sfrench/samba-autobuild/.git
22 months agosamba-tool computer: fix wrong computer container in help message
Björn Baumbach [Mon, 7 May 2018 13:00:17 +0000 (15:00 +0200)]
samba-tool computer: fix wrong computer container in help message

CN=Users --> CN=Computers

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Björn Jacke <bjacke@samba.org>
22 months agotraffic: improve add_short_packet by avoiding dict.get
Joe Guo [Thu, 10 May 2018 05:23:02 +0000 (17:23 +1200)]
traffic: improve add_short_packet by avoiding dict.get

dict.get is slower than [].
Avoid get to improve performance.

(For 3989418 calls, total time decease from 9.395 to 8.573)

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon May 14 05:38:06 CEST 2018 on sn-devel-144

22 months agotraffic: optimize packet init for better performance
Joe Guo [Thu, 10 May 2018 02:53:55 +0000 (14:53 +1200)]
traffic: optimize packet init for better performance

When we run traffic_replay, we are creating millions of Packet objects.
So small change in Packet.__init__ will make big difference.

By initializing packet with converted values without parsing string, the time
cost for 3961148 calls of Packet.__init__ dcrease from 17s to 4s, according
to cProfile.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic: fix userAccountControl for machine account
Joe Guo [Wed, 2 May 2018 22:22:52 +0000 (22:22 +0000)]
traffic: fix userAccountControl for machine account

change userAccountControl from

UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD

to

UF_TRUSTED_FOR_DELEGATION | UF_SERVER_TRUST_ACCOUNT

This will fix NetrServerPasswordSet2 failure in packet_rpc_netlogon_30
while testing against windows.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic: change machine creds secure channel type
Joe Guo [Wed, 2 May 2018 22:12:51 +0000 (22:12 +0000)]
traffic: change machine creds secure channel type

SEC_CHAN_WKSTA --> SEC_CHAN_BDC

This will fix netlogon failure against windows.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agosmbd: Fix "reset on zero vc"
Volker Lendecke [Mon, 26 Mar 2018 09:36:25 +0000 (04:36 -0500)]
smbd: Fix "reset on zero vc"

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13340
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun May 13 23:43:56 CEST 2018 on sn-devel-144

22 months agos4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base...
Stefan Metzmacher [Fri, 11 May 2018 04:43:14 +0000 (06:43 +0200)]
s4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base_map() calls

This completes the regression fix of commit 7e091e505156381e385235ab4518b4d133a98497.

There might be strings allocated on state, which are part of the
result.

The reason for the TALLOC_FREE(state) was to cleanup the possible
irpc_handle before leaving the function. Now we call
TALLOC_FREE(state->wb.irpc_handle) explicitly in
dcesrv_lsa_Lookup{Names,Sids}_base_done() instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13420

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun May 13 10:27:28 CEST 2018 on sn-devel-144

22 months agoauth/credentials/test: py2/py3 compat always decode result of b64encode
Noel Power [Fri, 4 May 2018 14:30:22 +0000 (15:30 +0100)]
auth/credentials/test: py2/py3 compat always decode result of b64encode

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun May 13 00:24:35 CEST 2018 on sn-devel-144

22 months agopython/samba: py2/py3 compatability always decode result of b64encode
Noel Power [Fri, 4 May 2018 14:29:59 +0000 (15:29 +0100)]
python/samba: py2/py3 compatability always decode result of b64encode

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos4/dsdb/tests: py2/py3 compatability always decode result of b64encode
Noel Power [Fri, 4 May 2018 14:27:12 +0000 (15:27 +0100)]
s4/dsdb/tests: py2/py3 compatability always decode result of b64encode

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos4/scripting/devel: py2/py3 compatability always decode result of b64encode
Noel Power [Fri, 4 May 2018 14:26:39 +0000 (15:26 +0100)]
s4/scripting/devel: py2/py3 compatability always decode result of b64encode

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos4/scripting/bin: py2/py3 compatability always decode result of b64encode
Noel Power [Fri, 4 May 2018 14:25:22 +0000 (15:25 +0100)]
s4/scripting/bin: py2/py3 compatability always decode result of b64encode

