IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Clean up the test code and remove the pep8 warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 6 04:58:18 UTC 2019 on sn-devel-184
Add test for the dumping of a public structure with ndrdump. This
removes the need to define decode_* functions in the idl.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Fix flapping auth_log_winbind tests, were seeing failures like
UNEXPECTED(failure):
samba.tests.auth_log_winbind.samba.tests.auth_log_winbind.AuthLogTestsWinbind.
test_wbinfo(ad_member:local)
REASON: Exception: Exception: Traceback (most recent call last):
File "bin/python/samba/tests/auth_log_winbind.py", line 328, in
test_wbinfo
self.assertEquals(logon_id, msg["Authentication"]["logonId"])
AssertionError: '812b7158bff1660e' != '2cfc1fed76ff8865'
- 812b7158bff1660e
+ 2cfc1fed76ff8865
Test had a race condition with other SamLogon events on the domain
server. The tests can now handle multiple SamLogon messages and filter
out the SamLogon messages for other logons.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Which is not a terrible assumption to make. The super-user on linux will
always have UID of zero, however, the super-user will not necessarily be
called "root".
This makes the provision/join commands work better when run in a
container. (And while deploying Samba in a container is perhaps not the
smartest move, this gives us some versatility when testing Samba).
This is needed to get the provision commands working in the domain_backup
tests when run with USE_NAMESPACES=1.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
On some systems we're seeing this:
ERROR(<type 'exceptions.AttributeError'>): uncaught exception - 'module' object has no attribute 'drs_utils'
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 185, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 533, in run
transfer_dns_role(self.outf, sambaopts, credopts, role, samdb)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 136, in transfer_dns_role
except samba.drs_utils.drsException as e:
E.g. it happens on debian stretch (9.9) with python 2.7.13 (on 4.10.4)
While it doesn't happen on ubuntu 18.04 with python 2.7.15rc1 or
with python 3.6.7.
There were also some reports on the mailing lists, see:
https://lists.samba.org/archive/samba-technical/2019-May/133624.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bbaumbach@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 30 08:27:24 UTC 2019 on sn-devel-184
We should not risk that we end with no role owner.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The new role owner need to replicate from the old role owner.
Before we told the old role owner to replicate from itself.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
From Python's point of view, array.AddrArray is a list of byte-valued
integers. In Python 3 we can convert directly using the likes of
bytes(array.AddrArray[i].MaxSa[8:24])
but in 4.10 we need to support both, so we use struct.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed May 29 11:29:17 UTC 2019 on sn-devel-184
When Samba uses TDB as a backend store, all new database features are
toggled on/off when GUID indexing is toggled. But, GUID indexing can't
be disabled on MDB, so the other features are toggled separately.
Consequently, the downgradedatabase script behaves differently depending
on the database backend. This patch adds testing for the MDB behaviour.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Now that the database is repacked when GUID indexing is toggled on TDB,
test that downgradedatabase repacks a TDB-backed database with V2 pack
format database with V1.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Test that when we undo GUID indexing on a TDB-backed database with
downgradedatabase, ORDERED_INTEGER is removed from @ATTRIBUTES
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This test confirms that running downgradedatabase causes all GUID keys to be
replaced with DN keys at the KV level
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
If a domain was provisioned by Windows 2000 this value is missing in the
database.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13967
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 28 08:32:10 UTC 2019 on sn-devel-184
We should avoid security.SEC_FLAG_MAXIMUM_ALLOWED otherwise
we may get NT_STATUS_SHARING_VIOLATION when we run
'samba-tool domain backup online' against a Windows DC.
Windows DCs have hidden folders for the NtFrs or Dfsr services,
which are locked by the running service.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13917
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
To avoid warning above produced by using
-Wcast-function-type we;
+ ensure PyCFunctions of type METH_NOARGS defined dummy arg
+ ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG
macro
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
-Wcast-function-type triggers various warnings related to bad api
decisions in python source. To avoid these warnings we hide them
by casting to void first. Macro here is to hide the uglyness and
provide an easy place to either/or
+ fix better in a single place in the future
+ identify the places involved should python api change in a way
this can be handled better
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Many parts of Samba use an empty attribute list in requests expecting
all attributes to be returned in the response, which is incorrect. This
patch corrects the instances found by current CI tests. Static analysis
and debugging will need to be done before changing ildap to the correct
semantics.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon May 6 05:45:55 UTC 2019 on sn-devel-184
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 1 01:10:42 UTC 2019 on sn-devel-184
Tagging schema tests against schemaupgrade_dc test target and fixing
some DN assertions to be more generic.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
The smbd changes the umask - if the code fails to restore the umask to
what it was, then this is very bad. Add an extra check to every
smbd-related test that the umask at the end of the test is the same as
what it was at the beginning (i.e. if the smbd code changed the umask
then it correctly restored the value afterwards).
As the selftest sets the umask for all tests to zero, it makes it hard
to detect this problem, so the test setUp() needs to set it to something
else first.
This extra checking is added to the setUp()/tearDown() so that it
applies to all test-cases. However, any failure that occur with this
approach will not be able to be known-failed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Testing max, min and negative values for indexed 32 and 64 bit types.
This has to be done in two different files because the 64 bit type is
LDB_SYNTAX_INTEGER which is implemented at the ldb level, while the 32
bit is added in the ldb-samba module. Schema syntax binding added for
ldb-samba.
We also need to make sure that full scans are not invoked for LMDB.
