summaryrefslogtreecommitdiff
path: root/python
Commit message (Collapse)AuthorAgeFilesLines
* dbcheck: Allow a dangling forward link outside our known NCsAndrew Bartlett2020-07-291-1/+23
| | | | | | | | | | | | If we do not have the NC of the target object we can not be really sure that the object is redundent and so we want to keep it for now and not (as happened until now) break the dbcheck run made during the replication stage of a "samba-tool domain backup rename". BUG: https://bugzilla.samba.org/show_bug.cgi?id=14450 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* python: samba.compat rejects Python 2Douglas Bagnall2020-07-171-71/+2
| | | | | | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jul 17 08:39:38 UTC 2020 on sn-devel-184
* python: wrap 'import dckeytab' in an explanatory functionDouglas Bagnall2020-07-173-2/+24
| | | | | | | | | | | | The samba.dckeytab module has magic effects on samba.net, but never appears to be used. That can be confusing, both to people and to linters. Here we wrap that confusion up into a well-commented function, so we never again have to wonder why the unused import is there. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
* python/join: use the provided krbtgt link in cleanup_old_accountsDouglas Bagnall2020-07-171-1/+1
| | | | | | | | | Before we were putting it in an otherwise unused variable, and deleting the previous krbtgt_dn, if any. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
* python/upgradehelpers: remove unused imports and variablesDouglas Bagnall2020-07-171-1/+1
| | | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
* samba-tool ntacl: remove unused imports and variablesDouglas Bagnall2020-07-171-1/+1
| | | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
* python/ms_forest_updates_markdown: avoid implicit global variableDouglas Bagnall2020-07-171-1/+1
| | | | | | | | out_dict would have been shared across all calls, aggregating values as it went. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
* dbcheck: omit unused argument in err_wrong_default_sdDouglas Bagnall2020-07-171-2/+2
| | | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
* selftest: Add basic smbcacls test(s)Noel Power2020-07-072-0/+280
| | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2020-14303 Ensure an empty packet will not DoS the NBT serverAndrew Bartlett2020-07-021-0/+19
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2020-10745: pytests: hand-rolled invalid dns/nbt packet testsDouglas Bagnall2020-07-021-0/+211
| | | | | | | | | | | | The client libraries don't allow us to make packets that are broken in certain ways, so we need to construct them as byte strings. These tests all fail at present, proving the server is rendered unresponsive, which is the crux of CVE-2020-10745. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* tls: Use NORMAL:-VERS-SSL3.0 as the default configurationAndreas Schneider2020-07-011-21/+0
| | | | | | | | | | | | | | | This seems to be really broken in GnuTLS and the documentation is also not correct. This partially reverts 53e3a959b958a3b099df6ecc5f6e294e96bd948e BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jul 1 14:56:33 UTC 2020 on sn-devel-184
* selftest: Split samba.tests.samba_tool.user_virtualCryptSHA into GPG and not ↵Andrew Bartlett2020-07-013-0/+564
| | | | | | | | | | | | GPG parts This allows the userPassword (not GPG) part of the test to run on hosts without python3-gpg (eg RHEL7) while still testing the userPassword handling. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14424 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* gpo: Test samba-tool gpo admxloadDavid Mulder2020-06-231-0/+25
| | | | | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): David Mulder <dmulder@samba.org> Autobuild-Date(master): Tue Jun 23 17:53:22 UTC 2020 on sn-devel-184
* samba-tool: add command for installing gpo samba admxDavid Mulder2020-06-231-0/+72
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* gpo: Test gpo scripts applyDavid Mulder2020-06-231-1/+47
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* gpo: Run Group Policy ScriptsDavid Mulder2020-06-231-0/+53
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* Create Registry.pol group policy extension parserDavid Mulder2020-06-231-2/+12
| | | | | | | | Create a parent class for parsing Registry.pol files by group policy extensions. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* python: Correctly re-raise the LdbError if the embedded error is not ↵Andrew Bartlett2020-06-231-1/+1
| | | | | | | | | | | | | | | | | ldb.ERR_UNWILLING_TO_PERFORM The current code attempts a SAMR based password set for all errors, we want to continue on LDAP or local LDB (in the restore case) unless we really got the specific error given by Windows 2000. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14414 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@suse.com> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Tue Jun 23 05:07:00 UTC 2020 on sn-devel-184
