IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Reading the nTSecurityDescriptor attribute over LDAP requires admin
creds. However, if you don't specify admin creds, then you get an error
like this:
bin/samba-tool gpo aclcheck
ERROR(<class 'KeyError'>): uncaught exception - 'No such element'
File "bin/python/samba/netcmd/__init__.py", line 184, in _run
return self.run(*args, **kwargs)
File "bin/python/samba/netcmd/gpo.py", line 1536, in run
ds_sd_ndr = m['nTSecurityDescriptor'][0]
This patch adds an explicit check/error message to make the problem
clearer.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
As dns_hub.py is now integral to the selftest environments, it seems to
make sense for it to live under the selftest/ directory.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
I ran this command as non-root by mistake and didn't find the error
message particularly helpful. Tweak the error message so it reminds the
user that they should be root. Also display the path we're looking for
the sam.ldb file in, to give them more clues.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Jan 21 16:34:06 CET 2019 on sn-devel-144
samba-tool visualise reuses these libraries to parse reps from other DCs, and Windows sometimes sends
more data than we are expecting
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This can happen if a server has been replaced
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We print the error and keep going.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Currently it is possible to add the same ace multiple times if
the case sensitivity does not match the existing one using "--sddl" parameter.
As an example while an ace
"OA;CIIO;RPWP;3e978925-8c01-11d0-afda-00c04fd930c9;bf967a86-0de6-11d0-a285-00aa003049e2;PS"
already exists a sddl
"OA;CIIO;RPWP;3E978925-8C01-11D0-AFDA-00C04FD930C9;BF967A86-0DE6-11D0-A285-00AA003049E2;PS"
can be added without detection (and can be added multiple times). As an end result
after a high number of addings (in my tests it was about 1600-1800 aces for one
object) no further changes on that object are possible.
Signed-off-by: Martin Krämer <mk.maddin@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 18 23:19:13 CET 2019 on sn-devel-144
In dns_hup.py, we are both importing the socket module and declaring a
variable called socket. When we try to catch a socket.error exception
(defined by the module), Python thinks we're referring to the variable.
As the variable has no attribute called 'error', Python throws an
exception, e.g.:
File "./bin/python/samba/tests/dns_forwarder_helpers/dns_hub.py", line
123, in handle
except socket.error as err:
AttributeError: 'socket' object has no attribute 'error'
We can avoid this problem by calling the variable 'sock' instead.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jan 17 15:23:23 CET 2019 on sn-devel-144
The main changes required are:
- we need to use an s3 loadparm instead of the standard s4 lp.
- the s3 SMB bindings don't support the use_spnego/ntlmv2_auth params,
however, we can set these in the loadparm instead, which will get the
SMB client code to do what we want. Instead of passing in boolean
parameters, we need to use yes/no strings that the lp will accept.
(We always set these values because the underlying lp context is
actually global, and setting a value is 'sticky' and will persist
across test cases. These conf settings are only used by the SMB client
code, and so will only affect the SMB test cases).
- For the no_spnego_no_ntlmv2 test cases, we now explicitly force it to
an SMBv1 connection. The s4 bindings only ever supported SMBv1
connections, so this is the same behaviour. The other test cases will
now try to negotiate SMBv2 connections, however, the no_ntlmv2 test
cases are explicitly checking for bare-NTLM (with the s3 bindings, it
now ends up as NTLMSSP by default).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 17 04:47:56 CET 2019 on sn-devel-144
This should not alter the behaviour of the tests at all. It just makes
it easier to switch over the underlying SMB client bindings.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
The s3 SMB client bindings seem slightly different to s4, in that they
default to setting the CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS flag.
This seems to fallback to finding a valid KRB TGT (from a previous
successful test), which results in the connection succeeding rather than
failing.
Setting MUST_USE_KERBEROS explicitly avoids this behaviour.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
The s4 Python bindings currently only support SMBv1 connections.
If we change the bindings to support *either* v1 or v2, they'll
end up negotiating v2. In which case the server is "SMB2", not "SMB",
and these assertions fail.
Long-term we want to get rid of SMBv1, so it makes sense to write the
tests so that they pass against either v1 or v2.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
We were already checking the smb.conf to see if it uses the NTVFS file
server or the default smbd server. However, we weren't passing this
through to the setntacl() call.
This fixes the problem we noticed with 'samba-tool gpo aclcheck' failing
after a restore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
This means we can now use GPO commands on a DC that has SMBv1 disabled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Throwing an exception here still dumps out the Python stack trace, which
can be a little disconcerting for users.
In this case, the stack trace isn't going to really help at all (the
problem is pretty obvious), and it obscures the useful message
explaining what went wrong.