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The min_pwd_age and max_pwd_age parameters are both optional and default
to None. However, if we just set the max-pwd-age, then the check
'min_pwd_age >= max_pwd_age' will throw a Python exception because it's
trying to compare an int to NoneType (min_pwd_age). This works on Python 2
but is a problem on Python 3.
We could just add a check that min_pwd_age is not None, but that defeats
the point of having the check if you're only setting either the min or
max age indepedently.
This patch gets the current min/max password age from the DB (in ticks).
If either setting is changed, the ticks will be updated. Then at the end
we check the min is still less than the max (to do this, we convert the
ticks back to days in the interests of readability).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr 5 08:03:08 UTC 2019 on sn-devel-144
Currently setting maxPwdAge doesn't work at all.
While we're adding a test, we might as well assert that minPwdAge
can't be greater than maxPwdAge as well.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The default value is too small for joining a large domain. So we specify a
size of 200,000 which is suitable for domains with up to 100,000 users.
At a later date this could be added as a parameter to the join, but
200,000 should be suitable for now.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr 4 07:45:03 UTC 2019 on sn-devel-144
Provisioning fails on C locale due to the Unicode quotes in ldif
data. Patch read_and_sub_file() to read the files as UTF-8.
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Apr 3 11:33:38 UTC 2019 on sn-devel-144
All command descriptions have a dot '.' at the end.
The ou and visualize command need this too.
...
group - Group management.
ldapcmp - Compare two ldap databases.
ntacl - NT ACLs manipulation.
ou - Organizational Units (OU) management
...
user - User management.
visualize - Produces graphical representations of Samba network state
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Some crypt_r implementations like libxcrypt require a higher value.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
ldb.bytes('') == '' is never True in python3,
we nee ldb.bytes('') == b'' in order to
check that on attribute has an empty value,
that seems to work for python2 and python3.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13843
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar 21 18:15:20 UTC 2019 on sn-devel-144
We do the same with the rdn attribute value
and we need the same logic on both in order to
check they are the same.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
It is better this way anyway.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 20 06:36:05 UTC 2019 on sn-devel-144
These will be removed anyway and any change on them risks to
be an originating update that causes replication problems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 14 03:12:27 UTC 2019 on sn-devel-144
This will be used by dbcheck tests which operate on static/old provision
dumps in the following commits.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Old versions of 'samba-tool dbcheck' could reanimate
deleted objects, when running at the same time as the
tombstone garbage collection.
When the (deleted) parent of a deleted object
(with the DISALLOW_MOVE_ON_DELETE bit in systemFlags),
is removed before the object itself, dbcheck moved
it in the LostAndFound[Config] subtree of the partition
as an originating change. That means that the object
will be in tombstone state again for 180 days on the local
DC. And other DCs fail to replicate the object as
it's already removed completely there and the replication
only gives the name and lastKnownParent attributes, because
all other attributes should already be known to the other DC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This would typically happen when the garbage collection
removed a parent object before a child object (both with
the DISALLOW_MOVE_ON_DELETE bit set in systemFlags),
while dbcheck is running at the same time as the garbage collection.
In this case the lastKnownParent attributes points a non existing
object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This would typically happen when the garbage collection
removed a parent object before a child object (both with
the DISALLOW_MOVE_ON_DELETE bit set in systemFlags),
while dbcheck is running at the same time as the garbage collection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should never do originating updates on deleted objects.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This test is asserting the expected number of *IPv4* addresses, not any
interface address (including IPv6). It works currently because the
selftest client doesn't have an IPv6 address in its smb.conf.
This patch makes the IPv4 assumption explicit by importing
interface_ips_v4() from the provision code. We need to tweak this to
pass through an 'all_interfaces' flag, otherwise it filters out the
loopback IP addresses that the testenv is using.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The GPE.INI file does not appear to be documented anywhere in the
protocol specifications and seems to be due to legacy code. It appears
that it used to be how the gPCUserExtensionNames and
gPCMachineExtensionNames were maintained without the requirement for
LDAP.
All we do is ignore the parsing of this file and copy it over as binary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13825
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 12 01:41:32 UTC 2019 on sn-devel-144
Generally speaking, there is not much value to keeping this file. The
display name does not ever seem to be used and the version only applies
to the original domain or DC it was on. The command line option to
revert this behaviour is mostly for the tests or for having a straight
1:1 backup-restore for pure restoration.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13806
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
For some reason the French version of RSAT turns accents into ISO-8859-1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13806
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The test only checks that the LDAP values are equal before and after.
The format and specifics should be up to the implementation -- and be
amenable to changes later. As long as the extension doesn't match
.SAMBABACKUP or .xml, it won't be detected by the tools.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13627
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
After creating a backup and calling 'gpo restore', this makes it so that
restoring a GPO will instantly enable it for use.
There might be some cases where we might not want to do this, but for now just do it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13627
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It's unsure why this doesn't fail generically, but it fails on my machine sometimes...
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It appears that RSAT can leave a space in the gPLink field, which we need to handle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13564
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
always use explicit python version at current stage.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Mar 7 13:03:56 UTC 2019 on sn-devel-144
The messages count could be different because of racing condition.
And we should only care about the last expected one.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett abartlet@samba.org
Reviewed-by: Noel Power npower@samba.org
In `iso8601/iso8601.py`:
if sys.version_info >= (3, 2, 0):
UTC = datetime.timezone.utc
...
else:
class Utc(datetime.tzinfo):
...
UTC = Utc()
The class `Utc` is only available for python < 3.2.0.
