[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Mon May 14 03:39:03 UTC 2018
The branch, master has been updated
via d444221 traffic: improve add_short_packet by avoiding dict.get
via 21c8207 traffic: optimize packet init for better performance
via 2fc6cbb traffic: fix userAccountControl for machine account
via 72f98f9 traffic: change machine creds secure channel type
from 31cba34 smbd: Fix "reset on zero vc"
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d444221d67abc05dc9966dd7e0a37d30f9848953
Author: Joe Guo <joeg at catalyst.net.nz>
Date: Thu May 10 17:23:02 2018 +1200
traffic: improve add_short_packet by avoiding dict.get
dict.get is slower than [].
Avoid get to improve performance.
(For 3989418 calls, total time decease from 9.395 to 8.573)
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon May 14 05:38:06 CEST 2018 on sn-devel-144
commit 21c82072ab87e3dee617b3219364e55e9c106432
Author: Joe Guo <joeg at catalyst.net.nz>
Date: Thu May 10 14:53:55 2018 +1200
traffic: optimize packet init for better performance
When we run traffic_replay, we are creating millions of Packet objects.
So small change in Packet.__init__ will make big difference.
By initializing packet with converted values without parsing string, the time
cost for 3961148 calls of Packet.__init__ dcrease from 17s to 4s, according
to cProfile.
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit 2fc6cbb8cb4931f7f4b130817859d2a283ac541c
Author: Joe Guo <joeg at catalyst.net.nz>
Date: Wed May 2 22:22:52 2018 +0000
traffic: fix userAccountControl for machine account
change userAccountControl from
UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD
to
UF_TRUSTED_FOR_DELEGATION | UF_SERVER_TRUST_ACCOUNT
This will fix NetrServerPasswordSet2 failure in packet_rpc_netlogon_30
while testing against windows.
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
commit 72f98f9763669887482cf430c7734b0a0d69cc1b
Author: Joe Guo <joeg at catalyst.net.nz>
Date: Wed May 2 22:12:51 2018 +0000
traffic: change machine creds secure channel type
SEC_CHAN_WKSTA --> SEC_CHAN_BDC
This will fix netlogon failure against windows.
Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
python/samba/emulate/traffic.py | 94 +++++++-------
python/samba/emulate/traffic_packets.py | 3 +-
python/samba/tests/emulate/traffic_packet.py | 181 ++++++++++++++-------------
3 files changed, 145 insertions(+), 133 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/emulate/traffic.py b/python/samba/emulate/traffic.py
index 503e1e4..db0fcf7 100644
--- a/python/samba/emulate/traffic.py
+++ b/python/samba/emulate/traffic.py
@@ -42,9 +42,12 @@ from samba.drs_utils import drs_DsBind
import traceback
from samba.credentials import Credentials, DONT_USE_KERBEROS, MUST_USE_KERBEROS
from samba.auth import system_session
-from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_PASSWD_NOTREQD
-from samba.dsdb import UF_NORMAL_ACCOUNT
-from samba.dcerpc.misc import SEC_CHAN_WKSTA
+from samba.dsdb import (
+ UF_NORMAL_ACCOUNT,
+ UF_SERVER_TRUST_ACCOUNT,
+ UF_TRUSTED_FOR_DELEGATION
+)
+from samba.dcerpc.misc import SEC_CHAN_BDC
from samba import gensec
from samba import sd_utils
@@ -135,10 +138,26 @@ class FakePacketError(Exception):
class Packet(object):
"""Details of a network packet"""
- def __init__(self, fields):
- if isinstance(fields, str):
- fields = fields.rstrip('\n').split('\t')
+ def __init__(self, timestamp, ip_protocol, stream_number, src, dest,
+ protocol, opcode, desc, extra):
+ self.timestamp = timestamp
+ self.ip_protocol = ip_protocol
+ self.stream_number = stream_number
+ self.src = src
+ self.dest = dest
+ self.protocol = protocol
+ self.opcode = opcode
+ self.desc = desc
+ self.extra = extra
+ if self.src < self.dest:
+ self.endpoints = (self.src, self.dest)
+ else:
+ self.endpoints = (self.dest, self.src)
+
+ @classmethod
+ def from_line(self, line):
+ fields = line.rstrip('\n').split('\t')
(timestamp,
ip_protocol,
stream_number,
@@ -149,23 +168,12 @@ class Packet(object):
desc) = fields[:8]
extra = fields[8:]
- self.timestamp = float(timestamp)
- self.ip_protocol = ip_protocol
- try:
- self.stream_number = int(stream_number)
- except (ValueError, TypeError):
- self.stream_number = None
- self.src = int(src)
- self.dest = int(dest)
- self.protocol = protocol
- self.opcode = opcode
- self.desc = desc
- self.extra = extra
+ timestamp = float(timestamp)
+ src = int(src)
+ dest = int(dest)
- if self.src < self.dest:
- self.endpoints = (self.src, self.dest)
- else:
- self.endpoints = (self.dest, self.src)
+ return Packet(timestamp, ip_protocol, stream_number, src, dest,
+ protocol, opcode, desc, extra)
def as_summary(self, time_offset=0.0):
"""Format the packet as a traffic_summary line.
