summaryrefslogtreecommitdiff
path: root/python
Commit message (Collapse)AuthorAgeFilesLines
* Spelling fixes s/overriden/overridden/Mathieu Parent2019-09-011-6/+6
| | | | | | Signed-off-by: Mathieu Parent <math.parent@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* samba-tool domain provision: Remove experimental OpenLDAP supportAndrew Bartlett2019-08-304-811/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This feature has long been obsolete, remaining only in the hope that it might be revived in the future. Specifically, in 2011 the S4 OpenLDAP backend HOWTO was removed: commit 1d46325af8541ea467c79cd86e65f93ce6a14ff4 Author: Andrew Bartlett <abartlet@samba.org> Date: Wed Apr 27 22:42:29 2011 +1000 Remove outdated S4 OpenLDAP backend HOWTO. There is a project to revive this, hosted here: https://github.com/Symas/samba and https://github.com/Symas/samba_overlays However discussions at SambaXP with Nadezhda Ivanova indicate a new approach with slapd being started by Samba and taught to read native Samba ldb files is more likely in the short term. This has the advantage that Samba's provision and offline tooling would not need to change, with the solution looking more like how BIND9_DLZ has access to the Samba DB. If any of this is required then reverting these patches will be the least of the difficulties in bringing this to production. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* rpc samr: EnumDomainUsers perf improvementAaron Haslett2019-08-301-23/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | EnumDomainUsers currently takes too long, significantly slowing down calls to winbind's getpwent which is a core unix API. The time is taken up by a GUID lookup for every record in the cached result. The advantages of this approach are: 1. It meets the specified requirement that if a record yet to be returned by a search in progress (with a resume handle) is deleted or modified, the future returned results correctly reflect the new changes. 2. Memory footprint for a search in progress is only 16 bytes per record. But, those benefits are not worth the significant performance hit of the lookups, so this patch changes the function to run the search and cache the RIDs and names of all records matching the search when the request is made. This makes the memory footprint around 200 bytes per record or up to 2MB per concurrent search for a 100k user database. The speedup achieved by this change is around 50%, and in tandem with some winbindd improvements as part of the same task has achieved around 15x speedup for getpwent. The lost specification compliance is unlikely to cause a problem for any known usage of this RPC call. Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-dns: Deprecate BIND9_FLATFILE and remove "rndc command"Andrew Bartlett2019-08-221-8/+0
| | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Aug 22 21:24:00 UTC 2019 on sn-devel-184
* python: use os.urandom, which is available in python by definitionBjörn Jacke2019-08-221-39/+2
| | | | | | | | os.urandom also uses CSPRNG methods like getrandom() when the underlying OS provides those. Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* downgradedatabase: installing scriptAaron Haslett2019-08-201-0/+2
| | | | | | | | | | | | | | Installing downgrade script so people don't need the source tree for it. Exception added in usage test because running the script without arguments is valid. (This avoids the need to knownfail it). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* downgradedatabase: rename to samba_downgrade_dbTim Beale2019-08-201-1/+1
| | | | | | | | | | Just so that it's slightly less of a mouthful for users. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* tests: Avoid hardcoding relative filepathTim Beale2019-08-201-2/+2
| | | | | | | | | | If we move the test file, the test will break. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* Prevent samba-tool online backup crashDavid Mulder2019-08-172-5/+33
| | | | | | | | | | | | On some GPOs, getting a files ntacl throws an NT_STATUS_ACCESS_DENIED. Catch and log the failure when this happens. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14088 Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Tim Beale <timbeale@samba.org>
* tests/dcerpc/raw_protocol: Add more tests for DCERPC_AUTH_LEVEL_PACKETGünther Deschner2019-08-011-0/+11
| | | | | | | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Aug 1 16:59:02 UTC 2019 on sn-devel-184
* tests/dcerpc/raw_protocol: split test_spnego_integrity_request into 2 partsStefan Metzmacher2019-08-011-2/+6
| | | | | | | This can be a generic test that can be used for more auth_levels. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* tests/dcerpc/raw_protocol: split test_spnego_connect_request() into 2 partsStefan Metzmacher2019-08-011-3/+7
| | | | | | | This can be a generic test that can be used for more auth_levels. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* tests: Add samba_upgradedns to the list of possible cmdsGarming Sam2019-07-311-0/+1
| | | | | | | | | This will be used to test the replication scenario with no DNS partitions BUG: https://bugzilla.samba.org/show_bug.cgi?id=14051 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netcmd: Allow drs replicate --local to create partitionsGarming Sam2019-07-311-1/+3
| | | | | | | | | | | Currently, neither the offline (--local) or online (normal replica sync) methods allow partition creation post-join. This overrides the Python default to not create the DB, which allows TDB + MDB to work. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14051 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netcmd: Better error message for backup with no RID poolTim Beale2019-07-241-5/+13
