summaryrefslogtreecommitdiff
path: root/python
Commit message (Collapse)AuthorAgeFilesLines
* samba-tool: Give better error information when the 'domain backup restore' ↵Andrew Bartlett2020-11-261-1/+44
| | | | | | | | | | | | fails with a duplicate SID BUG: https://bugzilla.samba.org/show_bug.cgi?id=14575 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Thu Nov 26 21:15:40 UTC 2020 on sn-devel-184
* Test password removal via python proctitleDavid Mulder2020-11-261-0/+50
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Remove password from samba-tool proctitleHeiko Baumann2020-11-261-0/+48
| | | | | | | | | | | | | This fix makes sure the password is removed from the proctitle of samba-tool so it cannot be exposed by e.g. ps(1). - Moved code to python/samba/getopt.py as suggested by David Mulder - Except ModuleNotFoundError when trying to load setproctitle module - Improved code to keep option separator (space or equal sign) while removing password from proctitle. Signed-off-by: Heiko Baumann <heibau@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Mulder <dmulder@suse.com>
* samba-tool domain backup: Confirm the sidForRestore we will put into the ↵Andrew Bartlett2020-11-261-0/+26
| | | | | | | | | | | backup is free Otherwise the administrator might only find there is a problem once they attempt to restore the domain! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14575 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* tests: SMB2 rename fails to check del-on-close on dst dirVolker Lendecke2020-11-191-1/+34
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* tests: Factor out prep_creds()Volker Lendecke2020-11-191-16/+8
| | | | | | | 3 times the same code can be put together Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* uptodateness.py: remove what appears to be debugging linesRowland Penny2020-11-191-2/+0
| | | | | | | | | | They do nothing except confuse users. Signed-off-by: Rowland Penny <rpenny@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Thu Nov 19 00:36:58 UTC 2020 on sn-devel-184
* pylibsmb: Move set_acl() to pythonVolker Lendecke2020-11-161-0/+14
| | | | | | | The previous code was not available in threaded environments Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* pylibsmb: Move get_acl() to pythonVolker Lendecke2020-11-161-0/+26
| | | | | | | The previous code was not available in threaded environments Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* pylibsmb: Move deltree to python codeVolker Lendecke2020-11-161-1/+7
| | | | | | | | | | | | | | | This is much shorter. There's also another aspect: I'm working on improving cli_list() to not collect all files before starting to call the callback function. This means that the cli_list cb will be called from within tevent_loop_once(). In pylibsmb.c's deltree code this would create a nested event loop. By moving the deltree code into the python world this nested event loop is avoided. Now the python code will first collect everything and then start to delete, avoiding the nesting. A future development should make listing directories a generator or something like that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* pylibsmb: Add a compatible python-level wrapperVolker Lendecke2020-11-161-0/+19
| | | | | | | | Right now this is empty, but it is the basis for moving complexity out or pylibsmb.c into python code. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* tests python krb5: add arcfour salt testsGary Lockyer2020-11-121-0/+20
| | | | | | | | | | | MIT kerberos returns a salt when ARCFOUR_HMAC_MD5 encryption selected, Heimdal does not. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Nov 12 22:54:22 UTC 2020 on sn-devel-184
* tests python krb5: refactor compatability testsGary Lockyer2020-11-121-6/+18
| | | | | | | | Refactor to aid the adding of tests for the inclusion of a salt when ARCFOUR_HMAC_MD5 encryption selected Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests python krb5: Convert kdc-heimdal to pythonGary Lockyer2020-11-122-0/+220
| | | | | | | | | | | | Implement the tests in source4/torture/krb5/kdc-heimdal.c in python. The following tests were not re-implemented as they are client side tests for the "Orpheus Lyre" attack: TORTURE_KRB5_TEST_CHANGE_SERVER_OUT TORTURE_KRB5_TEST_CHANGE_SERVER_IN TORTURE_KRB5_TEST_CHANGE_SERVER_BOTH Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests python krb5: raw_testcase permit RC4 saltsGary Lockyer2020-11-121-1/+0