@@ -193,14 +201,15 @@ class Packet(object):
return "<Packet @%s>" % self
def copy(self):
- return self.__class__([self.timestamp,
- self.ip_protocol,
- self.stream_number,
- self.src,
- self.dest,
- self.protocol,
- self.opcode,
- self.desc] + self.extra)
+ return self.__class__(self.timestamp,
+ self.ip_protocol,
+ self.stream_number,
+ self.src,
+ self.dest,
+ self.protocol,
+ self.opcode,
+ self.desc,
+ self.extra)
def as_packet_type(self):
t = '%s:%s' % (self.protocol, self.opcode)
@@ -511,7 +520,7 @@ class ReplayContext(object):
self.machine_creds = Credentials()
self.machine_creds.guess(self.lp)
self.machine_creds.set_workstation(self.netbios_name)
- self.machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA)
+ self.machine_creds.set_secure_channel_type(SEC_CHAN_BDC)
self.machine_creds.set_password(self.machinepass)
self.machine_creds.set_username(self.netbios_name + "$")
self.machine_creds.set_domain(self.domain)
@@ -523,7 +532,7 @@ class ReplayContext(object):
self.machine_creds_bad = Credentials()
self.machine_creds_bad.guess(self.lp)
self.machine_creds_bad.set_workstation(self.netbios_name)
- self.machine_creds_bad.set_secure_channel_type(SEC_CHAN_WKSTA)
+ self.machine_creds_bad.set_secure_channel_type(SEC_CHAN_BDC)
self.machine_creds_bad.set_password(self.machinepass[:-4])
self.machine_creds_bad.set_username(self.netbios_name + "$")
if self.prefer_kerberos:
@@ -802,14 +811,15 @@ class Conversation(object):
src, dest = self.guess_client_server()
if not client:
src, dest = dest, src
-
- desc = OP_DESCRIPTIONS.get((protocol, opcode), '')
- ip_protocol = IP_PROTOCOLS.get(protocol, '06')
- fields = [timestamp - self.start_time, ip_protocol,
- '', src, dest,
- protocol, opcode, desc]
- fields.extend(extra)
- packet = Packet(fields)
+ key = (protocol, opcode)
+ desc = OP_DESCRIPTIONS[key] if key in OP_DESCRIPTIONS else ''
+ if protocol in IP_PROTOCOLS:
+ ip_protocol = IP_PROTOCOLS[protocol]
+ else:
+ ip_protocol = '06'
+ packet = Packet(timestamp - self.start_time, ip_protocol,
+ '', src, dest,
+ protocol, opcode, desc, extra)
