summaryrefslogtreecommitdiff
path: root/python
Commit message (Collapse)AuthorAgeFilesLines
* samba_kcc: debugging: say intrasite when we mean intrasiteGarming Sam2017-06-231-1/+1
| | | | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Fri Jun 23 06:45:47 CEST 2017 on sn-devel-144
* samba_kcc: drop all connections from non-existent DSAsDouglas Bagnall2017-06-231-2/+3
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* samba_kcc: comment typoDouglas Bagnall2017-06-231-1/+1
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* samba_kcc: avoid crash on odd networks with --dot-file-dirDouglas Bagnall2017-06-231-0/+4
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* python/getopt: -d/--debuglevel saves value in options for scriptsDouglas Bagnall2017-06-231-0/+1
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* python/tests: test SMB1 and SMB2/3 in auth_log.pyStefan Metzmacher2017-06-221-2/+47
| | | | | | | | We should do this explicitly in order to make the tests independent of 'client max protocol'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* pycredentials: Add support for netr_crypt_passwordGary Lockyer2017-06-221-1/+45
| | | | | | | | | | Add code to encrypt a netr_CryptPassword structure with the current session key. This allows the making of Netr_ServerPasswordSet2 calls from python. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* pycredentials: add function to return the netr_AuthenticatorGary Lockyer2017-06-221-0/+241
| | | | | | | | | | | Add method new_client_authenticator that returns data to allow a netr_Authenticator to be constructed. Allows python to make netr_LogonSamLogonWithFlags, netr_LogonGetDomainInfo and similar calls Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Tests lsa.String: add String constructor, str and reprGary Lockyer2017-06-221-0/+79
| | | | | | | | | Tests for the String constructor, str and repr methods added to the samba.dcerpc.lsa.String python object Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: confirm that two attributes are also correctly set in the @ recordsAndrew Bartlett2017-06-161-2/+39
| | | | | | | | This shows that the current behaviour in dsdb_schema_set_indices_and_attributes(), while not ideal, is not actually buggy. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* python/test: delete_force() passes on command line argsDouglas Bagnall2017-06-151-2/+2
| | | | | | | | | | | This allows you to use e.g.: delete_force(self.ldb, ou, controls=['tree_delete:1']) Only in tests of course. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* repl: Set GET_ALL_GROUP_MEMBERSHIP flag in the drepl serverGarming Sam2017-06-151-1/+0
| | | | | | | | | | | | Although we do not currently support this in the server, this will cause data loss against a Windows DC unless we set this flag as per the docs. This flag is required for the RODC. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Thu Jun 15 05:31:59 CEST 2017 on sn-devel-144
* selftest: Pass the dcerpc binding object to self.waitForMessages in auth_logAndrew Bartlett2017-06-152-8/+8
| | | | | | | | | This ensures that object is not cleaned up, triggering a disconnect before we get back the audit messages. Otherwise they can be lost when the server task calls exit() while the message thread is still trying to send them. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: Add test for gss_krb5/ntlmssp -> SPNEGOAndrew Bartlett2017-06-151-2/+11
| | | | | | | These bare mechs are permitted to go direct to SPNEGO, which must cope with them Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: Add pygensec tests for GSS-SPNEGO and Win2000 emulated SPNEGOAndrew Bartlett2017-06-151-6/+55
| | | | | | | This is to provide some unit testing coverage for these different modes of operation Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: Add a test for @ATTRIBUTES and @INDEXLIST generationAndrew Bartlett2017-06-151-0/+138
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* python/samba/tests: don't use hardcoded names in *pam_winbind* testsStefan Metzmacher2017-06-132-4/+19
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* python: Port simple libpython module to Python 3 compatible formLumir Balhar2017-06-132-9/+11
| | | | | | Signed-off-by: Lumir Balhar <lbalhar@redhat.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* join.py Add DNS records at domain join timeAndrew Bartlett2017-06-111-3/+197
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This avoids issues getting replication going after the DC first starts as the rest of the domain does not have to wait for samba_dnsupdate to run successfully We do not just run samba_dnsupdate as we want to strictly operate against the DC we just joined: - We do not want to query another DNS server - We do not want to obtain a Kerberos ticket for the new DC (as the KDC we select may not be the DC we just joined, and so may not be in sync with the password we just set) - We do not wish to set the _ldap records until we have started - We do not wish to use NTLM (the --use-samba-tool mode forces NTLM) The downside to using DCE/RPC rather than DNS is that these will be regarded as static entries, and (against windows) have a the ACL assigned for static entries. However this is still better than no DNS at all. Because some tests want a DNS record matching their own name this fixes some tests and removes entires from knownfail Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Jun 11 02:04:52 CEST 2017 on sn-devel-144
* selftest: Add test confirming join-created DNS entries can be modified as the DCAndrew Bartlett2017-06-101-6/+68
| | | | | | | This ensures that samba_dnsupdate can run in the long term against the new DNS entries Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: Test join.py and confirm that the DNS record is createdAndrew Bartlett2017-06-101-0/+113
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* provision: Allow removing an existing account when force=True is setAndrew Bartlett2017-06-101-22/+23
| | | | | | | This allows a practical override for use in test scripts Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* provision: Move default handler for site=None down into dc_join object creationAndrew Bartlett2017-06-102-3/+3
| | | | | | | This makes this code easier to call from a test script Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: Use TestCaseInTempDir as base class in dns testsAndrew Bartlett2017-06-101-2/+2
| | | | | | | This will help when we add a new join test based on this code Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: Create new common base class for dns.py and dns_tkey.pyAndrew Bartlett2017-06-103-580/+435
| | | | | This will allow more DNS tests to be written in the future with less code duplication.