Use `UTC` instance instead, which is python 2/3 compatible.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
SWAT was removed in Samba 4.1 and there isn't any reason to keep a web
server in our codebase. The web server was not turned on by default.
The web server plainly does not hold up to modern web server standards
and allows for resource exhaustion (and probably generally has bugs).
Credit goes to Michael Hanselmann for prompting us to remove this
service entirely.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
We would sometimes see the auth_log test hang during a CI run. The CI
job would eventually fail after consuming a costly 10 hours of CI
runtime.
We believe the problem is around the test creating multiple instances of
the Messaging() context. This is a similar race condition to what was
seen in 19f34b2161.
Currently a new Messaging() context is created for every test case. By
using classmethods instead, the Messaging context is only created once
per python test file execution (i.e. creation of the python class,
rather than initialization of the python object, which happens for every
test-case).
This means the test will only create one Messaging() context, which
should avoid any race conditions.
Changes:
+ removed msg_ctxs - this wasn't actually used for anything.
+ use classmethods to setup and tear-down the Messaging() context (and
tweak lp initialization accordingly).
+ fix discardMessages() - the loop wasn't actually discarding any
messages previously (this may also have been the cause of the test
hanging).
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Mar 5 13:10:43 UTC 2019 on sn-devel-144
Instead of passing the CLIENT_IP to the auth_log tests, we can just
work out the source-IP that the client will use from its smb.conf file.
This only works for auth_log_pass_change, but not auth_log.py - the
latter still needs to be run on the :local testenv for other reasons, so
it doesn't use the client.conf. However, we can still update the base
code to use the client.conf IP, as auth_log.py overrides
self.remoteAddress anyway.
The main advantage of this change is it avoids having hardcoded IP
addresses in the selftest framework.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Instead of passing the CLIENT_IP to the audit_log tests, we can just
work out the source-IP that the client will use from its smb.conf file.
Because the audit_log tests are all run on the non-local testenv,
they'll already use the client.conf and the 127.0.0.11 address.
The main advantage of this change is it avoids having hardcoded IP
addresses in the selftest framework.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The auth-logging tests are an odd combination of server and client
behaviour. On the one hand we want a IRPC connection to see the auth
events being logged on the server. On the other hand, we want the auth
events to appear to be happening on a client. Currently we hardcode in
the use of a SOCKET_WRAPPER interface to make this happen.
We can avoid this explicit socket wrapper usage by using the server
smb.conf instead in the one place we actually want to act like the
server (creating the IRPC connection). Then we can switch from using
the 'ad_dc*:local' testenvs to use 'ad_dc*', in order to act like a
client by default. The SERVERCONFFILE environment variable has already
been added for the few cases where a test needs explicit access to the
server's smb.conf.
However, for samba.tests.auth_log, the samlogon test cases are still
reliant on being run on the :local testenv, and so we can't switch them
over just yet. This is because the samlogon is using the DC's machine
creds underneath, which will fail on the non-local testenv. We could
create separate machine creds for the client and use those, but this is
a non-trivial rework of the test code.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The LDB connection in these tests is to the direct sam.ldb file on disk,
so the credentials are not actually needed (and in fact, weren't event
initialized correctly). These tests always need to run on the DC itself
(i.e. :local testenv) because they use ncalrpc connections.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 21 05:37:31 CET 2019 on sn-devel-144
Signed-off-by: Martin Krämer <mk.maddin@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Test for samba-tool dsacl set --sddl parmeter
Update tests.py - add dsacl (dsacl.py / samba-tool dsacl set) test
Signed-off-by: <Martin Krämer mk.maddin@gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
currently dbcheck cmd tooks about 1 day to finish on a 100k user database.
We can skip member reverse link checks to speed it up dramatically.
A new cli option is added to enable the skipping.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tests to validate that winbind generates a random logon_id and passes it
in the netlogon call.
This will allow the linking of the windbind authentication requests and
the SamLogon request on the DC.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Allow self.remoteAddress to be None, remote address filtering is not
required for the winbind auth logging tests.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add tests for the number of domain users, groups and aliases returned by
QueryDomainInfo.
These tests revealed that the existing code was not checking the
returned elements to ensure they were part of the domain.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It is unnecessary to generate kerberos_implementation.py when python is
disabled.
Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
These tests run in a child process and are regarded as succeeding if they
don't die by signal.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reading the nTSecurityDescriptor attribute over LDAP requires admin
creds. However, if you don't specify admin creds, then you get an error
like this:
bin/samba-tool gpo aclcheck
ERROR(<class 'KeyError'>): uncaught exception - 'No such element'
File "bin/python/samba/netcmd/__init__.py", line 184, in _run
return self.run(*args, **kwargs)
File "bin/python/samba/netcmd/gpo.py", line 1536, in run
ds_sd_ndr = m['nTSecurityDescriptor'][0]
This patch adds an explicit check/error message to make the problem
clearer.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
As dns_hub.py is now integral to the selftest environments, it seems to
make sense for it to live under the selftest/ directory.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
I ran this command as non-root by mistake and didn't find the error
message particularly helpful. Tweak the error message so it reminds the
user that they should be root. Also display the path we're looking for
the sam.ldb file in, to give them more clues.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Jan 21 16:34:06 CET 2019 on sn-devel-144
samba-tool visualise reuses these libraries to parse reps from other DCs, and Windows sometimes sends
more data than we are expecting
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This can happen if a server has been replaced
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We print the error and keep going.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Currently it is possible to add the same ace multiple times if
the case sensitivity does not match the existing one using "--sddl" parameter.
