[SCM] Samba Shared Repository - branch master updated

[Andrew Bartlett]

The branch, master has been updated
   via  0f4eca775aa tests/krb5: Add tests for AS-REQ to self with FAST
   via  100be7eb8e7 tests/krb5: Correctly determine whether tickets are 
service tickets
   via  1eb91291b54 tests/krb5: Generate unique UPNs for enterprise tests
   via  3b23ae59ac4 s4:torture: Fix typo
   via  030afa6c01b s4:torture: Remove comments that are no longer relevant
   via  bba30095ca1 kdc: Pad UPN_DNS_INFO PAC buffer
   via  31f3e815799 Revert "s4/heimdal/lib/krb5/pac.c: Align PAC buffers to 
match Windows"
   via  7dfcbc4e381 tests/krb5: Add tests for PAC buffer alignment
   via  abbeb5c2175 s4:mitkdc: Call krb5_pac_init() in 
kdb_samba_db_sign_auth_data()
   via  3a3f7feac59 s4:mitkdc: Do not allocate the PAC buffer in 
samba_make_krb5_pac()
   via  731d9c42d07 s4:mitkdc: Pass NULL to ks_get_pac() as the client_key
   via  e95fb04c5de s4:mitkdc: Add support for pac_attrs and requester_sid
   via  b46a942f95b s4:mitkdc: Reset errno to 0 for com_err messages
   via  c69bfa0939d s4:mitkdc: Use talloc_get_type_abort() in 
ks_get_context()
   via  f00eb8485f4 s4:mitkdc: Initilalize is_error with errno instead of 
EPERM(1)
  from  5b526f4533b tdb: Raw performance torture to beat 
tdb_increment_seqnum

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 0f4eca775aa52cfe40a25ead90c560d76b286ad9
Author: Joseph Sutton 
Date:   Tue Dec 14 19:16:15 2021 +1300

tests/krb5: Add tests for AS-REQ to self with FAST

Signed-off-by: Joseph Sutton 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Wed Dec 15 04:33:11 UTC 2021 on sn-devel-184

commit 100be7eb8e70ba270a8e92957a5e47466160a901
Author: Joseph Sutton 
Date:   Tue Dec 14 19:16:00 2021 +1300

tests/krb5: Correctly determine whether tickets are service tickets

Previously we expected tickets to contain a ticket checksum if the sname
was not the krbtgt. However, the ticket checksum should not be present
if we are performing an AS-REQ to our own account. Now we determine a
ticket is a service ticket only if the request is also a TGS-REQ.

Signed-off-by: Joseph Sutton 
Reviewed-by: Andrew Bartlett 

commit 1eb91291b54b194d8312dac6dd605c793eabfd53
Author: Joseph Sutton 
Date:   Tue Dec 14 19:16:26 2021 +1300

tests/krb5: Generate unique UPNs for enterprise tests

This helps to avoid problems with account creation on Windows due to UPN
uniqueness constraints.

Signed-off-by: Joseph Sutton 
Reviewed-by: Andrew Bartlett 

commit 3b23ae59ac4953d20ca4422b567a15227a17c545
Author: Joseph Sutton 
Date:   Thu Dec 9 13:18:54 2021 +1300

s4:torture: Fix typo

Signed-off-by: Joseph Sutton 
Reviewed-by: Andrew Bartlett 

commit 030afa6c01bfc0bfd20a204a5cc7c9d33032a1e7
Author: Joseph Sutton 
Date:   Thu Dec 9 13:18:45 2021 +1300

s4:torture: Remove comments that are no longer relevant

Signed-off-by: Joseph Sutton 
Reviewed-by: Andrew Bartlett 

commit bba30095ca14dd947cb32a4403e351b0523304dd
Author: Joseph Sutton 
Date:   Fri Dec 10 14:59:22 2021 +1300

kdc: Pad UPN_DNS_INFO PAC buffer

Padding this buffer to a multiple of 8 bytes allows the PAC buffer
padding to match Windows.

Signed-off-by: Joseph Sutton 
Reviewed-by: Andrew Bartlett 

commit 31f3e815799a205f48bebae666deb327e1058674
Author: Joseph Sutton 
Date:   Tue Dec 14 19:19:42 2021 +1300

Revert "s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows"

This alignment should be done on the Samba side instead.

This reverts commit 28a5a586c8e9cd155d676dcfcb81a2587ace99d1.

Signed-off-by: Joseph Sutton 
Reviewed-by: Andrew Bartlett 

commit 7dfcbc4e381080b3e3e1777134aecef5522d1f01
Author: Joseph Sutton 
Date:   Thu Dec 9 11:56:55 2021 +1300

tests/krb5: Add tests for PAC buffer alignment

Signed-off-by: Joseph Sutton 
Reviewed-by: Andrew Bartlett 

commit abbeb5c2175ad9574d75e852c101887d6e642cb4
Author: Andreas Schneider 
Date:   Mon Dec 13 08:31:49 2021 +0100

s4:mitkdc: Call krb5_pac_init() in kdb_samba_db_sign_auth_data()

Signed-off-by: Andreas Schneider 
Reviewed-by: Andrew Bartlett 

commit 3a3f7feac59feba08438831cb02564e9b80cdc59
Author: Andreas Schneider 
Date:   Thu Oct 7 15:12:35 2021 +0200

s4:mitkdc: Do not allocate the PAC buffer in samba_make_krb5_pac()

This will be allocated by the KDC in MIT KRB5 1.20 and newer.