* python: Fix get_max_worker_count() to always have two runnersAndreas Schneider2020-06-191-3/+3
| | | | | | | | | | | Thanks to Jim Brown. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: David Mulder <dmulder@suse.com> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jun 19 19:54:04 UTC 2020 on sn-devel-184
* python: Run cmdline tools for arbitary docs test in parallelAndreas Schneider2020-06-191-90/+120
| | | | | | | | | | | | Running samba.tests.docs on my machine: before -> (2m6.952s) after -> (22.298s) Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jun 19 10:59:30 UTC 2020 on sn-devel-184
* python: Run cmdline tools for default docs test in parallelAndreas Schneider2020-06-191-56/+93
| | | | | | | | Running samba.tests.docs on my machine: before -> (3m52.582s) after -> (2m6.952s) Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:lib:tls: Use better priority lists for modern GnuTLSAndreas Schneider2020-06-171-0/+20
| | | | | | | | | | | | | | | We should use the default priority list. That is a good practice, because TLS protocol hardening and phasing out of legacy algorithms, is easier to co-ordinate when happens at a single place. See crypto policies of Fedora. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jun 17 17:42:02 UTC 2020 on sn-devel-184
* docs: Add caution against extending this listAndrew Bartlett2020-06-171-0/+3
| | | | | | | | | | We want correct documentation if at all possible. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jun 17 15:48:06 UTC 2020 on sn-devel-184
* docs: Remove defaults test exception for "mit kdc command"Andrew Bartlett2020-06-171-1/+0
| | | | | | This ensures the documentation matches the code. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* docs: Ensure "use mmap" always has the correct defaultAndrew Bartlett2020-06-171-1/+0
| | | | | | We clarify the smb.conf manpage entry for "use mmap" to match the actual behaviour Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* python: do not always import socket_serverDouglas Bagnall2020-06-132-4/+1
| | | | | | | | This cost around 10ms for every Python script, and was only used in one test. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python: do not always import urllibDouglas Bagnall2020-06-132-7/+1
| | | | | | | | | | Only provision.py wants a function from urllib, but we were importing it in samba.compat, which is imported by samba, mening that every python script importing anything from samba took 40ms longer to start up. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: test forwardable flag in cross-realm tgt ticketsIsaac Boukris2020-06-122-0/+181
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: allow EncASRepPart to be encoded as EncTGSRepPartIsaac Boukris2020-06-121-1/+6
| | | | | | | | | | that's how MIT kdc encodes it, clients accept both. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool dns query --help: Someone forgot 'PTR' from the list of record typesRowland Penny2020-06-111-1/+2
| | | | | | | | Signed-off-by: Rowland Penny <rpenny@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jun 11 04:37:37 UTC 2020 on sn-devel-184
* tests/pysmbd: fill session unix info in ntacl testsBjörn Baumbach2020-06-051-4/+18
| | | | | | | | | Valid unix info is required. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
* python/samba/provision: set unix session info for user session, used for ↵Björn Baumbach2020-06-051-0/+5
| | | | | | | | | | | | sysvol acl reset The unix session info is required and expected by e.g. many vfs modules. Missing unix session info leads to samba panic. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
* python: fix slow's mail addressBjörn Baumbach2020-06-051-1/+1
| | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Ralph Boehme <slow@samba.org>
* selftest: add python S4U2Self tests including unkeyed checksumsIsaac Boukris2020-05-156-1/+327
| | | | | | | | | | | | | To test the CRC32 I reverted the unkeyed-checksum fix (43958af1) and the weak-crypto fix (389d1b97). Note that the unkeyed-md5 still worked even with weak-crypto disabled, and that the unkeyed-sha1 never worked but I left it anyway. Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri May 15 12:25:40 UTC 2020 on sn-devel-184
* selftest: Add test for handling of "short" dnsProperty recordsAndrew Bartlett2020-05-151-0/+51
| | | | | | | | | | | These have been known to be given by Windows DCs that share the same domain as while invalid, they are not format-checked inbound when set by the DNS Manager MMC applet over the dnsserver pipe to Windows. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14310 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* librpc/idl: Add dnsp_DnsProperty_shortAndrew Bartlett2020-05-151-0/+21