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agoBulk: enclose .keys() method with list where list (from python2) expected
Noel Power [Fri, 4 May 2018 12:33:03 +0000 (13:33 +0100)]
Bulk: enclose .keys() method with list where list (from python2) expected

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agosamba_tool: replace xrange -> range
Noel Power [Fri, 4 May 2018 11:19:57 +0000 (12:19 +0100)]
samba_tool: replace xrange -> range

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agos4/dsdb/tests: py2/py3 compatability replace xrange with range
Noel Power [Fri, 4 May 2018 11:18:59 +0000 (12:18 +0100)]
s4/dsdb/tests: py2/py3 compatability replace xrange with range

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agopython/samba/tests: py2/py3 compatability replace xrange with range
Noel Power [Fri, 4 May 2018 11:16:38 +0000 (12:16 +0100)]
python/samba/tests: py2/py3 compatability replace xrange with range

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agopython/samba: Ensure md5 always provided with bytes
Noel Power [Fri, 4 May 2018 11:05:27 +0000 (12:05 +0100)]
python/samba: Ensure md5 always provided with bytes

To allow code run in both python3 and python2 we have to ensure
that md5 always receives bytes

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agopython/samba/provision: Fix urllib.quote usage for py2/py3
Noel Power [Fri, 4 May 2018 10:41:11 +0000 (11:41 +0100)]
python/samba/provision: Fix urllib.quote usage for py2/py3

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agosamba_tool: make exception handling statements py2/py3 compatible
Noel Power [Fri, 4 May 2018 10:31:33 +0000 (11:31 +0100)]
samba_tool: make exception handling statements py2/py3 compatible

Fix some missed conversions of
        except Exception, e:
to
        except Exception as e:

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agosamba_tool: Py2/Py3 compatability fix tuple assigment
Noel Power [Fri, 4 May 2018 10:28:46 +0000 (11:28 +0100)]
samba_tool: Py2/Py3 compatability fix tuple assigment

replace
    (foo, bar) = e
with
    (foo, bar) = e.args

while will run in with both python2 and python3

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agopython/samba: Bulk replace of '.next()' method with function 'next()'
Noel Power [Fri, 4 May 2018 10:22:43 +0000 (11:22 +0100)]
python/samba: Bulk replace of '.next()' method with function 'next()'

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agoctdb-tools: Add logging config options to config tool
Amitay Isaacs [Tue, 17 Apr 2018 12:15:41 +0000 (22:15 +1000)]
ctdb-tools: Add logging config options to config tool

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat May 12 15:01:32 CEST 2018 on sn-devel-144

22 months agoctdb-common: Add config options for logging
Martin Schwenke [Fri, 15 Dec 2017 07:38:40 +0000 (18:38 +1100)]
ctdb-common: Add config options for logging

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
22 months agoctdb-common: Add a function to validate logging specification
Amitay Isaacs [Wed, 18 Apr 2018 01:53:57 +0000 (11:53 +1000)]
ctdb-common: Add a function to validate logging specification

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-common: Refactor log backend parsing code
Amitay Isaacs [Wed, 18 Apr 2018 01:52:05 +0000 (11:52 +1000)]
ctdb-common: Refactor log backend parsing code

This will allow to add a validator for logging specification.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-common: Add config options tool
Amitay Isaacs [Fri, 27 Apr 2018 07:21:00 +0000 (17:21 +1000)]
ctdb-common: Add config options tool

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-common: Add config file parsing code
Amitay Isaacs [Wed, 13 Dec 2017 08:41:16 +0000 (19:41 +1100)]
ctdb-common: Add config file parsing code

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoutil: Add tini to samba-util-core
Amitay Isaacs [Mon, 26 Mar 2018 04:04:12 +0000 (15:04 +1100)]
util: Add tini to samba-util-core

So it can be used by CTDB.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-tests: Setup $CTDB_BASE/{run,var} directories
Amitay Isaacs [Tue, 8 May 2018 08:09:46 +0000 (18:09 +1000)]
ctdb-tests: Setup $CTDB_BASE/{run,var} directories