As an example while an ace
"OA;CIIO;RPWP;3e978925-8c01-11d0-afda-00c04fd930c9;bf967a86-0de6-11d0-a285-00aa003049e2;PS"
already exists a sddl
"OA;CIIO;RPWP;3E978925-8C01-11D0-AFDA-00C04FD930C9;BF967A86-0DE6-11D0-A285-00AA003049E2;PS"
can be added without detection (and can be added multiple times). As an end result
after a high number of addings (in my tests it was about 1600-1800 aces for one
object) no further changes on that object are possible.
Signed-off-by: Martin Krämer <mk.maddin@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 18 23:19:13 CET 2019 on sn-devel-144
In dns_hup.py, we are both importing the socket module and declaring a
variable called socket. When we try to catch a socket.error exception
(defined by the module), Python thinks we're referring to the variable.
As the variable has no attribute called 'error', Python throws an
exception, e.g.:
File "./bin/python/samba/tests/dns_forwarder_helpers/dns_hub.py", line
123, in handle
except socket.error as err:
AttributeError: 'socket' object has no attribute 'error'
We can avoid this problem by calling the variable 'sock' instead.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jan 17 15:23:23 CET 2019 on sn-devel-144
The main changes required are:
- we need to use an s3 loadparm instead of the standard s4 lp.
- the s3 SMB bindings don't support the use_spnego/ntlmv2_auth params,
however, we can set these in the loadparm instead, which will get the
SMB client code to do what we want. Instead of passing in boolean
parameters, we need to use yes/no strings that the lp will accept.
(We always set these values because the underlying lp context is
actually global, and setting a value is 'sticky' and will persist
across test cases. These conf settings are only used by the SMB client
code, and so will only affect the SMB test cases).
- For the no_spnego_no_ntlmv2 test cases, we now explicitly force it to
an SMBv1 connection. The s4 bindings only ever supported SMBv1
connections, so this is the same behaviour. The other test cases will
now try to negotiate SMBv2 connections, however, the no_ntlmv2 test
cases are explicitly checking for bare-NTLM (with the s3 bindings, it
now ends up as NTLMSSP by default).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 17 04:47:56 CET 2019 on sn-devel-144
This should not alter the behaviour of the tests at all. It just makes
it easier to switch over the underlying SMB client bindings.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
The s3 SMB client bindings seem slightly different to s4, in that they
default to setting the CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS flag.
This seems to fallback to finding a valid KRB TGT (from a previous
successful test), which results in the connection succeeding rather than
failing.
Setting MUST_USE_KERBEROS explicitly avoids this behaviour.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
The s4 Python bindings currently only support SMBv1 connections.
If we change the bindings to support *either* v1 or v2, they'll
end up negotiating v2. In which case the server is "SMB2", not "SMB",
and these assertions fail.
Long-term we want to get rid of SMBv1, so it makes sense to write the
tests so that they pass against either v1 or v2.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
We were already checking the smb.conf to see if it uses the NTVFS file
server or the default smbd server. However, we weren't passing this
through to the setntacl() call.
This fixes the problem we noticed with 'samba-tool gpo aclcheck' failing
after a restore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
This means we can now use GPO commands on a DC that has SMBv1 disabled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Throwing an exception here still dumps out the Python stack trace, which
can be a little disconcerting for users.
In this case, the stack trace isn't going to really help at all (the
problem is pretty obvious), and it obscures the useful message
explaining what went wrong.
Throw a CommandError instead, which samba-tool will catch and display
more nicely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Jeremy Allison <rpenny@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 16 22:11:04 CET 2019 on sn-devel-144
When we can't resolve a domain name, we were inadvertently throwing a
TypeError whilst trying to output a helpful message. E.g.
ERROR(<class 'TypeError'>): uncaught exception - 'NTSTATUSError' object
does not support indexing
Instead of indexing the object, we want to index the Exception.args so
that we just display the string portion of the exception error.
The same problem is also present for the domain trust commands.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Jeremy Allison <rpenny@samba.org>
This is a small DNS server that has hard redirects to the different domain
controllers based on domain names. This is required because future commits will
avoid calling into libresolv's code which resolv_wrapper takes care of.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This means we can now backup a DC that has SMBv1 disabled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Mon Jan 14 06:49:09 CET 2019 on sn-devel-144
In python2 PYARG_STR_UNI evaluates to et which allows str type
(e.g bytes) pass through unencoded and accepts unicode objects
encoded as utf8
In python3 PYARG_STR_UNI evaluates to es which allows str type
encoded as named/specified encoding
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Important things are this:
- It's not required to use the bind time feature negotiation in order
to use it, it's only a hint for the client, but nothing is really
negotiated, unlike the request multiplexing with the
DCERPC_PFC_FLAG_CONC_MPX.
- There's special handling related to AUTH_LEVEL_CONNECT
and requests without auth trailer
- An security context is identified by the unique
tuple of auth_type, auth_level and auth_context_id (all together!),
not just the auth_context_id.