| | | | | | | | | | | | | This will be used by a test and the DNS server code to parse short dnsProperty records which come from Windows servers. This example is from the value that caused Samba to fail as it can not be parsed as a normal dnsp_DnsProperty BUG: https://bugzilla.samba.org/show_bug.cgi?id=14310 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* s4 cldap server tests: request size limit testsGary Lockyer2020-05-101-0/+198
| | | | | | | Add tests for packet size limits. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4 ldap server tests: request size limit testsGary Lockyer2020-05-101-12/+519
| | | | | | | Extra tests for ldap maximum request size limits. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Fix clang 9 missing-field-initializer warningsGary Lockyer2020-05-081-1/+1
| | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
* CVE-2020-10704: ldapserver tests: Limit search request sizesGary Lockyer2020-05-041-0/+234
| | | | | | | | | | | | | Add tests to ensure that overly long (> 256000 bytes) LDAP search requests are rejected. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool: fetch "no such subcommand" error and print error messageBjörn Baumbach2020-04-291-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch especially improves the case where extra arguments are used. Without this patch just the attributes are mentioned as invalid, if samba-tool is called with an invalid/unknown subcommand. Example without this patch: # samba-tool sites list --all Usage: samba-tool sites <subcommand> samba-tool sites: error: no such option: --all This can be deceptive for users. Is looks like the "list" command does not provide a "--all" option. Example with this patch: # samba-tool sites list --all samba-tool sites: no such subcommand: list Usage: samba-tool sites <subcommand> (...) Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Apr 29 08:08:21 UTC 2020 on sn-devel-184
* traffic_packets: fix SyntaxWarning: "is" with a literalDavid Disseldorp2020-04-271-1/+1
| | | | | | | | | | | | | | | | | Python 3.8 adds this warning via https://bugs.python.org/issue34850: the "is" and "is not" operator sometimes is used with string and numerical literals. This code "works" on CPython by accident, because of caching on different levels (small integers and strings caches, interned strings, deduplicating constants at compile time). But it shouldn't work on other implementations, and can not work even on early or future CPython versions. Reported-by: L. van Belle <belle@samba.org> Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Noel Power <noel.power@suse.com> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Mon Apr 27 12:19:59 UTC 2020 on sn-devel-184
* provision: Remove final code for the LDAP backendAndrew Bartlett2020-04-233-24/+5
| | | | | | | | | | | | The LDAP backend for the Samba AD DC, aiming to store the AD DC in an existing LDAP server was largely removed many years aga, but the other parts were removed in 2b0fc74a0916a6ab0d5ac007cc5e100d4682b2ea. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Apr 23 06:12:20 UTC 2020 on sn-devel-184
* samba-tool group show: only shows global security groups, this patch makes ↵Rowland Penny2020-04-021-3/+2
| | | | | | | | | | | | it show all groups. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14335 Signed-off-by: Rowland Penny <rpenny@samba.org> Reviewed-by: Björn Baumbach <bb@samba.org> Autobuild-User(master): Björn Baumbach <bb@sernet.de> Autobuild-Date(master): Thu Apr 2 15:27:53 UTC 2020 on sn-devel-184
* python/tests/krb5: add simple_tests.py with the first simple testStefan Metzmacher2020-03-272-0/+172
| | | | | | | | | | | | | | | | This just demonstrates that the infrastructure works:-) I'm running this as: SERVER=172.31.9.188 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE \ USERNAME=administrator PASSWORD=A1b2C3d4 SERVICE_USERNAME="w2012r2-188" \ python/samba/tests/krb5/simple_tests.py Pair-Programmed-With: Isaac Boukris <iboukris@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
* python/tests/krb5: add raw_testcase.py as the base for our Kerberos protocol ↵Stefan Metzmacher2020-03-271-0/+869
| | | | | | | | | | testing Pair-Programmed-With: Isaac Boukris <iboukris@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
* python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 codeStefan Metzmacher2020-03-274-11/+1243
| | | | | | | | The pyasn1 bindings are generated by pyasn1gen.py from https://github.com/kimgr/asn1ate.git Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
* python/tests/krb5: add rfc4120.asn1Stefan Metzmacher2020-03-271-0/+392
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
* python/tests/krb5: add support for Cksumtype.MD5Stefan Metzmacher2020-03-271-1/+42
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
View Lorry Controller Status