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-common: Add path tool
Amitay Isaacs [Tue, 8 May 2018 03:23:15 +0000 (13:23 +1000)]
ctdb-common: Add path tool

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-common: Add utility code to get various paths
Amitay Isaacs [Tue, 8 May 2018 03:02:33 +0000 (13:02 +1000)]
ctdb-common: Add utility code to get various paths

This will construct correct paths when running with CTDB_TEST_MODE.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-common: Add command line processing abstraction
Amitay Isaacs [Tue, 24 Apr 2018 13:17:18 +0000 (23:17 +1000)]
ctdb-common: Add command line processing abstraction

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agoctdb-packaging: Package all helpers using wildcard
Amitay Isaacs [Tue, 8 May 2018 06:03:54 +0000 (16:03 +1000)]
ctdb-packaging: Package all helpers using wildcard

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
22 months agodevel: removing unused code from chgkrbtgtpass
Aaron Haslett [Tue, 1 May 2018 03:54:07 +0000 (15:54 +1200)]
devel: removing unused code from chgkrbtgtpass

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat May 12 12:05:31 CEST 2018 on sn-devel-144

22 months agosamdb rid: clear cache to prevent old ntds_guid
Aaron Haslett [Tue, 1 May 2018 03:51:10 +0000 (15:51 +1200)]
samdb rid: clear cache to prevent old ntds_guid

During the new samba-tool domain backup restore the NTDS GUID changes
as the server is taken over by the new DC record.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoldb: removing prior secret from logs
Aaron Haslett [Mon, 30 Apr 2018 23:10:40 +0000 (11:10 +1200)]
ldb: removing prior secret from logs

priorSecret, like secret, can contain a machine account password
(for secrets.ldb) and so should not be printed in a debug
trace.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13353

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoctdb-scripts: Drop CTDB_SUPPRESS_COREFILE and CTDB_MAX_OPEN_FILES options
Martin Schwenke [Tue, 24 Apr 2018 04:13:35 +0000 (14:13 +1000)]
ctdb-scripts: Drop CTDB_SUPPRESS_COREFILE and CTDB_MAX_OPEN_FILES options

These should be done using features provided by the operating system.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sat May 12 09:13:28 CEST 2018 on sn-devel-144

22 months agoctdb-config: Add default ctdb.sysconfig file, update ctdb.service
Martin Schwenke [Tue, 24 Apr 2018 06:35:16 +0000 (16:35 +1000)]
ctdb-config: Add default ctdb.sysconfig file, update ctdb.service

Install ctdb.sysconfig in RPM.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
22 months agoctdb-docs: Document system options and resource controls
Martin Schwenke [Tue, 24 Apr 2018 04:11:23 +0000 (14:11 +1000)]
ctdb-docs: Document system options and resource controls

The existing configuration file is disappearing so these configuration
options need a new home that is not handled by ctdbd_wrapper.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
22 months agoctdb-config: Add a default script.options file
Martin Schwenke [Tue, 24 Apr 2018 06:33:20 +0000 (16:33 +1000)]
ctdb-config: Add a default script.options file

Include it in the RPM.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
22 months agoctdb-docs: Document script.options
Martin Schwenke [Wed, 4 Apr 2018 09:17:59 +0000 (19:17 +1000)]
ctdb-docs: Document script.options

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
22 months agoctdb-scripts: Use load_script_options() in miscellaneous scripts
Martin Schwenke [Wed, 4 Apr 2018 09:16:57 +0000 (19:16 +1000)]
ctdb-scripts: Use load_script_options() in miscellaneous scripts

Some of these just aim to load the generic script.options file while
others target more specific files.

For NFS configuration, always use 60.nfs.options - even for 06.nfs.
This could be carefully documented but will change a lot before
release so there is no need.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
22 months agoctdb-scripts: Allow load_script_options() to specify an event script
Martin Schwenke [Wed, 4 Apr 2018 09:06:13 +0000 (19:06 +1000)]
ctdb-scripts: Allow load_script_options() to specify an event script

This allows other scripts to use the given options for a particular
event script.  One interesting example is that the ctdb_natgw tool
should look for configuration in events.d/11.natgw.options.