* selftest: merge DNSTest boilerplateAndrew Bartlett2017-06-102-88/+196
| | | | | | | | | | This will help unifying dns.py and dns_tkey.py to use common subclasses The code was originally copied, but has since divereged. This handles that divergence. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: move make_txt_record() onto self in samba.tests.dnsAndrew Bartlett2017-06-101-14/+14
| | | | | | | This will help unifying dns.py and dns_tkey.py to use common subclasses Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dns_server: clobber MNAME in the SOAAndrew Bartlett2017-06-101-1/+1
| | | | | | | | Otherwise, we always report the first server we created/provisioned the AD domain on which does not match AD behaviour. AD is multi-master so all RW servers are a master. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: run dns tests in multiple envsAndrew Bartlett2017-06-101-52/+102
| | | | | | | | This will let us check the negative behaviour: that updates against RODCs fail and un-authenticated updates fail. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: confirm we clobber the MNAME in the SOA query in the DNS serverAndrew Bartlett2017-06-101-0/+18
| | | | | | | All RW DCs should be their own master DNS server. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* join.py: Do not expose the old machine password over NTLM if -k yes was setAndrew Bartlett2017-06-101-0/+1
| | | | | | | | | This makes the test for a valid machine account stricter (as a kerberos error could cause this to fail and so skip the validation), but we never wish to use NTLM if the administrator disabled it on the command line Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* pydsdb_dns: Allow the partition DN to be specified into py_dsdb_dns_lookupAndrew Bartlett2017-06-101-2/+6
| | | | | | | | | This allows lookups to be confined to one partition, which in turn avoids issues when running this against MS Windows, which does not match Samba behaviour for dns_common_zones() Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* python: Allow sd_utils to take a Dn object, not just a string DNAndrew Bartlett2017-06-101-1/+5
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* pydns: Also return the DN of the LDB object when finding a DNS recordAndrew Bartlett2017-06-101-2/+2
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* samba-tool: You cannot add members to a group if the member exists as a ↵Rowland Penny2017-06-092-3/+8
| | | | | | | | | | sAMAccountName and a CN. Signed-off-by: Rowland Penny <rpenny@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Fri Jun 9 23:24:47 CEST 2017 on sn-devel-144
* samba tool - tests: Fix shell metacharacters in generated passwordGary Lockyer2017-06-092-4/+16
| | | | | | | | | | | | | | | | Restrict the random password to [A-Za-z0-9] to ensure there are no shell metacharacters in the generated password. The tests use "samba-tool user create" to create the test user. Occasionally the generated password contained shell metachatacters and the command failed. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jun 9 09:50:28 CEST 2017 on sn-devel-144
* provision: Update root DNS servers listAmitay Isaacs2017-06-091-3/+11
| | | | | Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool/spn: Add a missing newline to error messageGarming Sam2017-05-301-2/+2
| | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python: Create the kdc.conf in the Samba private directoryAndreas Schneider2017-05-264-41/+17
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python: Do not use the glue code directlyAndreas Schneider2017-05-261-2/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests net_join: use private secrets database.Gary Lockyer2017-05-253-6/+105
| | | | | | | | | Tests were leaving entries in the secrets database that caused subsequent test cases to fail. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth_log: Add test that execises the SamLogon python bindingsGary Lockyer2017-05-251-0/+181
| | | | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests password_hash: Add ldap based tests for WDigestGary Lockyer2017-05-252-28/+171
| | | | | | | | | | | Add tests of the WDigest values using ldap. This allows the tests to be run against Windows, to validate the calculated values. Tests validated against Windows Server 2012 R2 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests password_hash: update array indexes for readabliityGary Lockyer2017-05-251-30/+31
| | | | | | | | | Use an n-1 pattern in the indexes to the digest array to simplify checking against the documentation and samba-tool user tests. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool add support for userPasswordGary Lockyer2017-05-251-22/+88
| | | | | | | | | | | | | | | Changes to virtualCryptSHA256 and virtualCryptSHA512 attributes. The values are now calculated as follows: 1) If a value exists in 'Primary:userPassword' with the specified number of rounds it is returned. 2) If 'Primary:CLEARTEXT, or 'Primary:SambaGPG' with '--decrypt-samba-gpg'. Calculate a hash with the specified number of rounds 3) Return the first {CRYPT} value in 'Primary:userPassword' with a matching algorithm Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool tests: add tests for userPasswordGary Lockyer2017-05-251-5/+248
| | | | | | | | | | Tests to ensure that precomputed SHA256 and SHA512 hashes in 'supplementalCredentials Primary:userPassword' are used correctly in the calculation of virtualCryptSHA256 and virtualCryptSHA512 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests password_hash: add tests for Primary:userPasswordGary Lockyer2017-05-254-2/+334
| | | | | | | | | Add tests to verify the generation and storage of sha256 and sha512 password hashes in suplementalCredentials Primary:userPassword Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests password_hash: fix white space issuesGary Lockyer2017-05-251-4/+4
| | | | | | | | Clean up white space issues in password_hash.py Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests password_hash: remove unused importGary Lockyer2017-05-251-1/+0
| | | | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool user: add rounds option to virtualCryptSHAxxxGary Lockyer2017-05-251-7/+78
| | | | | | | | | | | | Allow the number of rounds to be specified when calculating the virtualCryptSHA256 and virtualCryptSHA512 attributes. i.e. --attributes="virtualCryptSHA256;rounds=3000" will calculate the hash using 3,000 rounds. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status