summaryrefslogtreecommitdiff
path: root/python/samba
AgeCommit message (Collapse)AuthorFilesLines
2020-08-06gpo: Extract Access policy from Security extensionDavid Mulder2-89/+50
Rewrite the extension to be easier to understand, and to remove references to gp_ext_setter. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Extract Kerberos policy from Security extensionDavid Mulder2-30/+64
Rewrite the extension to be easier to understand, and to remove references to gp_ext_setter. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Add RSOP output for Scripts ExtensionDavid Mulder1-0/+16
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Add RSOP output for Security ExtensionDavid Mulder1-0/+16
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Test samba-gpupdate --rsopDavid Mulder1-0/+64
Test that the rsop command produces the expected output. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Add --rsop option to samba-gpupdateDavid Mulder1-0/+38
This command prints the Resultant Set of Policy for applicable GPOs, for either the Computer or User policy (depending on the target specified). Policy specific output must be implemented for each client side extension. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Properly decode utf-8/16 inf files from bytesDavid Mulder1-3/+3
This code was python 2 specific (string handling has changed dramatically in python 3), and didn't correctly decode utf-16 in python3. We should instead read the file as bytes, then attempt a utf-8 decode (the default), and try utf-16 if encountering a decode failure. The existing code actually throws an exception on the initial file read when the data is utf-16, since it tries to decode the bytes to a utf-8 string. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Test proper decoding of utf-16 inf filesDavid Mulder1-0/+35
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Apply Group Policy Sudo RightsDavid Mulder1-1/+64
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Test Group Policy Sudo RightsDavid Mulder2-0/+67
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Scripts gpo add warning about generated scriptsDavid Mulder1-1/+14
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Scripts extension use 'gp_' prefix, not 'tmp'David Mulder1-2/+2
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Apply Group Policy Weekly ScriptsDavid Mulder1-0/+1
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Test gpo weekly scripts applyDavid Mulder1-0/+1
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Apply Group Policy Monthly ScriptsDavid Mulder1-0/+1
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Test gpo monthly scripts applyDavid Mulder1-0/+1
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Apply Group Policy Hourly ScriptsDavid Mulder1-6/+11
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06gpo: Test gpo hourly scripts applyDavid Mulder1-23/+29
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-03python tests: drop python 2.6 compatibility functionsDouglas Bagnall1-106/+0
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-07-29dbcheck: Allow a dangling forward link outside our known NCsAndrew Bartlett1-1/+23
If we do not have the NC of the target object we can not be really sure that the object is redundent and so we want to keep it for now and not (as happened until now) break the dbcheck run made during the replication stage of a "samba-tool domain backup rename". BUG: https://bugzilla.samba.org/show_bug.cgi?id=14450 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-07-17python: samba.compat rejects Python 2Douglas Bagnall1-71/+2
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jul 17 08:39:38 UTC 2020 on sn-devel-184
2020-07-17python: wrap 'import dckeytab' in an explanatory functionDouglas Bagnall3-2/+24
The samba.dckeytab module has magic effects on samba.net, but never appears to be used. That can be confusing, both to people and to linters. Here we wrap that confusion up into a well-commented function, so we never again have to wonder why the unused import is there. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
2020-07-17python/join: use the provided krbtgt link in cleanup_old_accountsDouglas Bagnall1-1/+1
Before we were putting it in an otherwise unused variable, and deleting the previous krbtgt_dn, if any. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
2020-07-17python/upgradehelpers: remove unused imports and variablesDouglas Bagnall1-1/+1
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
2020-07-17samba-tool ntacl: remove unused imports and variablesDouglas Bagnall1-1/+1
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
2020-07-17python/ms_forest_updates_markdown: avoid implicit global variableDouglas Bagnall1-1/+1
out_dict would have been shared across all calls, aggregating values as it went. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
2020-07-17dbcheck: omit unused argument in err_wrong_default_sdDouglas Bagnall1-2/+2
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
2020-07-07selftest: Add basic smbcacls test(s)Noel Power2-0/+280
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-07-02CVE-2020-14303 Ensure an empty packet will not DoS the NBT serverAndrew Bartlett1-0/+19
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2020-07-02CVE-2020-10745: pytests: hand-rolled invalid dns/nbt packet testsDouglas Bagnall1-0/+211
