summaryrefslogtreecommitdiff
path: root/python
Commit message (Collapse)AuthorAgeFilesLines
* drs_utils: Add GET_TGT support to 'samba-tool drs replicate --local'Tim Beale2017-08-181-35/+66
| | | | | | | | | | | | | | | | | | | Update drs_Replicate.replicate() so it handles being passed the GET_TGT flag (more_flags). To do this, we need to always use a v10 GetNCChanges request (v8 and v10 are essentially the same except for the more_flags). If the replicate_chunk() call into the C bindings throws an error, check to see whether the error could be fixed by setting the GET_TGT flag, and re-send the request if so. Unfortunately because WERR_DS_DRA_RECYCLED_TARGET isn't documented with the other AD error codes, I've left it hardcoded for now (Microsoft should be fixing up their Docs). Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
* tests: replace traffic_summary test with python blackbox testGary Lockyer2017-08-173-0/+5084
| | | | | | | | | | | | | | Replace the shell subunit test for script/traffic_summary.pl with a python black box test. This involves moving the test files to more standard locations. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Thu Aug 17 07:59:38 CEST 2017 on sn-devel-144
* scripts: Scripts to replay and generate samba trafficGary Lockyer2017-08-1712-0/+4219
| | | | | | | | | | | | | | | | | | | | | | | | Scripts to generate representative network traffic and replay this to a samba instance. For load testing, performance profiling and capacity planning. traffic_learner process a file generated by traffic_summary and generate a model that can be used by traffic_replay to generate samba network traffic. traffic_replay Replay a summary file generated by traffic_summary, or use a model created by traffic_learner to generate network traffic. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Tim Beale <timbeale@catalyst.net.nz>
* blackbox tests: method to check specific exit codesGary Lockyer2017-08-171-3/+12
| | | | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* samba-tool dns query: Allow '*' in namesGary Lockyer2017-08-151-1/+2
| | | | | | | | | | As DNS wild cards are now supported we need to allow '*' characters in the domain names. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
* samba-tool dns: Test support of DNS wild card in namesGary Lockyer2017-08-151-0/+67
| | | | | | | | | | As DNS wild cards are now supported we need to allow '*' characters in the domain names. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
* dnsserver: Tests for dns wildcard entriesGary Lockyer2017-08-151-0/+288
| | | | | | | | | | Add tests for dns wildcards. Tests validated against Windows Server 2012 R2 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
* python:tests: Add test for warn_pwd_expireAndreas Schneider2017-08-072-0/+112
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Aug 7 19:11:02 CEST 2017 on sn-devel-144
* python:tests: Do not overwrite exit codeAndreas Schneider2017-08-071-1/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* python: Fix incorrect kdc.conf parameter name in kerberos.pyMarc Muehlfeld2017-08-071-1/+1
| | | | | Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* tests samba_tool: fix flapping user-virtualCryptSHA testGary Lockyer2017-08-071-3/+11
| | | | | | | | | | | | | | | | | | Fix flapping test, occasionally a password would be generated that failed the password criteria, which resulted in the test user not being created. The tests relying on this user being present then failed. This patch ensures that the generated password contains at least one digit, at least one upper case letter and at least one lower case letter. The generated passwords do not contain special characters to avoid shell escaping issues. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Mon Aug 7 05:34:24 CEST 2017 on sn-devel-144
* dsdb: Fix dsdb_next_callback to correctly use ldb_module_done() etcAndrew Bartlett2017-08-011-0/+23
| | | | | | | | | | | | | | | If we do not call ldb_module_done() then we do not know that up_req->callback() has been called, and ldb_next_request() will call the callback again. If called twice, the new ldb_lock_backend_callback() in ldb 1.2.0 will segfault. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12904 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 1 07:52:38 CEST 2017 on sn-devel-144
* drs_utils: HWM in 'samba-tool drs replicate --local' always zeroTim Beale2017-07-281-6/+6
| | | | | | | | | | | | | | | | | The code to check for the 'repsFrom' highwatermark didn't have any effect because the hwm variable was overwritten (initialized to all zeroes) further down. Using a zero HWM probably wouldn't have impacted functionality because we were still correctly using the uptodatenessvector, which should avoid a full replication. This was introduced in commit e2ba17d26af42974e5d, presumably by accident. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* drs: support sync-forced for 'samba-tool drs replicate --local'Tim Beale2017-07-282-4/+11