| | | | | | | | | | | | | | | | | Add a better error message (and what to do about it) if the user tries to back up a DC that hasn't initialized its RID pool yet. Seems to be a fairly common problem hit by users. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14048 RN: Added more informative error message if the 'samba-tool domain backup' command fails due to no RID pool being present on the DC. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jul 24 07:07:01 UTC 2019 on sn-devel-184
* join: Use a specific attribute order for the DsAddEntry nTDSDSA objectTim Beale2019-07-241-7/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Joining a Windows domain can throw an error if the HasMasterNCs attribute occurs before msDS-HasMasterNCs. This patch changes the attribute order so that msDS-HasMasterNCs is always first. Previously on python2, the dictionary hash order was arbitrary but constant. By luck, msDS-HasMasterNCs was always before HasMasterNCs, so we never noticed any problem. With python3, the dictionary hash order now changes everytime you run the command, so the order is unpredictable. To enforce a order, we can change to use an OrderedDict, which will return the keys in the order they're added. I've asked Microsoft to clarify the protocol requirement here WRT attribute order. However, in the meantime we may as well fix the problem for users. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14046 RN: When trying to join a Windows domain (with functional level 2008R2) as an AD domain controller, the 'samba-tool domain join' command could throw a python exception: 'RuntimeError ("DsAddEntry failed")'. When this problem occurred, you would also see the message "DsAddEntry failed with status WERR_ACCESS_DENIED info (8363, 'WERR_DS_NO_CROSSREF_FOR_NC')" in the command output. This issue has now been resolved. Note that this problem would only occur on Samba v4.10 when using the Python3 packages. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jul 24 04:18:21 UTC 2019 on sn-devel-184
* traffic_replay: Avoid DB full scans in LDAP searchesTim Beale2019-07-242-0/+63
| | | | | | | | | | | | | | | | | | | | | | | When generating LDAP search traffic, a full DB scan can be very costly. Avoiding full-scan LDAP searches means that we can run traffic_replay against a 100K user DB and get some sane results. Because the traffic_learner doesn't record the LDAP search filter at all, the traffic_replay LDAP searches default to being full scans. Doing full scans meant that the LDAP search was usually the first packet type to exceed the max latency and fail the test. It could also skew results for the other packet types by creating big demands on memory/CPU/ DB-lock-time. It's hard to know for sure exactly what real-world LDAP searches will look like, but let's assume full scan searches will be fairly rare. In traffic-model files we've collected previously, some of the attributes are fairly unique (e.g. pKIExtendedKeyUsage), and as there are some LDAP queries specified in MS specs (such as MS-GPOL and MS-WCCE), it allows us to infer what the search filter might be. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* traffic replay test: Populate total_converations and instance_idGary Lockyer2019-07-241-1/+3
| | | | | | | | Ensure that the total_conversations and instance_id attributes are assigned a value in the replay contexts passed to test cases. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* traffic replay: Store the instance id in the replay contextGary Lockyer2019-07-241-1/+3
| | | | | | | | Store the traffic runner instance id in the replay context. Will be used in subsequent commits. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* traffic_replay: Make use of SCOPE_BASE explicitTim Beale2019-07-241-2/+2
| | | | | | | i.e. avoid hard-coded numbers. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* traffic_replay: Store total conversations on the replay contextTim Beale2019-07-241-0/+3
| | | | | | | This is useful info to know, and will be used in subsequent commits. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests/py-segfault: add messaging.deregister()Douglas Bagnall2019-07-221-0/+6
| | | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* py segfault test: registry.open_hiveDouglas Bagnall2019-07-221-0/+8
| | | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* gp_inf: Read/write files with a UTF-16LE BOM in GptTmpl.infGarming Sam2019-07-191-3/+6
| | | | | | | | | | | | | | | | | Regression caused by 16596842a62bec0a9d974c48d64000e3c079254e [MS-GPSB] 2.2 Message Syntax says that you have to write a BOM which I didn't do up until this patch. UTF-16 as input encoding was marked much higher up in the inheritance tree, which got overriden with the Python 3 fixes. I've now marked the encoding much more obviously for this file. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14004 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Fri Jul 19 02:20:47 UTC 2019 on sn-devel-184
* prefork restart tests: Use echo server for back offGary Lockyer2019-07-161-7/+7
| | | | | | | | | | Use the echo server for the restart back off tests in the samba.tests.prefork_restart tests instead of the kdc. The kdc is not enabled when the ADDC is built to run MIT Kerberos. Changing the test to use the echo server means it can be run when MIT Kerberos is enabled. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
* pyldb: remove ldb.open, which was never survivableDouglas Bagnall2019-07-101-8/+0
| | | | | | | | There was no way to call ldb.open without evoking signal 11, so it is unlikely anyone was using it. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* py segfault test: ldb.openDouglas Bagnall2019-07-101-0/+8
| | | | | | | There seems to be no way of using ldb.open without causing a segfault Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* py segfault test: ldb.register_moduleDouglas Bagnall2019-07-101-0/+4
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* tests/usage: test for --help consistencyDouglas Bagnall2019-07-051-1/+8
