From 8f56633783958a07cfb24d743c74c95e563fb41c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 27 Apr 2023 12:25:24 +0200 Subject: [PATCH 1/2] winbind: Test wbinfo -u with more than 1000 users winbind asks dcerpc_samr_LookupRids in one batch, where samr.idl has NTSTATUS samr_LookupRids( [in,ref] policy_handle *domain_handle, [in,range(0,1000)] uint32 num_rids, [in,size_is(1000),length_is(num_rids)] uint32 rids[], [out,ref] lsa_Strings *names, [out,ref] samr_Ids *types ); limiting num_rids to 1000 entries. Test this. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15366 Signed-off-by: Volker Lendecke Reviewed-by: Andrew Bartlett (cherry picked from commit f633389f36e79d3e772777ad7ca13012e3616273) --- selftest/knownfail.d/wbinfo_u_large_ad | 1 + .../script/tests/test_wbinfo_u_large_ad.sh | 28 +++++++++++++++++++ source4/selftest/tests.py | 5 ++++ 3 files changed, 34 insertions(+) create mode 100644 selftest/knownfail.d/wbinfo_u_large_ad create mode 100755 source3/script/tests/test_wbinfo_u_large_ad.sh diff --git a/selftest/knownfail.d/wbinfo_u_large_ad b/selftest/knownfail.d/wbinfo_u_large_ad new file mode 100644 index 00000000000..a7814a95cc2 --- /dev/null +++ b/selftest/knownfail.d/wbinfo_u_large_ad @@ -0,0 +1 @@ +^samba.wbinfo_u_large_ad.\(ad_dc:local\).* \ No newline at end of file diff --git a/source3/script/tests/test_wbinfo_u_large_ad.sh b/source3/script/tests/test_wbinfo_u_large_ad.sh new file mode 100755 index 00000000000..ab5f0ca1f6a --- /dev/null +++ b/source3/script/tests/test_wbinfo_u_large_ad.sh @@ -0,0 +1,28 @@ +#!/bin/sh + +LDBMODIFY="$VALGRIND ${LDBMODIFY:-$BINDIR/ldbmodify} $CONFIGURATION" +LDBSEARCH="$VALGRIND ${LDBSEARCH:-$BINDIR/ldbsearch} $CONFIGURATION" +WBINFO="$VALGRIND ${WBINFO:-$BINDIR/wbinfo} $CONFIGURATION" + +NUM_USERS=1234 + +BASE_DN=$($LDBSEARCH -H ldap://$DC_SERVER -b "" --scope=base defaultNamingContext | awk '/^defaultNamingContext/ {print $2}') + +incdir=$(dirname $0)/../../../testprogs/blackbox +. $incdir/subunit.sh + +seq -w 1 "$NUM_USERS" | + xargs -INUM echo -e "dn:cn=large_ad_NUM,cn=users,$BASE_DN\nchangetype:add\nobjectclass:user\nsamaccountname:large_ad_NUM\n" | + $LDBMODIFY -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD" + +testit_grep_count \ + "Make sure $NUM_USERS $DOMAIN users are returned" \ + "$DOMAIN/large_ad_" \ + "$NUM_USERS" \ + ${WBINFO} -u || failed=$(expr $failed + 1) + +seq -w 1 "$NUM_USERS" | + xargs -INUM echo -e "dn:cn=large_ad_NUM,cn=users,$BASE_DN\nchangetype:delete\n" | + $LDBMODIFY -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD" + +testok $0 $failed diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 823ada7a5dc..f8f7aae700d 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -852,6 +852,11 @@ for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_member", "chgdcpass", "rodc"]: planpythontestsuite(env + ":local", "samba.tests.ntlm_auth") +plantestsuite( + "samba.wbinfo_u_large_ad.(ad_dc:local)", + "ad_dc:local", + [os.path.join(samba3srcdir, "script/tests/test_wbinfo_u_large_ad.sh")]) + for env in ["ktest"]: planpythontestsuite(env + ":local", "samba.tests.ntlm_auth_krb5") -- 2.34.1 From 1f04049495bc2f360dde7a026ee01058206310bb Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 26 Apr 2023 17:19:29 +0200 Subject: [PATCH 2/2] winbind: Fix "wbinfo -u" on a Samba AD DC with >1000 users BUG: https://bugzilla.samba.org/show_bug.cgi?id=15366 Signed-off-by: Volker Lendecke Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue May 9 02:58:45 UTC 2023 on atb-devel-224 (cherry picked from commit 6206e15b4de0ba67d713124c2be353dabf3878c8) --- selftest/knownfail.d/wbinfo_u_large_ad | 1 - source3/winbindd/winbindd_samr.c | 102 +++++++++++++++---------- 2 files changed, 62 insertions(+), 41 deletions(-) delete mode 100644 selftest/knownfail.d/wbinfo_u_large_ad diff --git a/selftest/knownfail.d/wbinfo_u_large_ad b/selftest/knownfail.d/wbinfo_u_large_ad deleted file mode 100644 index a7814a95cc2..00000000000 --- a/selftest/knownfail.d/wbinfo_u_large_ad +++ /dev/null @@ -1 +0,0 @@ -^samba.wbinfo_u_large_ad.\(ad_dc:local\).* \ No newline at end of file diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c index ebf9c24b9e4..92dd1851abd 100644 --- a/source3/winbindd/winbindd_samr.c +++ b/source3/winbindd/winbindd_samr.c @@ -914,8 +914,6 @@ static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain, struct rpc_pipe_client *samr_pipe = NULL; struct dcerpc_binding_handle *h = NULL; struct policy_handle dom_pol = { .handle_type = 0, }; - struct lsa_Strings lsa_names = { .count = 0, }; - struct samr_Ids samr_types = { .count = 0, }; enum lsa_SidType *types = NULL; char **names = NULL; const char *domain_name = NULL; @@ -997,49 +995,73 @@ again: } h = samr_pipe->binding_handle; - status = dcerpc_samr_LookupRids( - h, - tmp_ctx, - &dom_pol, - num_rids, - rids, - &lsa_names, - &samr_types, - &result); - - if (!retry && reset_connection_on_error(domain, samr_pipe, status)) { - retry = true; - goto again; - } + /* + * Magic number 1000 comes from samr.idl + */ - if (!NT_STATUS_IS_OK(status)) { - DBG_DEBUG("dcerpc_samr_LookupRids failed: %s\n", - nt_errstr(status)); - goto fail; - } - if (!NT_STATUS_IS_OK(result) && - !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) { - DBG_DEBUG("dcerpc_samr_LookupRids resulted in %s\n", - nt_errstr(result)); - status = result; - goto fail; - } + for (i = 0; i < num_rids; i += 1000) { + uint32_t num_lookup_rids = MIN(num_rids - i, 1000); + struct lsa_Strings lsa_names = { + .count = 0, + }; + struct samr_Ids samr_types = { + .count = 0, + }; + uint32_t j; + + status = dcerpc_samr_LookupRids(h, + tmp_ctx, + &dom_pol, + num_lookup_rids, + &rids[i], + &lsa_names, + &samr_types, + &result); + + if (!retry && + reset_connection_on_error(domain, samr_pipe, status)) { + retry = true; + goto again; + } - for (i=0; i