# XXX we're assuming the timestamp is already adjusted for
# this conversation?
# XXX should we adjust client balance for guessed packets?
@@ -1021,7 +1031,7 @@ def ingest_summaries(files, dns_mode='count'):
f = open(f)
print("Ingesting %s" % (f.name,), file=sys.stderr)
for line in f:
- p = Packet(line)
+ p = Packet.from_line(line)
if p.protocol == 'dns' and dns_mode != 'include':
dns_counts[p.opcode] += 1
else:
@@ -1657,7 +1667,7 @@ def create_machine_account(ldb, instance_id, netbios_name, machinepass):
"objectclass": "computer",
"sAMAccountName": "%s$" % netbios_name,
"userAccountControl":
- str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD),
+ str(UF_TRUSTED_FOR_DELEGATION | UF_SERVER_TRUST_ACCOUNT),
"unicodePwd": utf16pw})
end = time.time()
duration = end - start
diff --git a/python/samba/emulate/traffic_packets.py b/python/samba/emulate/traffic_packets.py
index 1413c8b..3f5db43 100644
--- a/python/samba/emulate/traffic_packets.py
+++ b/python/samba/emulate/traffic_packets.py
@@ -35,7 +35,6 @@ from samba.ntstatus import (
NT_STATUS_OBJECT_NAME_NOT_FOUND,
NT_STATUS_NO_SUCH_DOMAIN
)
-from samba.dcerpc.misc import SEC_CHAN_WKSTA
import samba
samba.ensure_third_party_module("dns", "dnspython")
import dns.resolver
@@ -573,7 +572,7 @@ def packet_rpc_netlogon_30(packet, conversation, context):
# must ends with $, so use get_username instead
# of get_workstation here
context.machine_creds.get_username(),
- SEC_CHAN_WKSTA,
+ context.machine_creds.get_secure_channel_type(),
context.netbios_name,
auth,
pwd)
diff --git a/python/samba/tests/emulate/traffic_packet.py b/python/samba/tests/emulate/traffic_packet.py
index 61fd900..a2c4567 100644
--- a/python/samba/tests/emulate/traffic_packet.py
+++ b/python/samba/tests/emulate/traffic_packet.py
@@ -25,6 +25,7 @@ from samba.auth import system_session
from samba.credentials import MUST_USE_KERBEROS, DONT_USE_KERBEROS
from samba.emulate import traffic_packets as p
from samba.emulate import traffic
+from samba.emulate.traffic import Packet
from samba.samdb import SamDB
import samba.tests
@@ -91,56 +92,58 @@ class TrafficEmulatorPacketTests(samba.tests.TestCase):
shutil.rmtree(self.tempdir)
def test_packet_cldap_03(self):
- packet = traffic.Packet("0.0\t11\t1\t2\t1\tcldap\t3\tsearchRequest\t")
+ packet = Packet.from_line(
+ "0.0\t11\t1\t2\t1\tcldap\t3\tsearchRequest\t")
self.assertTrue(p.packet_cldap_3(packet,
self.conversation,
self. context))
def test_packet_cldap_05(self):
- packet = traffic.Packet("0.0\t11\t1\t1\t2\tcldap\t5\tsearchResDone\t")
+ packet = Packet.from_line(
+ "0.0\t11\t1\t1\t2\tcldap\t5\tsearchResDone\t")
self.assertFalse(p.packet_cldap_5(packet,
self.conversation,
self. context))
def test_packet_dcerpc_00(self):
- packet = traffic.Packet("0.0\t11\t1\t2\t1\tdcerpc\t0\tRequest\t")
+ packet = Packet.from_line("0.0\t11\t1\t2\t1\tdcerpc\t0\tRequest\t")
self.assertFalse(p.packet_dcerpc_0(packet,
self.conversation,
self. context))
def test_packet_dcerpc_02(self):
- packet = traffic.Packet("0.0\t11\t1\t1\t2\tdcerpc\t2\tResponse\t")
+ packet = Packet.from_line("0.0\t11\t1\t1\t2\tdcerpc\t2\tResponse\t")
self.assertFalse(p.packet_dcerpc_2(packet,
self.conversation,
self. context))
def test_packet_dcerpc_03(self):
- packet = traffic.Packet("0.0\t11\t1\t1\t2\tdcerpc\t3\t\t")