Signed-off-by: Andreas Schneider 
Reviewed-by: Andrew Bartlett 

commit 731d9c42d0775d9b1a7475ad2efbe23c2439f6db
Author: Andreas Schneider 
Date:   Mon Dec 13 15:48:08 2021 +0100

s4:mitkdc: Pass NULL to ks_get_pac() as the client_key

This is unused with MIT KRB5 < 1.20 as this is probably not the right key.

Signed-off-by: 

[SCM] Samba Shared Repository - branch master updated

[Jeremy Allison]

The branch, master has been updated
   via  5b526f4533b tdb: Raw performance torture to beat 
tdb_increment_seqnum
   via  b9f06ab3472 tdb: Use atomic operations for 
tdb_[increment|get]_seqnum
   via  62dab3921b3 configure: Check for __atomic_add_fetch() and 
__atomic_load()
  from  1dc803048f8 lib/util: Add signal.h include

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 5b526f4533bda42b51326c3b60fd771bc1cd88e7
Author: Volker Lendecke 
Date:   Mon Dec 13 17:49:51 2021 +0100

tdb: Raw performance torture to beat tdb_increment_seqnum

Running this on sn-devel-184 takes ~14 seconds with the atomic
ops. Without them I did not wait for it to finish. After reducing
NPROCS from 500 to 50 it still ran for more than a minute.

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Wed Dec 15 01:03:56 UTC 2021 on sn-devel-184

commit b9f06ab3472352d064082a44f7d5077c8c13931c
Author: Volker Lendecke 
Date:   Mon Dec 13 17:42:12 2021 +0100

tdb: Use atomic operations for tdb_[increment|get]_seqnum

With locking.tdb now based on g_lock.c code, we change locking.tdb a
lot more often. I have a customer case where LDX tortures smbd very
hard with 800+ concurrent connections, which now completely falls over
where 4.12 still worked fine. Some debugging showed a thundering herd
on fcntl locking.tdb index 48 (TDB_SEQNUM_OFS). We still use fcntl for
the seqnum, back when we converted the chainlocks to mutexes we did
not consider it to be a problem. Now it is, but all we need to do with
the SEQNUM is to increment it, so an __atomic_add_fetch() of one is
sufficient.

I've taken a look at the C11 standard atomics, but I could not figure
out how to use them properly, to me they seem more general to be
initialized first etc. All we need is a X86 "lock incl 48(%rax)" to be
emitted, and the gcc __atomic_add_fetch seems to do this.

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 

commit 62dab3921b335d47a0c9c419714d0e2ea2320f74
Author: Volker Lendecke 
Date:   Mon Dec 13 17:40:52 2021 +0100

configure: Check for __atomic_add_fetch() and __atomic_load()

To be used in the tdb_seqnum code soon

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 

---

Summary of changes:
 lib/replace/wscript|  16 ++
 lib/tdb/common/tdb.c   |  24 +
 lib/tdb/tools/tdbtortseq.c | 123 +
 lib/tdb/wscript|   5 ++
 4 files changed, 168 insertions(+)
 create mode 100644 lib/tdb/tools/tdbtortseq.c


Changeset truncated at 500 lines:

diff --git a/lib/replace/wscript b/lib/replace/wscript
index a928b80f2f7..e60ff15f903 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -313,6 +313,22 @@ def configure(conf):
 headers='stdint.h sys/atomic.h',
 msg='Checking for atomic_add_32 compiler builtin')
 
+conf.CHECK_CODE('''
+uint32_t i,j;
+j = __atomic_add_fetch(,1,__ATOMIC_SEQ_CST)
+''',
+'HAVE___ATOMIC_ADD_FETCH',
+headers='stdint.h',
+msg='Checking for __atomic_add_fetch compiler builtin')
+
+conf.CHECK_CODE('''
+uint32_t i,j;
+__atomic_load(,,__ATOMIC_SEQ_CST)
+''',
+'HAVE___ATOMIC_ADD_LOAD',
+headers='stdint.h',
+msg='Checking for __atomic_load compiler builtin')
+
 # Check for thread fence. */
 tf = conf.CHECK_CODE('atomic_thread_fence(memory_order_seq_cst);',
  'HAVE_ATOMIC_THREAD_FENCE',
diff --git a/lib/tdb/common/tdb.c b/lib/tdb/common/tdb.c
index c56b37be5ca..de829bb48c4 100644
--- a/lib/tdb/common/tdb.c
+++ b/lib/tdb/common/tdb.c
@@ -64,6 +64,15 @@ static void tdb_increment_seqnum(struct tdb_context *tdb)
return;
}
 
+#if defined(HAVE___ATOMIC_ADD_FETCH) && defined(HAVE___ATOMIC_ADD_LOAD)
+   if (tdb->map_ptr != NULL) {
+   uint32_t *pseqnum = (uint32_t *)(
+   TDB_SEQNUM_OFS + (char *)tdb->map_ptr);
+   __atomic_add_fetch(pseqnum, 1, __ATOMIC_SEQ_CST);
+   return;
+   }
+#endif
+
if (tdb_nest_lock(tdb, TDB_SEQNUM_OFS, F_WRLCK,
  TDB_LOCK_WAIT|TDB_LOCK_PROBE) != 0) {
return;
@@ -838,6 +847,21 @@ _PUBLIC_ int tdb_get_seqnum(struct tdb_context *tdb)
 {
tdb_off_t seqnum=0;
 
+   if (tdb->transaction != NULL) {
+   tdb_ofs_read(tdb, TDB_SEQNUM_OFS, );
+   return seqnum;
+   }
+
+#if