1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

17 Commits

Author SHA1 Message Date
David Disseldorp
1f97aeac6b traffic_packets: fix SyntaxWarning: "is" with a literal
Python 3.8 adds this warning via https://bugs.python.org/issue34850:
  the "is" and "is not" operator sometimes is used with string and
  numerical literals. This code "works" on CPython by accident, because
  of caching on different levels (small integers and strings caches,
  interned strings, deduplicating constants at compile time). But it
  shouldn't work on other implementations, and can not work even on
  early or future CPython versions.

Reported-by: L. van Belle <belle@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Apr 27 12:19:59 UTC 2020 on sn-devel-184
2020-04-27 12:19:58 +00:00
Tim Beale
630857c71e traffic_replay: Avoid DB full scans in LDAP searches
When generating LDAP search traffic, a full DB scan can be very costly.
Avoiding full-scan LDAP searches means that we can run traffic_replay
against a 100K user DB and get some sane results.

Because the traffic_learner doesn't record the LDAP search filter at all,
the traffic_replay LDAP searches default to being full scans.
Doing full scans meant that the LDAP search was usually the first packet
type to exceed the max latency and fail the test. It could also skew
results for the other packet types by creating big demands on memory/CPU/
DB-lock-time.

It's hard to know for sure exactly what real-world LDAP searches will
look like, but let's assume full scan searches will be fairly rare.
In traffic-model files we've collected previously, some of the
attributes are fairly unique (e.g. pKIExtendedKeyUsage), and as there
are some LDAP queries specified in MS specs (such as MS-GPOL and
MS-WCCE), it allows us to infer what the search filter might be.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-24 02:24:27 +00:00
Tim Beale
6b1f9b4a5f traffic_replay: Make use of SCOPE_BASE explicit
i.e. avoid hard-coded numbers.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-24 02:24:27 +00:00
Noel Power
923010d99b various: Remove references to about to be deleted thirdparty/dnspython
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-11 20:07:18 +01:00
Noel Power
2a97996c0a python/samba/emulate: PY3 port of samba.tests.emulate.traffic_packet
Fixes
+ None cannot be used with '<' or '>' operators
+ ord expects 'str'
+ unicode doesn't exist in py3
+ bytes class does not have encode method

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-05 23:27:13 +02:00
Joe Guo
211c9a5f85 PEP8: fix E302: expected 2 blank lines, found 1
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:29 +02:00
Noel Power
9650deee03 python/samba: Py2|Py3 compat, fix more missed exception tuple issues 2018-06-20 00:18:20 +02:00
Joe Guo
72f98f9763 traffic: change machine creds secure channel type
SEC_CHAN_WKSTA --> SEC_CHAN_BDC

This will fix netlogon failure against windows.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-14 02:53:16 +02:00
Joe Guo
7c93fb57f5 traffic_packets: provision request data for packet_drsuapi_13
The `drsuapi.DsWriteAccountSpnRequest1` struct in this packet was empty before.
Samba lets it go but Windows will report an invalid parameter error.

Provision the request with proper data, and give user permission to
write account SPN.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-12 02:09:29 +02:00
Joe Guo
9cabb16b48 traffic_packets: add trailing $ to fix packet_rpc_netlogon_30
For `NetrServerPasswordSet2`, the 2nd arg `account_name` must end with a
$, otherwise windows will return an `Access Denied` error.

Use `creds.get_username()` instead of `creds.get_workstation()` to
include the trailing $.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-12 02:09:29 +02:00
Joe Guo
14af041c13 traffic_packets: replace share_name from netlogon to IPC$ for packet_srvsvc_16
Sharename list for Windows:

    Sharename       Type      Comment
    ---------       ----      -------
    ADMIN$          Disk      Remote Admin
    C$              Disk      Default share
    IPC$            IPC       Remote IPC

For Samba:

    Sharename       Type      Comment
    ---------       ----      -------
    netlogon        Disk
    sysvol          Disk
    IPC$            IPC       IPC Service

While test packet_srvsvc_16 with share_name `netlogon`,
it passed Samba, and got a WERR_NERR_NETNAMENOTFOUND error for Windows.

Change share name to `IPC$` so Samba and Windows have it in common.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-12 02:09:29 +02:00
Joe Guo
51333c1538 traffic_packets: replace level 102 to 101 for packet_srvsvc_21
Level 102 will cause WERR_ACCESS_DENIED error against Windows, because:

    > If the level is 102 or 502, the Windows implementation checks whether
    > the caller is a member of one of the groups previously mentioned or
    > is a member of the Power Users local group.

It passed against Samba since this check is not implemented by Samba yet.

refer to:

    https://msdn.microsoft.com/en-us/library/cc247297.aspx#Appendix_A_80

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-12 02:09:28 +02:00
Joe Guo
8d8ef48650 traffic_packets: support NT_STATUS_NO_SUCH_DOMAIN in packet_lsarpc_39
For packet_lsarpc_39, samba will return NT_STATUS_OBJECT_NAME_NOT_FOUND,
however, windows will return NT_STATUS_NO_SUCH_DOMAIN.

Allow both status for now to keep compatiable with both samba and
windows DC.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-12 02:09:28 +02:00
Joe Guo
4d950527f3 traffic: add paged_results control for ldb search
While there are more then 1000 records in the search result from Windows,
a `LDAP_SIZE_LIMIT_EXCEEDED` error will be returned.

Add paged_results control to fix.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-12 02:09:28 +02:00
Stefan Metzmacher
1a258b6b0f traffic_packets.py: let Lookup{Sids,Names}() work against a sane server
In order to resolve predefined sids or names we need to use
level = LSA_LOOKUP_NAMES_ALL (1).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13284

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-21 14:19:18 +01:00
Günther Deschner
112938879f python: fix the build with python3.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13221

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2018-01-16 16:38:23 +01:00
Gary Lockyer
7057abcfcd scripts: Scripts to replay and generate samba traffic
Scripts to generate representative network traffic and replay this to a
samba instance.  For load testing, performance profiling and capacity
planning.

traffic_learner  process a file generated by traffic_summary and
                 generate a model that can be used by traffic_replay to
                 generate samba network traffic.

traffic_replay   Replay a summary file generated by traffic_summary, or
                 use a model created by traffic_learner to generate
                 network traffic.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Tim Beale <timbeale@catalyst.net.nz>
2017-08-17 04:06:06 +02:00