| | | | | | | | | MIT kerberos returns a salt when ARCFOUR_HMAC_MD5, this commit removes the check that a salt is not returned. A test for the difference between MIT and Heimdal will be added in the subsequent commits. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests python krb5: Refactor compatability test constantsGary Lockyer2020-11-121-14/+28
| | | | | | | Modify tests to use the constants defined in rfc4120_constants.py Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests python krb5: Refactor canonicalization test constantsGary Lockyer2020-11-121-29/+1
| | | | | | | Modify tests to use the constants defined in rfc4120_constants.py Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests python krb5: Add constants moduleGary Lockyer2020-11-122-0/+50
| | | | | | | | Extract the constants used in the tests into a separate module. To reduce code duplication Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* SambaToolCmdTest: let assertCmdSuccess() escape ']\n' linesStefan Metzmacher2020-11-111-2/+5
| | | | | | | | This gives a much higher chance to see the actual problem without having them filtered by various 'filter-subunit' invocations. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* selftest: Windows 2019 implements the RemoveDollar behaviour for Enterprise ↵Andrew Bartlett2020-11-111-11/+0
| | | | | | | | | | | | principals This is documented in MS-KILE. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Wed Nov 11 02:38:46 UTC 2020 on sn-devel-184
* selftest: Add in encrypted-pa-data from RFC 6806Andrew Bartlett2020-11-112-10/+12
| | | | | | | This comes from Windows 2019 which supports FAST. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* selftest: Fix formatting of failure (traceback and options swapped in format ↵Andrew Bartlett2020-11-111-1/+1
| | | | | | | string) Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* selftest: Make as_canonicalization_tests.py auto-detect the NT4 domain nameAndrew Bartlett2020-11-111-2/+7
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* samdb: Add samdb.domain_netbios_name()Andrew Bartlett2020-11-113-11/+27
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* selftest: Make as_canonicalization_tests.py easier to run outside "make test"Andrew Bartlett2020-11-111-2/+10
| | | | | | | | | | | | | This takes the realm from the LDAP base DN and so avoids one easy mistake to make. So far the NT4 domain name is not auto-detected, so much be read from the smb.conf. By using .guess() the smb.conf is read for the unspecified parts (eg workstation for an NTLM login to the LDAP server if the target server is an IP address). Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* selftest: Fix flipped machine and user constantsAndrew Bartlett2020-11-111-2/+2
| | | | | | | | This naturally does not change the test, but reduces developer confusion. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* selftest: Send enterprise principals tagged as suchAndrew Bartlett2020-11-111-5/+19
| | | | | | | | | This test passed against Samba but failed against Windows when an enterprise principal (user@domain.com@REALM) was encoded as NT_PRINCIPAL. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* tests python krb5: Add python kerberos compatability testsGary Lockyer2020-11-092-0/+175
| | | | | | | | Add new python test to document the differences between the MIT and Heimdal Kerberos implementations. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: add a test for the CreateTrustedDomainRelax wrapperIsaac Boukris2020-11-061-0/+131
| | | | | | | | | | Originally copied from 'source4/scripting/devel/createtrust' (had to drop the TRUST_AUTH_TYPE_VERSION part though, as it fails against samba DC). Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* Use the new CreateTrustedDomainRelax()Isaac Boukris2020-11-061-44/+13
| | | | | | Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* Add CreateTrustedDomainRelax wrapper for fips modeIsaac Boukris2020-11-061-0/+62
| | | | | | Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* selftest: add a test for py dce transport_encryptedIsaac Boukris2020-11-061-1/+22
| | | | | | Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* Revert "cli_credentials_parse_string: fix parsing of principals"Alexander Bokovoy2020-11-051-2/+2
| | | | This reverts commit eb0474d27bae4592b25ac6bf600da29c6a1cb9f8.