The client libraries don't allow us to make packets that are broken in certain ways, so we need to construct them as byte strings. These tests all fail at present, proving the server is rendered unresponsive, which is the crux of CVE-2020-10745. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-07-01tls: Use NORMAL:-VERS-SSL3.0 as the default configurationAndreas Schneider1-21/+0
This seems to be really broken in GnuTLS and the documentation is also not correct. This partially reverts 53e3a959b958a3b099df6ecc5f6e294e96bd948e BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jul 1 14:56:33 UTC 2020 on sn-devel-184
2020-07-01selftest: Split samba.tests.samba_tool.user_virtualCryptSHA into GPG and not ↵Andrew Bartlett3-0/+564
GPG parts This allows the userPassword (not GPG) part of the test to run on hosts without python3-gpg (eg RHEL7) while still testing the userPassword handling. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14424 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-06-23gpo: Test samba-tool gpo admxloadDavid Mulder1-0/+25
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): David Mulder <dmulder@samba.org> Autobuild-Date(master): Tue Jun 23 17:53:22 UTC 2020 on sn-devel-184
2020-06-23samba-tool: add command for installing gpo samba admxDavid Mulder1-0/+72
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-06-23gpo: Test gpo scripts applyDavid Mulder1-1/+47
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-06-23gpo: Run Group Policy ScriptsDavid Mulder1-0/+53
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-06-23Create Registry.pol group policy extension parserDavid Mulder1-2/+12
Create a parent class for parsing Registry.pol files by group policy extensions. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-06-23python: Correctly re-raise the LdbError if the embedded error is not ↵Andrew Bartlett1-1/+1
ldb.ERR_UNWILLING_TO_PERFORM The current code attempts a SAMR based password set for all errors, we want to continue on LDAP or local LDB (in the restore case) unless we really got the specific error given by Windows 2000. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14414 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: David Mulder <dmulder@suse.com> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Tue Jun 23 05:07:00 UTC 2020 on sn-devel-184
2020-06-19python: Fix get_max_worker_count() to always have two runnersAndreas Schneider1-3/+3
Thanks to Jim Brown. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: David Mulder <dmulder@suse.com> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jun 19 19:54:04 UTC 2020 on sn-devel-184
2020-06-19python: Run cmdline tools for arbitary docs test in parallelAndreas Schneider1-90/+120
Running samba.tests.docs on my machine: before -> (2m6.952s) after -> (22.298s) Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jun 19 10:59:30 UTC 2020 on sn-devel-184
2020-06-19python: Run cmdline tools for default docs test in parallelAndreas Schneider1-56/+93
Running samba.tests.docs on my machine: before -> (3m52.582s) after -> (2m6.952s) Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-06-17s3:lib:tls: Use better priority lists for modern GnuTLSAndreas Schneider1-0/+20
We should use the default priority list. That is a good practice, because TLS protocol hardening and phasing out of legacy algorithms, is easier to co-ordinate when happens at a single place. See crypto policies of Fedora. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jun 17 17:42:02 UTC 2020 on sn-devel-184
2020-06-17docs: Add caution against extending this listAndrew Bartlett1-0/+3
We want correct documentation if at all possible. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jun 17 15:48:06 UTC 2020 on sn-devel-184
2020-06-17docs: Remove defaults test exception for "mit kdc command"Andrew Bartlett1-1/+0
This ensures the documentation matches the code. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2020-06-17docs: Ensure "use mmap" always has the correct defaultAndrew Bartlett1-1/+0
We clarify the smb.conf manpage entry for "use mmap" to match the actual behaviour Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2020-06-13python: do not always import socket_serverDouglas Bagnall2-4/+1
This cost around 10ms for every Python script, and was only used in one test. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-13python: do not always import urllibDouglas Bagnall2-7/+1
Only provision.py wants a function from urllib, but we were importing it in samba.compat, which is imported by samba, mening that every python script importing anything from samba took 40ms longer to start up. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-12selftest: test forwardable flag in cross-realm tgt ticketsIsaac Boukris2-0/+181
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-12selftest: allow EncASRepPart to be encoded as EncTGSRepPartIsaac Boukris1-1/+6
that's how MIT kdc encodes it, clients accept both. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-06-11samba-tool dns query --help: Someone forgot 'PTR' from the list of record typesRowland Penny1-1/+2
Signed-off-by: Rowland Penny <rpenny@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jun 11 04:37:37 UTC 2020 on sn-devel-184
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-11 10:39:42 +0000