- There's a limit of 2049 explicit authentication contexts.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When we don't expect a FAULT, we should wait a little bit to check
there's no response to auth3 request. This reduces the raw_procol
test from 45s down to 35s total runtime against Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Jan 11 06:01:01 CET 2019 on sn-devel-144
samba-tool gpo create|fetch|backup commands throw exceptions due to a
missing Python import:
ERROR(<class 'NameError'>): uncaught exception - name 'tempfile' is not
defined
File "bin/python/samba/netcmd/__init__.py", line 184, in _run
return self.run(*args, **kwargs)
File "bin/python/samba/netcmd/gpo.py", line 980, in run
tmpdir, gpodir = self.construct_tmpdir(tmpdir, gpo)
File "bin/python/samba/netcmd/gpo.py", line 386, in construct_tmpdir
tmpdir = tempfile.mkdtemp()
Introduced by commit e3320b6d3d refactor.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Jan 10 16:21:23 CET 2019 on sn-devel-144
In order to make it clear that the APIs in these Python bindings are
unstable and should not be used by external consumers, this patch
changes the name of the Python bindings back to libsmb_samba_internal.
To make the Python code that uses these bindings (i.e. samba-tool, etc)
look a little cleaner, we can just change the module name as we import
it, e.g.
from samba.samba3 import libsmb_samba_internal as libsmb
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jan 9 14:30:31 CET 2019 on sn-devel-144
python[3]-gpgme is deprecated since ubuntu 1804 and debian 9.
use python[3]-gpg instead, and adapt the API.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13728
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The old -S/--scale-traffic is relative to the original model, which made
its relationship to true traffic volumes quite opaque
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This gives you a name of a temporary file within the test case's tempdir.
Use it like this:
with self.mktemp() as filename:
self.check_run("samba-tool foo --output %s" % filename)
self.assertStringsEqual(open(filename).read(), expected)
and filename will flick out of existence when the with block ends.
This is based on an idea used in the traffic_runner tests, which will
soon be adapted to use this method.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
traffic_replay had a broken sense of traffic scale. That is fixed, but
in order to compare old and new tests, it helps to be able to
approximate the old behaviour.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The traffic model is generated from a window in time, which makes
conversations appear to start and stop unnaturally at the window
boundaries. When the window is short compared to the traffic replay
time and the true expected conversation length, this has a significant
distorting effect, leading to more conversations than would be
expected to generate a given number of packets.
To offset this slightly we add the --conversation-persistence option
which tries to convert apparent death into a longish wait.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If the packets really wouldn't do anything, we might as well not add them.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This completes the work of 68c64c634a,
but differs from that in that it makes no actual change because isatty
was not being called so was always evaluated as true.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add more "header" values indicating the progress of the run as a
whole.
The new fields are:
Max sleep miss - the longest sleep() oversleep. Indicates client load.
Maximum lag - the longest gap between a planned packet
time and its actual time.
Start lag - the longest gap between intended and actual
conversation start.
Planned conversations - how many conversations we meant to have.
Planned packets - how many "packets" we thought we were making. Not
all "packets" result in actual operations or packets.
Unfinished conversations - how many conversations had not finished
when they were killed.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
x <= 0 will fail one or both of the other test clauses.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Conversations that haven't finished within some acceptable margin of
on-time can be said to have failed. This is where you specify that
margin.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Sometimes you want to know if any client is crashing for any reason.
In those times use --stop-on-any-error for an early exit.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Otherwise they all replay using the same random sequence.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Some "packets" don't generate any actual traffic. If we have a
conversation consisting only of those, we can avoid forking a client
for it.
This *slightly* increases the load over that which would be generated
otherwise for a given traffic rate, but that's OK.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Use less memory altogether and don't allocated shared mutable before
the fork.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rather than building all the packets at this point, we stick to the
barest details of the packets (which is all the model gives us
anyway).
The advantage is that will take a lot less memory, which matters
because this process forks into many clients that were sharing and
mutate the conversation list.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We are soon going to have a self.packet_rate, and replay_speed is more
accurate in this case.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
So we can use it to determine whether a packet should be a Packet before
making the leap.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Saving memory, which reduces fork overhead.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
And use it in tests, rather than expecting exact strings.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The traffic_replay script has been able to replay a replay log as well
as a model, which was not used in practice and complicated the script.
If we want that feature, we can make a new script for it.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rework the code so we only do this in one place.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Tue Jan 8 03:13:48 CET 2019 on sn-devel-144
Do the SMB connection in a single helper function.
Note: this highlights that perhaps we want all SMB connections to be
signed, but we can fix that up separately.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
The realm varies by testenv. Currently the GPO tests will only run on
the ad_dc testenv.
A slightly better solution is to use the REALM environmental variable,
so that the test can run on any testenv.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This helper code is just using the flags defined by the Python bindings.
Convert it over to use s3 bindings instead of s4.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
s4 just calls it 'creds'. Renaming it will make it easier to convert
existing SMB connections over to use the new bindings.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
So that it better matches the updated Python bindings name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Currently the sysvol domain directory is hard-coded, so the tests can
only ever run on the ad_dc.
This patch makes things marginally better by using the REALM
environmental variable instead. This allows us to run it against other
testenvs (like the SMBv2-only restoredc).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This test now uses the s3 python bindings completely, so we can remove
the s4 connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This basically re-uses the underlying functionality of existing APIs in
order to support a .deltree() API, i.e.
- we use the .list() functionality (i.e. do_listing()) to traverse every
item in the given directory.
- we then use either .unlink() (i.e. unlink_file()) or .rmdir() (i.e.
remove_dir()) to delete the individual item.
- sub-directories are handled recursively, by repeating the process.
Note that the .deltree() API is currently only really used for testing
(and deleting GPO files). So the recursion is never going to be
excessive.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a .loadfile API to read a file's contents. This provides a
convenient way to read a file and is consistent with the existing
source4 API, which is used by things like the GPO python code and the
ntacls backup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This provides a simple API for writing a file's contents and makes the
s3 API consistent with the s4 API.