In the future this will be something like
events/failover/11.natgw.options, so require the component to be
specified even though it isn't yet used.

Test support is also updated.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
22 months agoctdb-scripts: Add global script.options configuration file
Martin Schwenke [Wed, 4 Apr 2018 08:52:36 +0000 (18:52 +1000)]
ctdb-scripts: Add global script.options configuration file

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
22 months agoctdb-tests: Separate support script for 06.nfs
Martin Schwenke [Fri, 6 Apr 2018 00:30:23 +0000 (10:30 +1000)]
ctdb-tests: Separate support script for 06.nfs

Including 60.nfs was too simple a hack, since we will want to do some
magic to use the configuration from 60.nfs for 06.nfs.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
22 months agoctdb-scripts: Don't check for CTDB_PARTIALLY_ONLINE_INTERFACES clash
Martin Schwenke [Thu, 5 Apr 2018 00:54:00 +0000 (10:54 +1000)]
ctdb-scripts: Don't check for CTDB_PARTIALLY_ONLINE_INTERFACES clash

Just document that NAT gateway and LVS are not compatible with this
option.  Update the documentation to make it clear that this is a
10.interface option.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
22 months agoctdb-scripts: Don't load CTDB configuration in onnode
Martin Schwenke [Thu, 5 Apr 2018 06:19:23 +0000 (16:19 +1000)]
ctdb-scripts: Don't load CTDB configuration in onnode

onnode does not use any configuration options.

Drop sourcing of functions file since the only function used was
loadconfig().

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
22 months agoctdb-scripts: Don't load CTDB configuration in statd-callout
Martin Schwenke [Wed, 4 Apr 2018 09:14:16 +0000 (19:14 +1000)]
ctdb-scripts: Don't load CTDB configuration in statd-callout

The only configuration options used by statd-callout are NFS_HOSTNAME,
which comes from the NFS system configuration file, and
CTDB_NFS_CALLOUT, which is exported by the 60.nfs event script.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
22 months agoctdb-tests: Continue running if a testcase is not executable
Martin Schwenke [Thu, 11 Jan 2018 05:17:19 +0000 (16:17 +1100)]
ctdb-tests: Continue running if a testcase is not executable

At the moment the whole test run aborts without printing a summary of
results but inexplicably succeeds.  Instead, generate a clear failure
for a non-executable testcase.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
22 months agopysmb: Add some more documentation for conn.list
Garming Sam [Wed, 9 May 2018 03:39:09 +0000 (15:39 +1200)]
pysmb: Add some more documentation for conn.list

There are two options which are undocumented.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat May 12 04:57:29 CEST 2018 on sn-devel-144

22 months agogpo: Ensure all files are retrieved in fetch
Garming Sam [Wed, 9 May 2018 03:24:38 +0000 (15:24 +1200)]
gpo: Ensure all files are retrieved in fetch

.ini files are normally set as hidden, and will not be found over SMB.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agoFix spelling s/woks/works
Garming Sam [Tue, 8 May 2018 05:09:53 +0000 (17:09 +1200)]
Fix spelling s/woks/works

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
22 months agotraffic: improve is_really_a_packet
Joe Guo [Thu, 10 May 2018 05:11:29 +0000 (17:11 +1200)]
traffic: improve is_really_a_packet

This function will repeat on each packet.
Avoid exception for getattr, which is expensive for performance.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic: improve add_short_packet by avoiding str.split
Joe Guo [Thu, 10 May 2018 05:04:50 +0000 (17:04 +1200)]
traffic: improve add_short_packet by avoiding str.split

Avoid str.split, which will repeat for each packet.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic: simplify forget_packets_outside_window
Joe Guo [Thu, 10 May 2018 05:01:19 +0000 (17:01 +1200)]
traffic: simplify forget_packets_outside_window

