[PATCH] gitignore: Ignore additional auto-generated file

All:

Please find attached a patch to ignore the new auto0generated file 
source4/torture/libnetapi/proto.h.

Sincerely,
Andrew Kroeger

>From 7c5024f8b3a14af7f595ea7a7ce510d1b35ed174 Mon Sep 17 00:00:00 2001
From: Andrew Kroeger <andrew <at> id10ts.net>
Date: Sun, 31 May 2009 19:36:55 -0500
Subject: [PATCH] gitignore: Ignore additional auto-generated file

---
 .gitignore |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/.gitignore b/.gitignore
index 5d18b2d..168c9bf 100644
--- a/.gitignore
+++ b/.gitignore
 <at>  <at>  -282,6 +282,7  <at>  <at>  source4/torture/basic/proto.h
 source4/torture/ldap/proto.h
 source4/torture/ldb/proto.h
 source4/torture/libnet/proto.h
+source4/torture/libnetapi/proto.h
 source4/torture/local/proto.h
 source4/torture/nbench/proto.h
 source4/torture/nbt/proto.h

[PATCH] s4:smbtorture: Add forward declaration of test_netuseradd()

All:

Please find attached a patch to fix a missing prototype issue with the 
new LIBNETAPI test.

Sincerely,
Andrew Kroeger

>From 9c027530d4b51a90600977988ae23d00f35ca94e Mon Sep 17 00:00:00 2001
From: Andrew Kroeger <andrew <at> id10ts.net>
Date: Sun, 31 May 2009 19:38:14 -0500
Subject: [PATCH] s4:smbtorture: Add forward declaration of test_netuseradd().

After upgrading the locally installed libnetapi to support building the new
LIBNETAPI testsuite the build failed because libnetapi_group.c did not have a
function definition for test_netuseradd().

mkproto.pl does not create a private prototype for test_netuseradd() because
the return type is NET_API_STATUS, and mkproto.pl is not aware of the
NET_API_STATUS return type.  Decided against modifying mkproto.pl, as the
torture tests are currently the only area in S4 where NET_API_STATUS is used.
---
 source4/torture/libnetapi/libnetapi_group.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/source4/torture/libnetapi/libnetapi_group.c b/source4/torture/libnetapi/libnetapi_group.c
index e8e5ad9..5402986 100644
--- a/source4/torture/libnetapi/libnetapi_group.c
+++ b/source4/torture/libnetapi/libnetapi_group.c

Re: [PATCH] mount.cifs: properly check for mount being in fstab when running setuid root

Hi Jeff,

On Tue, May 26, 2009 at 07:51:43PM -0400, Jeff Layton wrote:
> Ordinarily, I'd consider this a security problem, but I'm not aware of
> any distro that ships mount.cifs as setuid binary. Therefore, I'm going
> to go ahead and post this publically for discussion.

Both Debian and Ubuntu ship mount.cifs setuid, so I guess you didn't look
very far afield.  But in any event, I don't see why you're claiming that
there's a security problem here - you seem to just be objecting that
unprivileged users can mount CIFS shares on directories they own, but this
is by design.  Or have I overlooked some other security hole?

> This means that it's currently not possible to set up user mounts the
> standard way (by the admin, in /etc/fstab) and simultaneously protect
> from an unprivileged user calling mount.cifs directly to mount a share
> on any directory that that user owns.

And as a result, my understanding is that the former usage is not
supported while the latter usage is.  That may be considered a bug, but I
don't see how it's a security bug.

> Mount helpers are never intended to be called directly, and shouldn't
> offer any "extra" privileges over what /bin/mount allows.

Well, I think this is an unsubstantiated assertion.  I think that would be
*a* valid policy, but clearly not everyone agrees with it or we wouldn't
have the current mount.cifs behavior in question.

I'm not particularly attached to the current behavior personally, but I know

Re: Samba4: LDB size limit and memory leak

Hi Marcel,

 > Tests are currently running. Looks good so far - file size is now at a
 > reasonable level.

great - Andrew and I have also found the cause of the test failure,
and we've now committed these changes to the master branch.

So now everyone can enjoy smaller ldbs 

Cheers, Tridge

Re: Samba4: LDB size limit and memory leak

Hi Alexander,

 > Is it really required to use float point operations in tdb code?

tdb already uses floating point. That function uses a floating point
multiply per loop through the free list. 

Avoiding floating point in things other than tight loops makes no
sense at all these days.

Cheers, Tridge

Re: Samba4: LDB size limit and memory leak

On Thu, May 28, 2009 at 5:43 PM, <tridge <at> samba.org> wrote:

> Hi Marcel,
>
> The following patch reduces the problem a bit by repacking the
> database whenever it is expanded inside a transaction.
>
> It still grows far more than it should though. Maybe we need to take a
> fresh look at the ldb indexing approach. The killer is the indexes
> like objectClass, which consists of a record with a key of
> DN= <at> INDEX:OBJECTCLASS:USER that contains a list of every DN that is a
> user object. That record grows by one entry for each new user, which
> is the worst case for our free space allocation code in tdb. It also
> means that for large N, adding N new users is O(N^2), as for each user
> we need to re-write a record of size proportional to N. That is not
> good.
>
> Does anyone have any suggestions for a better indexing strategy?
>
> Cheers, Tridge
>

Wouldnt a repack be quite expensive for large TDBs?