| | | | | | | | | | | The sync-forced option wasn't being passed into the replication request when the --local option was used. This meant if outbound replication were disabled on the target DC, then the replicate --local command would fail. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Add and use new helper function get_creds_ccache_name()Andrew Bartlett2017-07-281-0/+7
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* python/getopt: Add --krb5-ccache (for samba-tool etc) to match the C binariesAndrew Bartlett2017-07-281-0/+7
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* pycredentials: Add set_named_ccache()Andrew Bartlett2017-07-281-0/+9
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* selftest: Add tests for credentials.get_named_ccache()Andrew Bartlett2017-07-281-0/+103
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* selftest: Use NETLOGON_NEG_STRONG_KEYS constant in AuthLogTestsNetLogonBadCredsAndrew Bartlett2017-07-251-2/+2
| | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jul 25 03:21:19 CEST 2017 on sn-devel-144
* tests auth_log: Add new tests for NETLOGONGary Lockyer2017-07-242-0/+309
| | | | | | | | | | | | | Tests for the logging of NETLOGON authentications in the netr_ServerAuthenticate3 message processing Test code based on the existing auth_log tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* tests auth_log: Modify existing tests to handle NETLOGON messagesGary Lockyer2017-07-243-0/+29
| | | | | | | | | | | | Modify the existing tests to ignore auth logging for NETLOGON messages. NETLOGON authentication is logged once per session, and is tested separately. Ignoring it in these tests avoids order dependencies. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* auth_log: use symbolic constant to replace /root/ncalrpc_as_systemGary Lockyer2017-07-242-2/+4
| | | | | | | | | Modified to use constant AS_SYSTEM_MAGIC_PATH_TOKEN instead of string literal "/root/ncalrpc_as_system" Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* selftest: Add test for password change when NTLM is disabledTim Beale2017-07-211-13/+33
| | | | | | | | | | | | | | | | When NTLM is disabled, the server should reject NTLM-based password changes. Changing the password is a bit complicated from python, but because the server should reject the password change outright with NTLM_BLOCKED, the test doesn't actually need to provide valid credentials. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 21 13:54:35 CEST 2017 on sn-devel-144
* Add test for 'samba-tool user edit'Rowland Penny2017-07-051-0/+72
| | | | | Signed-off-by: Rowland Penny <rpenny@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* Easily edit a users object in AD, as if using ldbedit.Rowland Penny2017-07-051-1/+138
| | | | | Signed-off-by: Rowland Penny <rpenny@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* python: tests: Add test for tdb_copy function from tdb_util module.Lumir Balhar2017-07-051-0/+53
| | | | | | | | | | Signed-off-by: Lumir Balhar <lbalhar@redhat.com> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jul 5 02:00:25 CEST 2017 on sn-devel-144
* selftest: Add test to confirm NTLM authentication is enabledTim Beale2017-07-041-0/+68
| | | | | | | | | (or later, that it is disabled) Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923
* selftest: Add test for support for MSCHAPv2 and NTLMv1 on a serverAndrew Bartlett2017-07-041-4/+98
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* tests: Add simple check whether netlogon server is runningTim Beale2017-07-041-0/+69
| | | | | | | | | | Netlogon only needs to run in DC environment. This is a simple test to check whether the netlogon service is running. This will allow us to disable the netlogon service on setups that don't require it. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Add tests showing that the CN=CONFIGURATION partition is also lockedAndrew Bartlett2017-07-021-7/+31
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Add new test adding a record to the top level sam.ldb fileAndrew Bartlett2017-07-021-0/+71
| | | | | | | This shows that locks are made on this file as well Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Add more locking more tests, confirming blocking locks in both directionsStefan Metzmacher2017-07-021-7/+162
| | | | | | | | | | | These extended tests allow us to show that a search (read) blocks a transaction commit (write), and that a transaction commit blocks a search. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Add test showing a search can't start while a transaction is already ↵Andrew Bartlett2017-07-021-0/+54