All the async APIs here support SMBv2 so we don't need to use the sync
APIs at all.
Note that we have the choice here of using either cli_write_send() or
cli_push_send(). I chose the latter, because that's what smbclient uses.
It also appears to handle writing a large file better (i.e. one that
exceeds the max write size of the underlying connection).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Make the python dictionary generated by the s3 .list() use the same keys
as the current source4 dict. The reason for using the source4 dict is
that other python code depends on these keys (e.g. ntacls.py), whereas
the source3 API is currently unused.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
The source4 .list() API wasn't doing this. This makes source3 and source4
have *almost* equivalent functionality, so we can start usign the
source3 API in the tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Note that this is checking the existence of *directories*, not *files*.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
I kept these separate from the chkpath API because it's a nice way to
use the old s4 API in the tests to verify the new s3 API works
correctly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a basic .unlink() API to the source3 bindings. This is based on the
source4 python bindings, but uses the source3 client library APIs.
(We use a helper function to do most of the work, because we will need
to reuse it in order to support the deltree API).
Update the source4 test to use the source3 API. We will gradually
convert it over, and then delete the source4 python bindings.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Currently establishing the SMB connection relies on having initialized
the global source3 loadparm.
This patch makes the lp param mandatory, so that you always have to pass
the parameter in when establishing the SMB connection.
It also makes the source3 API more consistent with the current source4
API, which will make it easier to replace the source4 version later.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Otherwise it's not possible to run the raw_protocol tests anymore:
python/samba/tests/dcerpc/raw_protocol.py
Traceback (most recent call last):
File "python/samba/tests/dcerpc/raw_protocol.py", line 26, in <module>
import samba.dcerpc.dcerpc as dcerpc
File "bin/python/samba/__init__.py", line 32, in <module>
from samba.compat import string_types
File "bin/python/samba/compat.py", line 151, in <module>
from urllib import quote as urllib_quote
File "/usr/lib/python2.7/urllib.py", line 25, in <module>
import string
File "/abs/path/samba/python/samba/tests/dcerpc/string.py", line 22, in <module>
# Some strings for ctype-style character classification
File "bin/python/samba/tests/__init__.py", line 36, in <module>
from samba.compat import text_type
ImportError: cannot import name text_type
This allows the following again:
SMB_CONF_PATH=/dev/null \
SERVER=172.31.9.188 \
TARGET_HOSTNAME=w2012r2-188.w2012r2-l6.base \
USERNAME=administrator \
PASSWORD=A1b2C3d4 \
DOMAIN=W2012R2-L6 \
REALM=W2012R2-L6.BASE \
python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND
BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Remove Flake8 warnings from the group audit JSON log tests.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Generate a GroupChange event when a user is created with a PrimaryGroup
membership. Log the windows event id in the JSON GroupChange message.
Event Id's supported are:
4728 A member was added to a security enabled global group
4729 A member was removed from a security enabled global
group
4732 A member was added to a security enabled local group
4733 A member was removed from a security enabled local group
4746 A member was added to a security disabled local group
4747 A member was removed from a security disabled local group
4751 A member was added to a security disabled global group
4752 A member was removed from a security disabled global
group
4756 A member was added to a security enabled universal
group
4757 A member was removed from a security enabled universal
group
4761 A member was added to a security disabled universal
group
4762 A member was removed from a security disabled universal
group
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Replacing paged results module to use GUID list instead of storing
result list in memory, in order to improve memory performance.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The test for the smbcontrol sleep command and the inject fault command
both used the "rpc_server" process as a target. As the inject fault
command caused the process to restart there was a race condition between
the process restarting and the sleep test running. To prevent this the
tests now use different target processes.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 21 03:39:24 CET 2018 on sn-devel-144
Remove Flake8 warnings from the audit and authentication JSON log
tests.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Failing test that checks if fully qualified zone names are treated the same
as unqualified zone names by the dns zone creation RPC method. Fix to follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13214
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
samba-tool throws backtraces even for simple DNS error
messages, we should not frighten users for no good reason.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13721
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Dec 19 20:58:52 CET 2018 on sn-devel-144
Port ntlm_auth_diagnostics bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Dec 19 16:21:32 CET 2018 on sn-devel-144
Port ntlm_auth_krb5 bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Port ntlm_auth bash script tests to python and remove bash test script
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Noel Power <noel.power@suse.com>
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Port ntlm_auth bash script tests to python
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The class is based on test_ntlm_auth.py script.
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
Add a sleep command that pauses the target process for the specified
number seconds
This command is only enabled on developer and self test builds.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Test for processing of the smbcontrol inject fault message in the samba
daemon.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "eventId" element to the PasswordChange JSON log messages.
This contains a Windows Event Code Id either:
4723 Password changed
4724 Password reset
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "logonType" element to the Authorisation JSON log messages.
This contains a Windows Logon Type, the supported logon types are:
2 Interactive
3 Network
8 NetworkCleartext
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "eventId" element to the Authorisation JSON log messages.
This contains a Windows Event Code Id either:
4624 Successful logon
4625 Unsuccessful logon
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Dec 14 18:00:40 CET 2018 on sn-devel-144
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a more thorough test case that .deltree works as expected.
Note that we get a slightly different NT_STATUS error in file_exists()
if the parent directory doesn't exist, e.g.
/non-existent-dir/nonexistent.txt
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Dec 12 08:23:07 CET 2018 on sn-devel-144
Extend the test case to check overwriting a file as well. Currently this
has the behaviour of appending to the existing file, rather than
overwriting the file with new contents.