Make code compact, and improve performance a little bit.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic: grant user write permission
Joe Guo [Thu, 10 May 2018 04:43:04 +0000 (16:43 +1200)]
traffic: grant user write permission

Some packets need user to have write permission, e.g.: writeaccountspn
Grant user write permission then we can send packets successfully.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic_replay: fetch domain from creds other than opts
Joe Guo [Sun, 6 May 2018 22:18:42 +0000 (10:18 +1200)]
traffic_replay: fetch domain from creds other than opts

For traffic_replay script, when user provides `--workgroup` or `-W` option,
it will be set on the creds option group, not the default opts one.

The previous code will not work properly when smb.conf file is missing.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic: set domain on user_creds and machine_creds
Joe Guo [Wed, 2 May 2018 05:04:03 +0000 (05:04 +0000)]
traffic: set domain on user_creds and machine_creds

The domain is missing in traffic user and machine credential, this will cause
some packet tests fail against windows.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic_packets: provision request data for packet_drsuapi_13
Joe Guo [Tue, 1 May 2018 04:58:01 +0000 (16:58 +1200)]
traffic_packets: provision request data for packet_drsuapi_13

The `drsuapi.DsWriteAccountSpnRequest1` struct in this packet was empty before.
Samba lets it go but Windows will report an invalid parameter error.

Provision the request with proper data, and give user permission to
write account SPN.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic_packets: add trailing $ to fix packet_rpc_netlogon_30
Joe Guo [Tue, 1 May 2018 05:15:09 +0000 (17:15 +1200)]
traffic_packets: add trailing $ to fix packet_rpc_netlogon_30

For `NetrServerPasswordSet2`, the 2nd arg `account_name` must end with a
$, otherwise windows will return an `Access Denied` error.

Use `creds.get_username()` instead of `creds.get_workstation()` to
include the trailing $.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic_packets: add windows instructions for ldap 0 simple bind
Joe Guo [Fri, 27 Apr 2018 02:51:11 +0000 (14:51 +1200)]
traffic_packets: add windows instructions for ldap 0 simple bind

To run packet_ldap_0 simple bind test against Windows, we need to
install CA on Windows with following PowerShell commands:

  Install-windowsfeature ADCS-Cert-Authority
  Install-AdcsCertificationAuthority -CAType EnterpriseRootCA
  Restart-Computer

Otherwise we will get `NT_STATUS_CONNECTION_RESET` error.

Didn't change any code, just add above instructions in comment.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic_packets: replace share_name from netlogon to IPC$ for packet_srvsvc_16
Joe Guo [Fri, 27 Apr 2018 00:07:16 +0000 (12:07 +1200)]
traffic_packets: replace share_name from netlogon to IPC$ for packet_srvsvc_16

Sharename list for Windows:

    Sharename       Type      Comment
    ---------       ----      -------
    ADMIN$          Disk      Remote Admin
    C$              Disk      Default share
    IPC$            IPC       Remote IPC

For Samba:

    Sharename       Type      Comment
    ---------       ----      -------
    netlogon        Disk
    sysvol          Disk
    IPC$            IPC       IPC Service

While test packet_srvsvc_16 with share_name `netlogon`,
it passed Samba, and got a WERR_NERR_NETNAMENOTFOUND error for Windows.

Change share name to `IPC$` so Samba and Windows have it in common.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic_packets: replace level 102 to 101 for packet_srvsvc_21
Joe Guo [Thu, 26 Apr 2018 23:27:59 +0000 (11:27 +1200)]
traffic_packets: replace level 102 to 101 for packet_srvsvc_21

Level 102 will cause WERR_ACCESS_DENIED error against Windows, because:

    > If the level is 102 or 502, the Windows implementation checks whether
    > the caller is a member of one of the groups previously mentioned or
    > is a member of the Power Users local group.