Throw a CommandError instead, which samba-tool will catch and display
more nicely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Jeremy Allison <rpenny@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 16 22:11:04 CET 2019 on sn-devel-144
When we can't resolve a domain name, we were inadvertently throwing a
TypeError whilst trying to output a helpful message. E.g.
ERROR(<class 'TypeError'>): uncaught exception - 'NTSTATUSError' object
does not support indexing
Instead of indexing the object, we want to index the Exception.args so
that we just display the string portion of the exception error.
The same problem is also present for the domain trust commands.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Jeremy Allison <rpenny@samba.org>
This is a small DNS server that has hard redirects to the different domain
controllers based on domain names. This is required because future commits will
avoid calling into libresolv's code which resolv_wrapper takes care of.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This means we can now backup a DC that has SMBv1 disabled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Mon Jan 14 06:49:09 CET 2019 on sn-devel-144
In python2 PYARG_STR_UNI evaluates to et which allows str type
(e.g bytes) pass through unencoded and accepts unicode objects
encoded as utf8
In python3 PYARG_STR_UNI evaluates to es which allows str type
encoded as named/specified encoding
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Important things are this:
- It's not required to use the bind time feature negotiation in order
to use it, it's only a hint for the client, but nothing is really
negotiated, unlike the request multiplexing with the
DCERPC_PFC_FLAG_CONC_MPX.
- There's special handling related to AUTH_LEVEL_CONNECT
and requests without auth trailer
- An security context is identified by the unique
tuple of auth_type, auth_level and auth_context_id (all together!),
not just the auth_context_id.
- There's a limit of 2049 explicit authentication contexts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When we don't expect a FAULT, we should wait a little bit to check
there's no response to auth3 request. This reduces the raw_procol
test from 45s down to 35s total runtime against Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Jan 11 06:01:01 CET 2019 on sn-devel-144
samba-tool gpo create|fetch|backup commands throw exceptions due to a
missing Python import:
ERROR(<class 'NameError'>): uncaught exception - name 'tempfile' is not
defined
File "bin/python/samba/netcmd/__init__.py", line 184, in _run
return self.run(*args, **kwargs)
File "bin/python/samba/netcmd/gpo.py", line 980, in run
tmpdir, gpodir = self.construct_tmpdir(tmpdir, gpo)
File "bin/python/samba/netcmd/gpo.py", line 386, in construct_tmpdir
tmpdir = tempfile.mkdtemp()
Introduced by commit e3320b6d3d refactor.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Jan 10 16:21:23 CET 2019 on sn-devel-144
In order to make it clear that the APIs in these Python bindings are
unstable and should not be used by external consumers, this patch
changes the name of the Python bindings back to libsmb_samba_internal.
To make the Python code that uses these bindings (i.e. samba-tool, etc)
look a little cleaner, we can just change the module name as we import
it, e.g.
from samba.samba3 import libsmb_samba_internal as libsmb
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jan 9 14:30:31 CET 2019 on sn-devel-144
python[3]-gpgme is deprecated since ubuntu 1804 and debian 9.
use python[3]-gpg instead, and adapt the API.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13728
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The old -S/--scale-traffic is relative to the original model, which made
its relationship to true traffic volumes quite opaque
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This gives you a name of a temporary file within the test case's tempdir.
Use it like this:
with self.mktemp() as filename:
self.check_run("samba-tool foo --output %s" % filename)
self.assertStringsEqual(open(filename).read(), expected)
and filename will flick out of existence when the with block ends.
This is based on an idea used in the traffic_runner tests, which will
soon be adapted to use this method.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
traffic_replay had a broken sense of traffic scale. That is fixed, but
in order to compare old and new tests, it helps to be able to
approximate the old behaviour.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The traffic model is generated from a window in time, which makes
conversations appear to start and stop unnaturally at the window
boundaries. When the window is short compared to the traffic replay
time and the true expected conversation length, this has a significant
distorting effect, leading to more conversations than would be
expected to generate a given number of packets.
To offset this slightly we add the --conversation-persistence option
which tries to convert apparent death into a longish wait.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If the packets really wouldn't do anything, we might as well not add them.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This completes the work of 68c64c634a,
but differs from that in that it makes no actual change because isatty
was not being called so was always evaluated as true.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add more "header" values indicating the progress of the run as a
whole.
The new fields are:
Max sleep miss - the longest sleep() oversleep. Indicates client load.
Maximum lag - the longest gap between a planned packet
time and its actual time.
Start lag - the longest gap between intended and actual
conversation start.
Planned conversations - how many conversations we meant to have.
Planned packets - how many "packets" we thought we were making. Not
all "packets" result in actual operations or packets.
Unfinished conversations - how many conversations had not finished
when they were killed.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