+ packet = Packet.from_line("0.0\t11\t1\t1\t2\tdcerpc\t3\t\t")
self.assertFalse(p.packet_dcerpc_3(packet,
self.conversation,
self. context))
def test_packet_dcerpc_11(self):
- packet = traffic.Packet("0.0\t11\t1\t2\t1\tdcerpc\t11\tBind\t")
+ packet = Packet.from_line("0.0\t11\t1\t2\t1\tdcerpc\t11\tBind\t")
self.assertFalse(p.packet_dcerpc_11(packet,
self.conversation,
self. context))
def test_packet_dcerpc_13(self):
- packet = traffic.Packet("0.0\t11\t1\t2\t1\tdcerpc\t13\t\t")
+ packet = Packet.from_line("0.0\t11\t1\t2\t1\tdcerpc\t13\t\t")
self.assertFalse(p.packet_dcerpc_13(packet,
self.conversation,
self. context))
def test_packet_dcerpc_14(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t11\t1\t2\t1\tdcerpc\t14\tAlter_context\t")
self.assertFalse(p.packet_dcerpc_14(packet,
self.conversation,
self. context))
def test_packet_dcerpc_15(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t11\t1\t1\t2\tdcerpc\t15\tAlter_context_resp\t")
# Set user_creds MUST_USE_KERBEROS to suppress the warning message.
self.context.user_creds.set_kerberos_state(MUST_USE_KERBEROS)
@@ -149,70 +152,70 @@ class TrafficEmulatorPacketTests(samba.tests.TestCase):
self. context))
def test_packet_dcerpc_16(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t11\t1\t1\t2\tdcerpc\t16\tAUTH3\t")
self.assertFalse(p.packet_dcerpc_16(packet,
self.conversation,
self. context))
def test_packet_dns_01(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t11\t1\t1\t2\tdns\t1\tresponse\t")
self.assertFalse(p.packet_dns_1(packet,
self.conversation,
self. context))
def test_packet_drsuapi_00(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t1\t2\tdrsuapi\t0\tDsBind\t")
self.assertTrue(p.packet_drsuapi_0(packet,
self.conversation,
self. context))
def test_packet_drsuapi_01(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t1\t2\tdrsuapi\t1\tDsUnBind\t")
self.assertTrue(p.packet_drsuapi_1(packet,
self.conversation,
self. context))
def test_packet_drsuapi_02(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t1\t2\tdrsuapi\t2\tDsReplicaSync\t")
self.assertFalse(p.packet_drsuapi_2(packet,
self.conversation,
self. context))
def test_packet_drsuapi_03(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t1\t2\tdrsuapi\t3\tDsGetNCChanges\t")
self.assertFalse(p.packet_drsuapi_3(packet,
self.conversation,
self. context))
def test_packet_drsuapi_04(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t1\t2\tdrsuapi\t4\tDsReplicaUpdateRefs\t")
self.assertFalse(p.packet_drsuapi_4(packet,
self.conversation,
self. context))
def test_packet_drsuapi_12(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t1\t2\tdrsuapi\t12\tDsCrackNames\t")
self.assertTrue(p.packet_drsuapi_12(packet,
self.conversation,
self. context))
def test_packet_drsuapi_13(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t1\t2\tdrsuapi\t13\tDsWriteAccountSpn\t")
self.assertTrue(p.packet_drsuapi_13(packet,
self.conversation,
self. context))
def test_packet_epm_03(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t1\t2\tepm\t3\tMap\t")
self.assertFalse(p.packet_epm_3(packet,
self.conversation,
@@ -222,7 +225,7 @@ class TrafficEmulatorPacketTests(samba.tests.TestCase):
"""Kerberos packets are not generated, but are used as a hint to
favour kerberos.