It passed against Samba since this check is not implemented by Samba yet.

refer to:

    https://msdn.microsoft.com/en-us/library/cc247297.aspx#Appendix_A_80

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic: add credentials to samr
Joe Guo [Thu, 26 Apr 2018 00:15:10 +0000 (12:15 +1200)]
traffic: add credentials to samr

lp and creds are missing in SamrContext and samr connection.
While run traffic_replay against windows, this will cause
`Access Denied` error.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic_packets: support NT_STATUS_NO_SUCH_DOMAIN in packet_lsarpc_39
Joe Guo [Wed, 18 Apr 2018 03:45:10 +0000 (15:45 +1200)]
traffic_packets: support NT_STATUS_NO_SUCH_DOMAIN in packet_lsarpc_39

For packet_lsarpc_39, samba will return NT_STATUS_OBJECT_NAME_NOT_FOUND,
however, windows will return NT_STATUS_NO_SUCH_DOMAIN.

Allow both status for now to keep compatiable with both samba and
windows DC.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic_replay: fix typo in message string
Joe Guo [Wed, 18 Apr 2018 03:40:18 +0000 (15:40 +1200)]
traffic_replay: fix typo in message string

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic_replay: set gensec features to encrypt credentials
Joe Guo [Wed, 18 Apr 2018 03:31:12 +0000 (15:31 +1200)]
traffic_replay: set gensec features to encrypt credentials

While running traffic_replay script against windows dc, it will fail
with a `LDAP_UNWILLING_TO_PERFORM` error for adding user.

Windows requires the credentials to be encrypted before sending.
`set_gensec_features` will fix it.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agotraffic: add paged_results control for ldb search
Joe Guo [Wed, 18 Apr 2018 03:36:02 +0000 (15:36 +1200)]
traffic: add paged_results control for ldb search

While there are more then 1000 records in the search result from Windows,
a `LDAP_SIZE_LIMIT_EXCEEDED` error will be returned.

Add paged_results control to fix.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoselftest: Add a test for creds.{get,set}_secure_channel_type()
Andrew Bartlett [Fri, 11 May 2018 01:18:43 +0000 (13:18 +1200)]
selftest: Add a test for creds.{get,set}_secure_channel_type()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agopycredentials: add py_creds_get_secure_channel_type
Joe Guo [Wed, 2 May 2018 21:40:39 +0000 (21:40 +0000)]
pycredentials: add py_creds_get_secure_channel_type

We have only set, need get.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agocmd_drsuapi: add dswriteaccountspn command
Joe Guo [Tue, 1 May 2018 00:44:43 +0000 (12:44 +1200)]
cmd_drsuapi: add dswriteaccountspn command

The dswriteaccountspn command is missing in drsuapi, add it so we can
use it in rpcclient.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoImprove vfs_linux_xfs_sgid manpage
Mathieu Parent [Tue, 1 May 2018 18:35:52 +0000 (20:35 +0200)]
Improve vfs_linux_xfs_sgid manpage

- Add missing refpurpose and describe the "circumstances"
- Replace dangling link by archive.org backup
- Add fixed Linux version and commit link

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix pidl manpage sections
Mathieu Parent [Tue, 1 May 2018 19:59:23 +0000 (21:59 +0200)]
Fix pidl manpage sections

.TH header should match file name (i.e 3pm and not 3 for Parse::Pidl::NDR).