| | | | | | | | | | repared in a backend partition Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Add test showing a search can't start while a transaction is already ↵Andrew Bartlett2017-07-021-1/+53
| | | | | | | | | | repared Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Add a dummy module to replace show_deletedAndrew Bartlett2017-06-301-1/+1
| | | | | | | This helps when we improve show_deleted in a way that the fake database in samba3sam can not cover Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* tests py_credentials: Fix encrypt_netr_crypt_password testGary Lockyer2017-06-291-16/+10
| | | | | | | | | | | | | | | The test uses NetrServerPasswordSet2 to change a password, this tests the end to end encryption. The original call to NetrServerPasswordSet2 was not utf-16 encoding the new password. However the call to netr_DsrEnumerateDomainTrusts was using cached credentials and not using the new password, so this was not detected. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Thu Jun 29 06:50:32 CEST 2017 on sn-devel-144
* samba_kcc: debugging: say intrasite when we mean intrasiteGarming Sam2017-06-231-1/+1
| | | | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Fri Jun 23 06:45:47 CEST 2017 on sn-devel-144
* samba_kcc: drop all connections from non-existent DSAsDouglas Bagnall2017-06-231-2/+3
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* samba_kcc: comment typoDouglas Bagnall2017-06-231-1/+1
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* samba_kcc: avoid crash on odd networks with --dot-file-dirDouglas Bagnall2017-06-231-0/+4
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* python/getopt: -d/--debuglevel saves value in options for scriptsDouglas Bagnall2017-06-231-0/+1
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* python/tests: test SMB1 and SMB2/3 in auth_log.pyStefan Metzmacher2017-06-221-2/+47
| | | | | | | | We should do this explicitly in order to make the tests independent of 'client max protocol'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* pycredentials: Add support for netr_crypt_passwordGary Lockyer2017-06-221-1/+45
| | | | | | | | | | Add code to encrypt a netr_CryptPassword structure with the current session key. This allows the making of Netr_ServerPasswordSet2 calls from python. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* pycredentials: add function to return the netr_AuthenticatorGary Lockyer2017-06-221-0/+241
| | | | | | | | | | | Add method new_client_authenticator that returns data to allow a netr_Authenticator to be constructed. Allows python to make netr_LogonSamLogonWithFlags, netr_LogonGetDomainInfo and similar calls Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Tests lsa.String: add String constructor, str and reprGary Lockyer2017-06-221-0/+79
| | | | | | | | | Tests for the String constructor, str and repr methods added to the samba.dcerpc.lsa.String python object Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: confirm that two attributes are also correctly set in the @ recordsAndrew Bartlett2017-06-161-2/+39
| | | | | | | | This shows that the current behaviour in dsdb_schema_set_indices_and_attributes(), while not ideal, is not actually buggy. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* python/test: delete_force() passes on command line argsDouglas Bagnall2017-06-151-2/+2
| | | | | | | | | | | This allows you to use e.g.: delete_force(self.ldb, ou, controls=['tree_delete:1']) Only in tests of course. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* repl: Set GET_ALL_GROUP_MEMBERSHIP flag in the drepl serverGarming Sam2017-06-151-1/+0
| | | | | | | | | | | | Although we do not currently support this in the server, this will cause data loss against a Windows DC unless we set this flag as per the docs. This flag is required for the RODC. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Thu Jun 15 05:31:59 CEST 2017 on sn-devel-144
* selftest: Pass the dcerpc binding object to self.waitForMessages in auth_logAndrew Bartlett2017-06-152-8/+8
| | | | | | | | | This ensures that object is not cleaned up, triggering a disconnect before we get back the audit messages. Otherwise they can be lost when the server task calls exit() while the message thread is still trying to send them. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: Add test for gss_krb5/ntlmssp -> SPNEGOAndrew Bartlett2017-06-151-2/+11
| | | | | | | These bare mechs are permitted to go direct to SPNEGO, which must cope with them Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
View Lorry Controller Status