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests/samba-tool: test --help consistencyDouglas Bagnall2019-07-051-0/+8
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python/tests: helper function for checking --help consistencyDouglas Bagnall2019-07-051-0/+118
| | | | | | | | | | Check that --help output doesn't contradict itself by assigning the same option string to different meanings (which *does* happen in the ldb tools). This will be used in the samba-tool help tests and the usage tests. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests/usage: generalise to cover non-python scriptsDouglas Bagnall2019-07-051-35/+118
| | | | | | | | It is not as simple as running everything executable, because for example .so library files are marked as executable. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests/usage: python scripts --help should be helpfulDouglas Bagnall2019-07-051-0/+67
| | | | | | | We want to be sure it says *something* and returns success. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests: ensure that most python scripts have usage textDouglas Bagnall2019-07-051-0/+205
| | | | | | | | | | | | | | | | | | | | | When a script is run with the wrong arguments, it should at least say something like this: Usage: samba-foo [OPTIONS] For many samba scripts, especially without a server environment, having no arguments is the wrong arguments. Here we look for every executable file with '#![...]python[3]' on the first line, and exclude certain files and directories that have excuses to fail the test. For example, many selftest scripts are stream-oriented and will hang forever waiting for stdin, which is not an error. Some test modules are designed so they can be optionally run from the command line, but this option is typically only used by the developer who is writing them. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* domain join: set ldb "transaction_index_cache_size" optionGary Lockyer2019-07-041-7/+11
| | | | | | | | | Set the "transaction_index_cache_size" on a join to improve performance. These setting reduced a join to a 100k user domain from 105 minutes to 44 minutes. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* domain join: enable ldb batch modeGary Lockyer2019-07-042-6/+9
| | | | | | | | Enable ldb "batch_mode" transactions duting a join to improve performance. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool tests: add tests for contact managementBjörn Baumbach2019-07-042-0/+483
| | | | | Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool: implement contact management commandsBjörn Baumbach2019-07-043-0/+785
| | | | | | | | | | | | | | | | | Usage: samba-tool contact <subcommand> Contact management. Available subcommands: create - Create a new contact. delete - Delete a contact. edit - Modify a contact. list - List all contacts. move - Move a contact object to an organizational unit or container. show - Display a contact. Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool tests: add test for 'samba-tool group edit' commandBjörn Baumbach2019-07-041-0/+208
| | | | | Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool group: add 'edit' command to edit an AD group objectBjörn Baumbach2019-07-041-0/+114
| | | | | | | Same like the samba-tool user edit command. Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool tests: add test for 'samba-tool computer edit' commandBjörn Baumbach2019-07-041-0/+180
| | | | | Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool computer: add 'edit' command to edit an AD computer objectBjörn Baumbach2019-07-041-1/+122
| | | | | | | Similar to the samba-tool user edit command. Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool user edit: avoid base64 encoded strings in editable ldif if possibleBjörn Baumbach2019-07-042-2/+46
| | | | | | | | | | | Use clear text arguments strings if possible. Makes it more comfortable for users to edit the user objects attributes. Remove test from knownfail: samba.tests.samba_tool.user_edit.change_attribute_force_no_base64 Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool tests: add test for 'samba-tool user edit', using ↵Björn Baumbach2019-07-041-0/+26
| | | | | | | | | LDB_FLAG_FORCE_NO_BASE64_LDIF Test to edit a user: Change attributes with LDB_FLAG_FORCE_NO_BASE64_LDIF Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool user edit: simplify codeBjörn Baumbach2019-07-041-3/+1
| | | | | | | | Use "None"-changetype here, instead of "Add". This avoids the need to remove the changetype line afterwards. Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool user edit: use ldb methods to create ldif to modify userBjörn Baumbach2019-07-041-38/+13
| | | | | | | | | | | | Remove tests from knownfail: samba.tests.samba_tool.user_edit.add_attribute_base64 samba.tests.samba_tool.user_edit.add_attribute_base64_control samba.tests.samba_tool.user_edit.change_attribute_base64_control BUG: https://bugzilla.samba.org/show_bug.cgi?id=14003 Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool tests: add additional tests for "samba-tool user edit" commandBjörn Baumbach2019-07-041-0/+97
| | | | | | | | | | | | | | Especially test handling of base64 encoded attribute values here. Add selftest/knownfail.d/samba_tool.user_edit. Tests fail, because: - can not work with ldif without a trailing new line - can not handle base64 strings BUG: https://bugzilla.samba.org/show_bug.cgi?id=14003 Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool user edit test: use testit instead of subunit_start_test, pass/failedBjörn Baumbach2019-07-041-38/+23
| | | | | Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool tests: remove probably outdated commentBjörn Baumbach2019-07-041-1/+0
| | | | | Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool tests: rename "user edit" test from edit.sh to user_edit.shBjörn Baumbach2019-07-041-1/+1
| | | | | Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status