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/unsuported/unsupported/
Mathieu Parent [Fri, 4 May 2018 20:24:25 +0000 (22:24 +0200)]
Fix spelling s/unsuported/unsupported/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/unitialized/uninitialized/
Mathieu Parent [Fri, 4 May 2018 20:24:16 +0000 (22:24 +0200)]
Fix spelling s/unitialized/uninitialized/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/succesfully/successfully/
Mathieu Parent [Fri, 4 May 2018 20:24:00 +0000 (22:24 +0200)]
Fix spelling s/succesfully/successfully/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/specfied/specified/
Mathieu Parent [Fri, 4 May 2018 20:23:54 +0000 (22:23 +0200)]
Fix spelling s/specfied/specified/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/retun/return/
Mathieu Parent [Fri, 4 May 2018 20:23:45 +0000 (22:23 +0200)]
Fix spelling s/retun/return/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/retrive/retrieve/
Mathieu Parent [Fri, 4 May 2018 20:23:39 +0000 (22:23 +0200)]
Fix spelling s/retrive/retrieve/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/receving/receiving/
Mathieu Parent [Fri, 4 May 2018 20:23:01 +0000 (22:23 +0200)]
Fix spelling s/receving/receiving/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/protcol/protocol/
Mathieu Parent [Fri, 4 May 2018 20:22:53 +0000 (22:22 +0200)]
Fix spelling s/protcol/protocol/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/propogate/propagate/
Mathieu Parent [Fri, 4 May 2018 20:22:46 +0000 (22:22 +0200)]
Fix spelling s/propogate/propagate/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/processs/process/
Mathieu Parent [Fri, 4 May 2018 20:22:38 +0000 (22:22 +0200)]
Fix spelling s/processs/process/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/ouput/output/
Mathieu Parent [Fri, 4 May 2018 20:22:20 +0000 (22:22 +0200)]
Fix spelling s/ouput/output/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/opions/options/
Mathieu Parent [Fri, 4 May 2018 20:22:00 +0000 (22:22 +0200)]
Fix spelling s/opions/options/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/openened/opened/
Mathieu Parent [Fri, 4 May 2018 20:21:53 +0000 (22:21 +0200)]
Fix spelling s/openened/opened/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/missmatch/mismatch/
Mathieu Parent [Fri, 4 May 2018 20:21:41 +0000 (22:21 +0200)]
Fix spelling s/missmatch/mismatch/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/malicous/malicious/
Mathieu Parent [Fri, 4 May 2018 20:21:30 +0000 (22:21 +0200)]
Fix spelling s/malicous/malicious/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/fowarding/forwarding/
Mathieu Parent [Fri, 4 May 2018 20:21:09 +0000 (22:21 +0200)]
Fix spelling s/fowarding/forwarding/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/formated/formatted/
Mathieu Parent [Fri, 4 May 2018 20:20:57 +0000 (22:20 +0200)]
Fix spelling s/formated/formatted/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/Everytime/Every time/
Mathieu Parent [Fri, 4 May 2018 20:20:21 +0000 (22:20 +0200)]
Fix spelling s/Everytime/Every time/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/doens't/doesn't/
Mathieu Parent [Fri, 4 May 2018 20:19:08 +0000 (22:19 +0200)]
Fix spelling s/doens't/doesn't/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/desriptor/descriptor/
Mathieu Parent [Fri, 4 May 2018 20:18:54 +0000 (22:18 +0200)]
Fix spelling s/desriptor/descriptor/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/coult/could/
Mathieu Parent [Fri, 4 May 2018 20:18:47 +0000 (22:18 +0200)]
Fix spelling s/coult/could/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/conection/connection/
Mathieu Parent [Fri, 4 May 2018 20:18:16 +0000 (22:18 +0200)]
Fix spelling s/conection/connection/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/authenticaiton/authentication/
Mathieu Parent [Fri, 4 May 2018 20:14:34 +0000 (22:14 +0200)]
Fix spelling s/authenticaiton/authentication/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/anwser/answer/
Mathieu Parent [Fri, 4 May 2018 20:13:58 +0000 (22:13 +0200)]
Fix spelling s/anwser/answer/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix spelling s/allows to/allows one to/
Mathieu Parent [Fri, 4 May 2018 20:12:14 +0000 (22:12 +0200)]
Fix spelling s/allows to/allows one to/

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agoFix typo for response
Joe Guo [Thu, 19 Apr 2018 05:05:21 +0000 (17:05 +1200)]
Fix typo for response

reponse --> response

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
22 months agos3:smbd: fix interaction between chown and SD flags
Ralph Boehme [Thu, 10 May 2018 10:29:35 +0000 (12:29 +0200)]
s3:smbd: fix interaction between chown and SD flags

A change ownership operation that doesn't set the NT ACLs must not touch
the SD flags (type).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13432

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 11 23:30:32 CEST 2018 on sn-devel-144