Why not using a linked list of entries? Where one entry points to the next
in the list. (this would need some new tdb magic to let TDB itself handle
these links).
Yes, it would make reading the entire index-object a lot slower, since it
would only read one entry per tdb_fetch(), but then again the full
tdb_traverse that is needed (twice) for the tdb_repack() is not exactly

Re: Samba4: LDB size limit and memory leak

Hi Ronnie,

 > Yes, it would make reading the entire index-object a lot slower, since it
 > would only read one entry per tdb_fetch(), but then again the full
 > tdb_traverse that is needed (twice) for the tdb_repack() is not exactly
 > cheap either.

The repack is only done when the underlying file grows. When adding
20k users as fast as we can, this happens about 10-15 times over a
period of an hour or so. (remember that when we expand a tdb, we
always expand by at least 1.25 in size - see tdb_expand())

If we made indexing have to read a linked list, we would be following
those lists several hundred times per second.

I'm currently considering changing the indexing so that when a single
attribute has more than 100 DNs, it will be split across multiple
records. That would mean we would have to do multiple fetches (one for
each 100 DNs), but insert/delete of indexes won't deal with ever
expanding records.

Cheers, Tridge

Re: [PATCH] s4:smbtorture: Add forward declaration of test_netuseradd()

On Sun, 2009-05-31 at 20:11 -0500, Andrew Kroeger wrote:
> All:
> 
> Please find attached a patch to fix a missing prototype issue with the 
> new LIBNETAPI test.
> 
> Sincerely,
> Andrew Kroeger
> plain text document attachment
> (0002-s4-smbtorture-Add-forward-declaration-of-test_netus.patch)
> >From 9c027530d4b51a90600977988ae23d00f35ca94e Mon Sep 17 00:00:00 2001
> From: Andrew Kroeger <andrew <at> id10ts.net>
> Date: Sun, 31 May 2009 19:38:14 -0500
> Subject: [PATCH] s4:smbtorture: Add forward declaration of test_netuseradd().
> 
> After upgrading the locally installed libnetapi to support building the new
> LIBNETAPI testsuite the build failed because libnetapi_group.c did not have a
> function definition for test_netuseradd().
> 
> mkproto.pl does not create a private prototype for test_netuseradd() because
> the return type is NET_API_STATUS, and mkproto.pl is not aware of the
> NET_API_STATUS return type.  Decided against modifying mkproto.pl, as the
> torture tests are currently the only area in S4 where NET_API_STATUS is used.
> ---
>  source4/torture/libnetapi/libnetapi_group.c |    3 +++
>  1 files changed, 3 insertions(+), 0 deletions(-)
> 
> diff --git a/source4/torture/libnetapi/libnetapi_group.c b/source4/torture/libnetapi/libnetapi_group.c
> index e8e5ad9..5402986 100644
> --- a/source4/torture/libnetapi/libnetapi_group.c

Re: [PATCH] s4:smbtorture: Add forward declaration of test_netuseradd()

Andrew Bartlett wrote:
> Whatever the problem, I don't think the solution is to add a non-static
> header to a .c file
> 
> Can you either fix the proto script, or add this to a header file?
> 
> Thanks,
> 
> Andrew Bartlett

Please find attached a new patch that teaches mkproto.pl about the 
NET_API_STATUS return type.

Sincerely,
Andrew Kroeger

>From d5af9baef73d5b03a55cf92f7edfe331776f5dbe Mon Sep 17 00:00:00 2001
From: Andrew Kroeger <andrew <at> id10ts.net>
Date: Mon, 1 Jun 2009 04:36:50 -0500
Subject: [PATCH] s4:mkproto: Add NET_API_STATUS return type.

The recently added LIBNETAPI torture tests use NET_API_STATUS as a return type
for some functions.  The torture/libnetapi/proto.h private header that was being
generated by mkproto.pl did not include a prototype for the test_netuseradd()
function, as it did not know how to handle the NET_API_STATUS return type.
---
 source4/script/mkproto.pl |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

cannot compile ctdb

Hi all,

I tried to make ctdb on CentOS 4.4.

Make fails with the following error:

Compiling utils/ipmux/ipmux.c
In file included from /usr/include/linux/netfilter_ipv4/ip_queue.h:10,
                 from /usr/include/libipq.h:37,
                 from utils/ipmux/ipmux.c:31:
/usr/include/linux/if.h:59: error: redefinition of `struct ifmap'
/usr/include/linux/if.h:77: error: redefinition of `struct ifreq'
/usr/include/linux/if.h:126: error: redefinition of `struct ifconf'
make: *** [utils/ipmux/ipmux.o] Error 1

How can I overcome the problem and compile ctdb?

Thanks in advance
 Evgeny