The Samba-Bugzilla – Attachment 17880 Details for
Bug 15366
wbinfo -u fails on ad dc with >1000 users
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 4.17 and 4.18
bug-15366-patch.txt (text/plain), 7.55 KB, created by
Volker Lendecke
on 2023-05-09 06:18:36 UTC
(
hide
)
Description:
Patch for 4.17 and 4.18
Filename:
MIME Type:
Creator:
Volker Lendecke
Created:
2023-05-09 06:18:36 UTC
Size:
7.55 KB
patch
obsolete
>From 8f56633783958a07cfb24d743c74c95e563fb41c Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Thu, 27 Apr 2023 12:25:24 +0200 >Subject: [PATCH 1/2] winbind: Test wbinfo -u with more than 1000 users > >winbind asks dcerpc_samr_LookupRids in one batch, where samr.idl has > > NTSTATUS samr_LookupRids( > [in,ref] policy_handle *domain_handle, > [in,range(0,1000)] uint32 num_rids, > [in,size_is(1000),length_is(num_rids)] uint32 rids[], > [out,ref] lsa_Strings *names, > [out,ref] samr_Ids *types > ); > >limiting num_rids to 1000 entries. Test this. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15366 > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit f633389f36e79d3e772777ad7ca13012e3616273) >--- > selftest/knownfail.d/wbinfo_u_large_ad | 1 + > .../script/tests/test_wbinfo_u_large_ad.sh | 28 +++++++++++++++++++ > source4/selftest/tests.py | 5 ++++ > 3 files changed, 34 insertions(+) > create mode 100644 selftest/knownfail.d/wbinfo_u_large_ad > create mode 100755 source3/script/tests/test_wbinfo_u_large_ad.sh > >diff --git a/selftest/knownfail.d/wbinfo_u_large_ad b/selftest/knownfail.d/wbinfo_u_large_ad >new file mode 100644 >index 00000000000..a7814a95cc2 >--- /dev/null >+++ b/selftest/knownfail.d/wbinfo_u_large_ad >@@ -0,0 +1 @@ >+^samba.wbinfo_u_large_ad.\(ad_dc:local\).* >\ No newline at end of file >diff --git a/source3/script/tests/test_wbinfo_u_large_ad.sh b/source3/script/tests/test_wbinfo_u_large_ad.sh >new file mode 100755 >index 00000000000..ab5f0ca1f6a >--- /dev/null >+++ b/source3/script/tests/test_wbinfo_u_large_ad.sh >@@ -0,0 +1,28 @@ >+#!/bin/sh >+ >+LDBMODIFY="$VALGRIND ${LDBMODIFY:-$BINDIR/ldbmodify} $CONFIGURATION" >+LDBSEARCH="$VALGRIND ${LDBSEARCH:-$BINDIR/ldbsearch} $CONFIGURATION" >+WBINFO="$VALGRIND ${WBINFO:-$BINDIR/wbinfo} $CONFIGURATION" >+ >+NUM_USERS=1234 >+ >+BASE_DN=$($LDBSEARCH -H ldap://$DC_SERVER -b "" --scope=base defaultNamingContext | awk '/^defaultNamingContext/ {print $2}') >+ >+incdir=$(dirname $0)/../../../testprogs/blackbox >+. $incdir/subunit.sh >+ >+seq -w 1 "$NUM_USERS" | >+ xargs -INUM echo -e "dn:cn=large_ad_NUM,cn=users,$BASE_DN\nchangetype:add\nobjectclass:user\nsamaccountname:large_ad_NUM\n" | >+ $LDBMODIFY -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD" >+ >+testit_grep_count \ >+ "Make sure $NUM_USERS $DOMAIN users are returned" \ >+ "$DOMAIN/large_ad_" \ >+ "$NUM_USERS" \ >+ ${WBINFO} -u || failed=$(expr $failed + 1) >+ >+seq -w 1 "$NUM_USERS" | >+ xargs -INUM echo -e "dn:cn=large_ad_NUM,cn=users,$BASE_DN\nchangetype:delete\n" | >+ $LDBMODIFY -H ldap://$DC_SERVER -U "$DOMAIN\Administrator%$DC_PASSWORD" >+ >+testok $0 $failed >diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >index 823ada7a5dc..f8f7aae700d 100755 >--- a/source4/selftest/tests.py >+++ b/source4/selftest/tests.py >@@ -852,6 +852,11 @@ for env in ["nt4_dc", "nt4_member", "ad_dc", "ad_member", "chgdcpass", "rodc"]: > > planpythontestsuite(env + ":local", "samba.tests.ntlm_auth") > >+plantestsuite( >+ "samba.wbinfo_u_large_ad.