It's not clear from the API that this is the intended behaviour in this
case, so I've marked it as a failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Extend the tests to better reflect some of the .list() functionality we
expect.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The current assertion would never detect if the unlink API is broken.
The chkpath() API is only useful for checking if directories exist, so
it will always return False for a regular file (regardless of whether
the file actually exists or not).
Rework the test case so we assert that the file exists by trying to read
its contents (which will throw an error if the file doesn't exist).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
chkpath was only tested incidentally (and that assertion was wrong). Add
a proper test to prove it works correctly. We can then clean-up the
incorrect assertion in the next patch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Fix calling samba-tool with correct PYTHON version
* Fix integer division needs '//' operator (this was causing
'uncaught exception - list indices must be integers or slices,
not float'
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Fix various ldb.bytes that need to be stringified in order to get
tests to pass
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The order of the values in the TrafficModel is different,
but... also unfortunately output of json.dump is also
different (even when using sorted versions of the associated
dictionaries before dumping), these changes reimport the output
files into TrafficModel objects rather than comparing the actual
raw files.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Also path to traffic_learner is not in the normal 'bin' path so
also adjusted the insertion of PYTHON version to cover this
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Some tests (especially samba.tests.auth_log_netlogon_bad_creds) are
failing due to not receiving expected messages. There seems to be
some timing issue or race around the messaging bus being set up and
getting the expected events resulting from the failed netlogon.
Specifically the the order of destruction of the messaging.Messaging()
c-py objects is different under python2. Under python2 all of the
messaging.Messaging() objects are destructed *after* all the tests
are run. Note: each instance of the TestCase has it's own Messaging()
instance which is created by TestCaseXYZ.setUp, so it appears the unittest
destroys the test instances when all the tests have run whereas in
python3 we see each messaging.Messaging() instance destroyed after
each test runs.
Ok, what difference does that make ? well it seems in python3 because
each Messaging() instance is destructed after a test runs that the
associated messaging_dgm_destroy() also runs, this destroys the
global_dgm_context context which means when the next test runs the whole
messaging infrastructure needs to be built again when the next Messaging()
object is created. On the server-side this seems to result in attempts
to send messages to the listener failing first with
get_event_server: Failed to find 'auth_event' registered on the message bus to send JSON audit events to: NT_STATUS_CONNECTION_REFUSED
and subsequently with
get_event_server: Failed to find 'auth_event' registered on the message bus to send JSON audit events to: NT_STATUS_UNSUCCESSFUL
client doesn't get any more messages, test fails :-(
So, what's the difference in python2, well because the destructors for the
(4 in the case of netlogon_bad_creds) instances of Messagaging() don't run
till the end of the tests this doesn't happen and the global_dgm_context
never gets destroyed untill all the tests complete. There is some race
condition at play here, a simple sleep at the start of a failing test
fixes the problem. But... ok that isn't a possible solution here, instead
I have adjusted the base auth tests to store the Messaging() objects in a
global list forcing them to remain in scope until the tests are complete.
This ensure the behaviour is consistent across python2 & python3.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Make sure correctly encode password to utf16 and not use
unicode (which doesn't exist in PY3)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Note: Fix needed also for gpo.apply
minPwdAge, maxPwdAge, minPwdLength & set_pwdProperties all
have a line like
value = str(value).encode('utf8')
this is a generic type statement I guess to convert int, float etc
to utf8 encoded bytes representing the string value for those.
This worked fine in PY2 but in py3 some routine already are passing
bytes into these methods, in these cases e.g. b'200' will get converted
to "b'200'", this change only performs the conversion above for non
bytes (or str) types by replacing the above with
if not isinstance(value, binary_type):
value = str(value).encode('utf8')
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
1) configparser.set requires string values
2) self.gp_db.store() etc. neex to pass str object for
xml.etree.ElementTree.Element text attribute which needs
to be text
3) tdb delete method needs bytes key
4) configparser.write needs a file opened in text mode
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The default params for the python3 version of the compat ConfigParser
are not correct. Code like
foo = ConfigParser()
fails because of this.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
In python3 we are using ldb.bytes where we need strings
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
filter in PY2 returns list in PY3 it returns an iterator
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Misc hanges needed to get make test TEST=samba.tests.dns &
samb.tests.dns_fowarder to run and pass under PY3
* socket.send needs bytes not string
* rec.dwTimeStamp expects int not float (in PY3 / operator
will give float results, for int use '//' instead)
* re.match using bytes needs a bytes search term
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
SocketServer symbol changed in PY3 to socketserver so
we need to use a compat symbol for PY2/PY3 code.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
SocketServer was renamed to socketserver in Py3, this patch
create a samba.compat.SocketServer which can be used in py2 or
py3
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
string_to_byte_array returns not a bytearray (as the name suggests)
but a list of byte values (int). Some code expects the list so even
using a 'real' bytearray wont work.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* remove unnecessary 'bin/' part of path as base BlackBox class
will do this anyway and also ensure correct detection that
command needs to have 'PYTHON=blah' addeded
* modify shell script so PYTHON variable if set is prepended
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tests that prepare complex ldap expressions and equivalent python expressions,
then compare the results of the two.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Fri Dec 7 07:07:08 CET 2018 on sn-devel-144
The parameter is added to the lists of ignored-paremteres in the
samba.docs tests, as the given default "aio max threads * 2" works only
as manpage string.