"""
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t11\t1\t1\t2\tkerberos\t\t\t")
self.assertFalse(p.packet_kerberos_(packet,
self.conversation,
@@ -243,14 +246,14 @@ class TrafficEmulatorPacketTests(samba.tests.TestCase):
self.credentials.set_kerberos_state(DONT_USE_KERBEROS)
def test_packet_ldap(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t1\t2\tldap\t\t*** Unknown ***\t")
self.assertFalse(p.packet_ldap_(packet,
self.conversation,
self. context))
def test_packet_ldap_00_sasl(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t2\t1\tldap\t0\tbindRequest"
"\t\t\t\t\t3\tsasl\t1.3.6.1.5.5.2")
self.assertTrue(p.packet_ldap_0(packet,
@@ -258,7 +261,7 @@ class TrafficEmulatorPacketTests(samba.tests.TestCase):
self. context))
def test_packet_ldap_00_simple(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t2\t1\tldap\t0\tbindRequest"
"\t\t\t\t\t0\tsimple\t")
self.assertTrue(p.packet_ldap_0(packet,
@@ -266,21 +269,21 @@ class TrafficEmulatorPacketTests(samba.tests.TestCase):
self. context))
def test_packet_ldap_01(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t1\t2\tldap\t1\tbindResponse\t")
self.assertFalse(p.packet_ldap_1(packet,
self.conversation,
self. context))
def test_packet_ldap_02(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t2\t1\tldap\t2\tunbindRequest\t")
self.assertFalse(p.packet_ldap_2(packet,
self.conversation,
self. context))
def test_packet_ldap_03(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t2\t1\tldap\t3\tsearchRequest"
"\t2\tDC,DC\t\tcn\t\t\t")
self.assertTrue(p.packet_ldap_3(packet,
@@ -288,21 +291,21 @@ class TrafficEmulatorPacketTests(samba.tests.TestCase):
self. context))
def test_packet_ldap_04(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t1\t2\tldap\t4\tsearchResEntry\t")
self.assertFalse(p.packet_ldap_4(packet,
self.conversation,
self. context))
def test_packet_ldap_05(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t1\t2\tldap\t5\tsearchResDone\t")
self.assertFalse(p.packet_ldap_5(packet,
self.conversation,
self. context))
def test_packet_ldap_06(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t2\t1\tldap\t6\tmodifyRequest\t"
"\t\t\t\t0\tadd")
self.assertFalse(p.packet_ldap_6(packet,
@@ -310,420 +313,420 @@ class TrafficEmulatorPacketTests(samba.tests.TestCase):
self. context))
def test_packet_ldap_07(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t1\t2\tldap\t7\tmodifyResponse\t")
self.assertFalse(p.packet_ldap_7(packet,
self.conversation,
self. context))
def test_packet_ldap_08(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t2\t1\tldap\t8\taddRequest\t")
self.assertFalse(p.packet_ldap_8(packet,
self.conversation,
self. context))
def test_packet_ldap_09(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t1\t2\tldap\t9\taddResponse\t")
self.assertFalse(p.packet_ldap_9(packet,
self.conversation,
self. context))
def test_packet_ldap_16(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t2\t1\tldap\t16\tabandonRequest\t")
self.assertFalse(p.packet_ldap_16(packet,
self.conversation,
self. context))
def test_packet_lsarpc_00(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t2\t1\tlsarpc\t0\tlsa_Close\t")
self.assertFalse(p.packet_lsarpc_1(packet,
self.conversation,
self. context))
def test_packet_lsarpc_01(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t2\t1\tlsarpc\t1\tlsa_Delete\t")
self.assertFalse(p.packet_lsarpc_1(packet,
self.conversation,
self. context))
def test_packet_lsarpc_02(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t2\t1\tlsarpc\t2\tlsa_EnumeratePrivileges\t")
self.assertFalse(p.packet_lsarpc_2(packet,
self.conversation,
self. context))
def test_packet_lsarpc_03(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
"0.0\t06\t1\t2\t1\tlsarpc\t3\tlsa_QuerySecurityObject\t")
self.assertFalse(p.packet_lsarpc_3(packet,
self.conversation,
self. context))
def test_packet_lsarpc_04(self):
- packet = traffic.Packet(
+ packet = Packet.from_line(
--
Samba Shared Repository
More information about the samba-cvs
mailing list