(ad_dc:local)", >+ "ad_dc:local", >+ [os.path.join(samba3srcdir, "script/tests/test_wbinfo_u_large_ad.sh")]) >+ > for env in ["ktest"]: > planpythontestsuite(env + ":local", "samba.tests.ntlm_auth_krb5") > >-- >2.34.1 > > >From 1f04049495bc2f360dde7a026ee01058206310bb Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Wed, 26 Apr 2023 17:19:29 +0200 >Subject: [PATCH 2/2] winbind: Fix "wbinfo -u" on a Samba AD DC with >1000 > users > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15366 > >Signed-off-by: Volker Lendecke <vl@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Tue May 9 02:58:45 UTC 2023 on atb-devel-224 > >(cherry picked from commit 6206e15b4de0ba67d713124c2be353dabf3878c8) >--- > selftest/knownfail.d/wbinfo_u_large_ad | 1 - > source3/winbindd/winbindd_samr.c | 102 +++++++++++++++---------- > 2 files changed, 62 insertions(+), 41 deletions(-) > delete mode 100644 selftest/knownfail.d/wbinfo_u_large_ad > >diff --git a/selftest/knownfail.d/wbinfo_u_large_ad b/selftest/knownfail.d/wbinfo_u_large_ad >deleted file mode 100644 >index a7814a95cc2..00000000000 >--- a/selftest/knownfail.d/wbinfo_u_large_ad >+++ /dev/null >@@ -1 +0,0 @@ >-^samba.wbinfo_u_large_ad.\(ad_dc:local\).* >\ No newline at end of file >diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c >index ebf9c24b9e4..92dd1851abd 100644 >--- a/source3/winbindd/winbindd_samr.c >+++ b/source3/winbindd/winbindd_samr.c >@@ -914,8 +914,6 @@ static NTSTATUS sam_rids_to_names(struct winbindd_domain *domain, > struct rpc_pipe_client *samr_pipe = NULL; > struct dcerpc_binding_handle *h = NULL; > struct policy_handle dom_pol = { .handle_type = 0, }; >- struct lsa_Strings lsa_names = { .count = 0, }; >- struct samr_Ids samr_types = { .count = 0, }; > enum lsa_SidType *types = NULL; > char **names = NULL; > const char *domain_name = NULL; >@@ -997,49 +995,73 @@ again: > } > h = samr_pipe->binding_handle; > >- status = dcerpc_samr_LookupRids( >- h, >- tmp_ctx, >- &dom_pol, >- num_rids, >- rids, >- &lsa_names, >- &samr_types, >- &result); >- >- if (!retry && reset_connection_on_error(domain, samr_pipe, status)) { >- retry = true; >- goto again; >- } >+ /* >+ * Magic number 1000 comes from samr.idl >+ */ > >- if (!NT_STATUS_IS_OK(status)) { >- DBG_DEBUG("dcerpc_samr_LookupRids failed: %s\n", >- nt_errstr(status)); >- goto fail; >- } >- if (!NT_STATUS_IS_OK(result) && >- !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) { >- DBG_DEBUG("dcerpc_samr_LookupRids resulted in %s\n", >- nt_errstr(result)); >- status = result; >- goto fail; >- } >+ for (i = 0; i < num_rids; i += 1000) { >+ uint32_t num_lookup_rids = MIN(num_rids - i, 1000); >+ struct lsa_Strings lsa_names = { >+ .count = 0, >+ }; >+ struct samr_Ids samr_types = { >+ .count = 0, >+ }; >+ uint32_t j; >+ >+ status = dcerpc_samr_LookupRids(h, >+ tmp_ctx, >+ &dom_pol, >+ num_lookup_rids, >+ &rids[i], >+ &lsa_names, >+ &samr_types, >+ &result); >+ >+ if (!retry && >+ reset_connection_on_error(domain, samr_pipe, status)) { >+ retry = true; >+ goto again; >+ } > >- for (i=0; i<num_rids; i++) { >- types[i] = samr_types.ids[i]; >- names[i] = talloc_move( >- names, >- discard_const_p(char *, &lsa_names.names[i].string)); >+ if (!NT_STATUS_IS_OK(status)) { >+ DBG_DEBUG("dcerpc_samr_LookupRids failed: %s\n", >+ nt_errstr(status)); >+ goto fail; >+ } >+ if (!NT_STATUS_IS_OK(result) && >+ !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) { >+ DBG_DEBUG("dcerpc_samr_LookupRids resulted in %s\n", >+ nt_errstr(result)); >+ status = result; >+ goto fail; >+ } > >- if (names[i] != NULL) { >- char *normalized = NULL; >- NTSTATUS nstatus = normalize_name_map( >- names, domain_name, names[i], &normalized); >- if (NT_STATUS_IS_OK(nstatus) || >- NT_STATUS_EQUAL(nstatus, NT_STATUS_FILE_RENAMED)) { >- names[i] = normalized; >+ for (j = 0; j < num_lookup_rids; j++) { >+ uint32_t dst = i + j; >+ >+ types[dst] = samr_types.ids[j]; >+ names[dst] = talloc_move( >+ names, >+ discard_const_p(char *, >+ &lsa_names.names[j].string)); >+ if (names[dst] != NULL) { >+ char *normalized = NULL; >+ NTSTATUS nstatus = >+ normalize_name_map(names, >+ domain_name, >+ names[dst], >+ &normalized); >+ if (NT_STATUS_IS_OK(nstatus) || >+ NT_STATUS_EQUAL(nstatus, >+ NT_STATUS_FILE_RENAMED)) { >+ names[dst] = normalized; >+ } > } > } >+ >+ TALLOC_FREE(samr_types.ids); >+ TALLOC_FREE(lsa_names.names); > } > > done: >-- >2.34.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=17880">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 15366
: 17880