"aio max threads" can only be calculated at run time and requires a
handle to a pthreadpool_tevent which loadparm will never have.
Because of that lp_smbd_max_async_dosmode() will always return 0 as
default and it's up to the caller to calculate "aio max threads * 2" if
lp_smbd_max_async_dosmode() returns 0. Cf the next commit.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
traffic_replay tries to distribute the users among the groups in a
realistic manner - some groups will have almost all users in them.
However, this becomes a problem when testing a really large database,
e.g. we may want 100K users, but no more than 5K users in each group.
This patch adds a max-member option so we can limit how big the groups
actually get.
If we detect that a group exceeds the max-members, we reset the group's
probability (of getting selected) to zero, and then recalculate the
cumulative distribution. The means that the group should no longer get
selected by generate_random_membership(). (Note we can't completely
remove the group from the list because that changes the
list-index-to-group-ID mapping).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 4 12:22:50 CET 2018 on sn-devel-144
We want to cap the number of members that can be in a group. But first,
we need to tweak how the assignment dict gets generated, so that we get
rid of the intermediary set.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Check that the number of members reported is correct.
(This change somehow got left off the ca570bd482 commit that was
actually delivered).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
These changes were inadvertently left off 0c910245fc.
(They were made to the 2nd patch-set iteration posted to the
mailing-list, but for some reason the first patch-set got delivered).
Changes are:
+ rework some variable names for better readability
+ Average members defaulted to int, so lost any floating point
precision.
+ Replace 'Min members' (which was fairly meaningless) with 'Median
members per group'.
+ Fix flake8 long line warnings
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
These tests expose the regression described by Stefan Metzmacher in
discussion on the bugzilla paged linked below.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Tests to confirm the standard process model honours the smbd.conf
variable "max smbd processes", when forking a new process on accept.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Count number of answers generated by internal DNS query routine and stop at
20 to match Microsoft's loop prevention mechanism.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Stops the user from adding a self-referencing CNAME over RPC, which is an easy
mistake to make with samba-tool.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
The backup tests have a special constraint where we always want to use
check_output() over runcmd(). The reason is we need the samba-tool
backup/restore commands executed in a separate process. Otherwise the
global underlying LoadParm can accumulate settings from earlier test
case runs.
We can avoid someone in future inadvertently running runcmd() by
mistake, by simply changing the inheritance so we no longer inherit from
SambaToolCmdTest (so the runcmd functions are no longer present).
The comment explaining this has been moved to the top of the file.
Note that the TestCaseInTempDir inheritance was redundant.
BlackboxTestCase inherits from TestCaseInTempDir (and SambaToolCmdTest
was inheriting from BlackboxTestCase).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Tue Nov 27 06:57:03 CET 2018 on sn-devel-144
Not all testenvs have the DOMSID set as an environment variable.
However, it's easy enough to work out from querying the samdb.
This is a slight change in that we use a source4-generated loadparm
to connect to the DB (self.lp is source3-generated, presumably for
some SMB connection dependency).
This change is so we can run the ntacls_backup tests against a DC with
SMBv1 disabled (the restoredc). Note that currently the tests fail in
the smb.SMB() connection in the setUp(), so we can't run them as part
of autobuild just yet (because we can't known-fail test errors).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The restoredc already runs under python3, so before we can run the
domain_backup tests against the restoredc, we need to make sure they
work under python3.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Noel Power <noel.power@suse.com>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If the backup command fails (i.e. throws an exception), we want the test
to fail. This makes it easier to mark tests as 'knownfail' (because we
can't knownfail test errors).
In theory, this should just involve updating run_cmd() to catch any
exceptions from the command and then call self.fail().
However, if the backup command fails, it can leave behind files in the
targetdir. Partly this is intentional, as these files may provide clues
to users as to why the command failed. However, in selftest, it causes
the TestCaseInTempDir._remove_tempdir() assertion to fire. Because this
assert actually gets run as part of the teardown, the assertion gets
treated as an error rather than a failure (and so we can't knownfail the
backup tests). To get around this, we remove any files in the tempdir
prior to calling self.fail().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
self.create_backup() uses self.run_cmd(), which is a wrapper around
self.check_output(). Rework the code to call the underlying
check_output() function directly instead.
The reason we're doing this is we want run_cmd() to catch exceptions and
fail the test (i.e. in the next patch). However, we can't do that because
this test case relies on receiving the exceptions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tag prefork work processes with "(worker 0)", and sort the process list
on server name to get a consistent order.
Service: PID
--------------------------------------
cldap_server 15588
...
ldap_server 15584
ldap_server(worker 0) 15627
ldap_server(worker 1) 15630
ldap_server(worker 2) 15632
ldap_server(worker 3) 15634
nbt_server 15576
notify-daemon 15638
...
samba 0
...
wrepl_server 15580
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add tests for the restarting of failed/terminated process, by the
pre-fork process model.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 21 10:46:20 CET 2018 on sn-devel-144
Rather than unstable hash order. Ideally we'd do them in proper DN order.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Then we can reuse the re obj.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will simplify the logic and improve performance.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Two mistakes here:
- res[:-1] will copy but lost the last char
- string is immutable in python, there is no need to copy it explicitly
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This option has default value False, and was actually not passed down from cli
to LDAPBase. However, LDAPBase.__init__ has default value True for it.
After the change, a few tests using ldapcmp are affected.
Add --skip-missing-dn explicitly to keep the behavior consistent,
otherwise test will fail.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Just define another dict for return value, seems no need to modify
original dict.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
