Jo Sutton [Fri, 19 Jan 2024 20:53:20 +0000 (09:53 +1300)]
lib:util: Remove inaccurate comment
A C compiler would not be allowed to apply the tail call optimization in
this situation, because it would change the observed behaviour of the
program.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Thu, 18 Jan 2024 23:38:24 +0000 (12:38 +1300)]
s3:libads: Remove ‘unicodePwd’ attribute from ads_find_machine_acct() search
This attribute was added to the search in commit 4f389c1f78cdc2424795e3b2a1ce43818c400c2d. But it’s not clear to me that
anything actually retrieves the unicodePwd from the result (excluding
inconsequential things like ads_dump()).
Furthermore, this being a search over LDAP, it will never return a
unicodePwd.
Removing this attribute from the search means that we no longer have to
worry about the account possibly being a Group Managed Service Account
and the unicodePwd being out‐of‐date.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Wed, 17 Jan 2024 22:26:34 +0000 (11:26 +1300)]
samba-tool: Display friendlier error message if no password is available
‘samba-tool user get-kerberos-ticket’ is supposed to display an error
message if no password is available. However, the conditions for which
the message is displayed are impossible to be met. If ‘utf16_pw’ is not
None, the message is not displayed; if ‘utf16_pw’ *is* None, ‘nt_pass’
is assigned with a samr.Password object, which is not None — and so the
message is still not displayed.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netcmd: models: add GroupManagedServiceAccount model
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
netcmd: models: add missing enum fields to Group model
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
netcmd: models: make Group.system_flags a flags based EnumField
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
netcmd: models: add Computer model subclass of User
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
netcmd: models: stop using LookupError exception and change it to NotFound
LookupError is a base class for IndexError and KeyError and isn't really the appropriate exception.
NotFound inherits from ModelError just like the other model exceptions.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
netcmd: models: rename DoesNotExist exception to NotFound
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
netcmd: models: SDDLField move line down where it gets used
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
netcmd: models: SDDLField parses to object instead of string
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
netcmd: delegation: don't use assert but raise CommandError
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
netcmd: delegation: initial value not required because of raise below
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
netcmd: delegation: move line down where it gets used
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
netcmd: bugfix: json encoder failed to call super method
This lead to a strange recursion error when a field came up that the JSONEncoder couldn't encode.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
netcmd: support hyphens in top-level commands and convert to underscore
Hyphens in python modules are invalid and makes them only importable by importlib, which makes them harder to import in tests.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
libds: remove unreachable break statements after return
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Jo Sutton [Fri, 12 Jan 2024 00:28:55 +0000 (13:28 +1300)]
selftest: Fix code spelling
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 8 03:51:51 UTC 2024 on atb-devel-224
Douglas Bagnall [Mon, 8 Jan 2024 02:05:35 +0000 (15:05 +1300)]
ndr: ignore trailing bytes in ndr_pull_security_ace()
This returns the behaviour with ordinary ACEs to where it was with 4.19.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Mon, 8 Jan 2024 01:50:30 +0000 (14:50 +1300)]
ndr: ndr_push_security_ace: calculate coda size once
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Sun, 31 Dec 2023 21:21:55 +0000 (10:21 +1300)]
ndr: avoid object ACE push overhead for non-object ACE
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Sun, 31 Dec 2023 21:21:33 +0000 (10:21 +1300)]
ndr: avoid object ACE pull overhead for non-object ACE
When an ACE is not an object ACE, which is common, setting the switch
value and attempting the object ACE GUID pull is just going to do
nothing, and we know that ahead of time. By noticing that we can save
a bit of time on a common operation.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Sun, 31 Dec 2023 04:45:36 +0000 (17:45 +1300)]
ndr: do not push ACE->coda.ignored blob
From 1e80221b2340de5ef5e2a17f10511bbc2c041163 (2008) until c73034cf7c4392f5d3505319948bc84634c20fa5 (conditional ACEs, etc, 2023)
we had a manual ndr_pull_security_ace() that would discard trailing
bytes, which are those bytes that we now call the coda. The ACE types
that we handled then are those that end up with a coda.ignored data
blob.
With this we effectively restore the long-standing behaviour in the
event that we push and pull an ACE -- though now we discard the
ignored bytes on push rather than pull.
This change is not because the trailing bytes caused any problems (as
far as is known), but because it is much faster to not do the push.
It may be that such ACEs no longer occur.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Fri, 29 Dec 2023 02:27:08 +0000 (15:27 +1300)]
ndr: mark invalid pull ndr_flags as unlikely
This might have little effect, but sometimes we see primatives like
ndr_pull_uint32() taking a few percent of the CPU time, and this is in
all those functions.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Fri, 29 Dec 2023 02:15:48 +0000 (15:15 +1300)]
ndr: skip talloc when pulling empty DATA_BLOB
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Sun, 31 Dec 2023 04:39:23 +0000 (17:39 +1300)]
ndr: ACE push avoids no-op coda pushes
We don't expect an ordinary ACE to have a non-empty coda, and we don't
really want to push it if it does, but for this patch we still will.
This will not change the data on the wire.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Sun, 31 Dec 2023 04:30:47 +0000 (17:30 +1300)]
ndr: make security_ace push manual
This will allow some optimisations; in this commit we just copy the
code.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Sun, 31 Dec 2023 00:06:40 +0000 (13:06 +1300)]
ndr: short-circuit ace coda if no bytes left
The overwhelmingly common case is that there are no bytes left, and
regardless of the ACE type we want to store an empty blob.
We know the blob will be empty if there are no bytes, so we don't need
to allocate a sub-ndr and tokens list and so forth.
This can save almost half the time of a security descriptor pull.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Thu, 28 Dec 2023 10:07:56 +0000 (23:07 +1300)]
pidl: calculate subcontext_size only once per pull
For security_ace_coda in security.idl, the sub-context size is
involves a slightly non-trivial function call which returns a constant
value.
In all other cases, a constant expression is used, and this makes
no difference.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Fri, 5 Jan 2024 00:19:39 +0000 (13:19 +1300)]
perftest: ndr_pack runs in none environment
This is worth changing, because having a server running in the
background can only add noise to the results.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Wed, 3 Jan 2024 12:54:29 +0000 (01:54 +1300)]
perftest:ndr_pack: spin in do_nothing for a while
The idea was to get a less jittery idea of the underlying noise, but
ut is still almost instant. This I suppose is useful in indicating
that this much of the test has very little overhead.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Wed, 3 Jan 2024 12:52:39 +0000 (01:52 +1300)]
perftest:ndr_pack: use a valid dummy SID
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
This includes removing the ANCIENT_SAMBA switch for pre-4.3, as
nobody cares anymore and many tests would not run correctly anyway.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Mon, 1 Jan 2024 08:48:15 +0000 (21:48 +1300)]
perftest: ndr_pack_performance gets more SD types
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
Douglas Bagnall [Tue, 2 Jan 2024 20:26:51 +0000 (09:26 +1300)]
perftest:ndr_pack: rename SD tests with object ACEs
We are looking at an optimisation for non-object ACEs, which
are more common, but these tests are overwhelmed by object
(OA) ACEs.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
netcmd: models: mark some hidden fields on the base Model as readonly
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
netcmd: models: model field DateTimeField returns datetime in UTC
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
projects / thirdparty / samba.git / log
