for __atomic_add_fetch compiler builtin') + +conf.CHECK_CODE(''' +uint32_t i,j; +__atomic_load(,,__ATOMIC_SEQ_CST) +''', +'HAVE___ATOMIC_ADD_LOAD', +headers='stdint.h', +msg='Checking for __atomic_load compiler builtin') + # Check for thread fence. */ tf = conf.CHECK_CODE('atomic_thread_fence(memory_order_seq_cst);', 'HAVE_ATOMIC_THREAD_FENCE', diff --git a/lib/tdb/common/tdb.c b/lib/tdb/common/tdb.c index c56b37be5ca..de829bb48c4 100644 --- a/lib/tdb/common/tdb.c +++ b/lib/tdb/common/tdb.c @@ -64,6 +64,15 @@ static void tdb_increment_seqnum(struct tdb_context *tdb) return; } +#if defined(HAVE___ATOMIC_ADD_FETCH) && defined(HAVE___ATOMIC_ADD_LOAD) + if (tdb->map_ptr != NULL) { + uint32_t *pseqnum = (uint32_t *)( + TDB_SEQNUM_OFS + (char *)tdb->map_ptr); + __atomic_add_fetch(pseqnum, 1, __ATOMIC_SEQ_CST); + return; + } +#endif + if (tdb_nest_lock(tdb, TDB_SEQNUM_OFS, F_WRLCK, TDB_LOCK_WAIT|TDB_LOCK_PROBE) != 0) { return; @@ -838,6 +847,21 @@ _PUBLIC_ int tdb_get_seqnum(struct tdb_context *tdb) { tdb_off_t seqnum=0; + if (tdb->transaction != NULL) { + tdb_ofs_read(tdb, TDB_SEQNUM_OFS, ); + return seqnum; + } + +#if