* tests python krb5: Add python kerberos canonicalization testsGary Lockyer2020-11-042-0/+500
| | | | | | | | | | Add python canonicalization tests, loosely based on the code in source4/torture/krb5/kdc-canon-heimdal.c. The long term goal is to move the integration level tests out of kdc-canon-heimdal, leaving it as a heimdal library unit test. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests python krb5: Add canonicalize flag to ASN1Gary Lockyer2020-11-042-6/+6
| | | | | | | | Add the canonicalize flag to KerberosFlags, so that it can be used in python based canonicalization tests. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests python krb5: Make PrincipalName_create a class methodGary Lockyer2020-11-041-0/+1
| | | | | | | | Make PrincipalName_create a class method, so it can be used in helper classes. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* cli_credentials_parse_string: fix parsing of principalsAlexander Bokovoy2020-11-041-2/+2
| | | | | | | | | | | | | | | | | | | When parsing a principal-like name, user name was left with full principal instead of taking only the left part before '@' sign. >>> from samba import credentials >>> t = credentials.Credentials() >>> t.parse_string('admin@realm.test', credentials.SPECIFIED) >>> t.get_username() 'admin@realm.test' The issue is that cli_credentials_set_username() does a talloc_strdup() of the argument, so we need to change order of assignment to allow talloc_strdup() to copy the right part of the string. Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: add test for new "samba-tool user unlock" commandBjörn Baumbach2020-11-041-0/+41
| | | | | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Wed Nov 4 00:19:25 UTC 2020 on sn-devel-184
* samba-tool: add new "user unlock" commandBjörn Baumbach2020-11-032-1/+103
| | | | | | | | | | | | Can be used to unlock a user when the badPwdCount has been reached. Introduces SamDB error classes, as suggested by Douglas Bagnall <douglas.bagnall@catalyst.net.nz> - thanks! This helps to handle expected failures. Tracebacks of really unexpected failures will not be hidden. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* tests: avoid returning an already used ID in randomXid()Jule Anger2020-10-291-3/+17
| | | | | | | | | | | | | | | | The error 'uidNumber xxx is already being used.' in the samba tool tests occurs when the random.randint functions returns the same value twice and therefore a user or group with an already used gid or uid should be created. Avoid this error by adding a list that stores the used IDs, so that the randomXid function can check wheter a value is already used before returning it. Signed-off-by: Jule Anger <ja@sernet.de> Reviewed-by: Björn Baumbach <bb@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Oct 29 18:54:24 UTC 2020 on sn-devel-184
* python:tests: Add SAMR password change tests for fipsAndreas Schneider2020-10-291-0/+188
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* DNS Resolver: support both dnspython before and after 2.0.0Alexander Bokovoy2020-10-261-0/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | `dnspython` 2.0.0 has many changes and several deprecations like: ``` > dns.resolver.resolve() has been added, allowing control of whether search lists are used. dns.resolver.query() is retained for backwards compatibility, but deprecated. The default for search list behavior can be set at in the resolver object with the use_search_by_default parameter. The default is False. > dns.resolver.resolve_address() has been added, allowing easy address-to-name lookups. ``` The new class `DNSResolver`: - provides the compatibility layer - defaults the previous behavior (the search list configured in the system's resolver configuration is used for relative names) - defaults lifetime to 15sec (determines the number of seconds to spend trying to get an answer to the question) The compatibility shim was developed by Stanislav Levin for FreeIPA and adopted for Samba by Alexander Bokovoy. Signed-off-by: Stanislav Levin <slev@altlinux.org> Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* py3: Add is_ad_dc_built option to python glueDavid Mulder2020-10-232-0/+13
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python: Create targetdir recursivelyAndreas Schneider2020-10-221-1/+1
| | | | | | | | This fixes `make test` in a release tarball. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* python/tests: add DynamicTestCase setUpDynamicTestCases() infrastructureStefan Metzmacher2020-10-211-0/+27
| | | | | | | | | | | | This can be used in order to run a sepcific test (coded just once) with an autogenerated set of arguments. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531 Pair-Programmed-With: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* python2 reduction: Merge remaining compat code into commonDavid Mulder2020-10-0232-123/+79
| | | | | | | | | | | | | The remaining compat code (get_string, get_bytes, cmp) are useful helper routines which we should simply merge into common (especially since there is some duplication here). Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): David Mulder <dmulder@samba.org> Autobuild-Date(master): Fri Oct 2 14:49:36 UTC 2020 on sn-devel-184
* python: Move dsdb_Dn to samdbDavid Mulder2020-10-026-86/+80
| | | | | | | | | The import dsdb needed for dsdb_Dn causes import errors when trying to import get_bytes/get_string in some places. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* samba-tool tests: rename 'contact create' to 'contact add'Jule Anger2020-10-011-5/+5
| | | | | | | | | Signed-off-by: Jule Anger <ja@sernet.de> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Thu Oct 1 02:44:09 UTC 2020 on sn-devel-184
* samba-tool contact: rename 'contact create' to 'contact add'Jule Anger2020-10-011-10/+11
| | | | | | | | Keep 'contact create' for compatibility reasons. Signed-off-by: Jule Anger <ja@sernet.de> Reviewed-by: Björn Baumbach <bb@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* samba-tool tests: rename 'group create' to 'group add'Jule Anger2020-10-011-1/+1
| | | | | | Signed-off-by: Jule Anger <ja@sernet.de> Reviewed-by: Björn Baumbach <bb@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
View Lorry Controller Status