summaryrefslogtreecommitdiff
path: root/python/samba
AgeCommit message (Collapse)AuthorFilesLines
2025-08-07py/common: add cmp_with_nones() helper functionDouglas Bagnall2-1/+32
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2025-08-07py:common: normalise_int32 checks bit sizeDouglas Bagnall1-1/+4
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2025-08-07pytests: test normalise_int32 against out-of-range numbersDouglas Bagnall1-0/+3
For example, we don't want to "normalise" 0x9876543210 to 0x9776543210, or 0x200000000 to 0x100000000. That is just causing random damage to 64 bit values without achieving the sign switch. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2025-08-07pytests: move dsdb_dn tests out of commonDouglas Bagnall2-36/+59
dsdb_Dn hasn't been in samba.common since 85d2ff2f0003b106ca84866b7e7893723f1dd93c and the tests should follow. Although dsdb_Dn is currently in samba.samdb, we aren't moving the tests to samba.tests.samdb, because those tests need a real AD environment whereas these ones can run more cheaply in the "none" environment. Another patch will improve the remaining samba.common tests. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2025-08-05auth:creds: Make sure when parsing username that realm is uppercaseAndreas Schneider1-2/+2
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2025-07-31librpc:bcrypt_rsakey_blob: exponent and modulus lengths can't be zeroDouglas Bagnall1-28/+23
Apart from it making no sense, without these ranges we end up allocating a NULL buffer and aborting. We also put a maximum size on the RSA key, in case we could get tricked into a DoS by pulling a large buffer and trying crypto maths on it. 6 0x572ebce2749a in talloc_abort samba/lib/talloc/talloc.c:506:3 7 0x572ebce271d4 in talloc_chunk_from_ptr samba/lib/talloc/talloc.c:0 8 0x572ebce271d4 in __talloc_with_prefix samba/lib/talloc/talloc.c:762:12 9 0x572ebce235f9 in __talloc samba/lib/talloc/talloc.c:825:9 10 0x572ebce235f9 in _talloc_named_const samba/lib/talloc/talloc.c:982:8 11 0x572ebce235f9 in _talloc_memdup samba/lib/talloc/talloc.c:2441:9 12 0x572ebc8f6a4f in data_blob_talloc_named samba/lib/util/data_blob.c:56:25 13 0x572ebc7d23bd in pull_BCRYPT_RSAPUBLIC_BLOB samba/librpc/ndr/ndr_keycredlink.c:878:17 14 0x572ebc7d23bd in ndr_pull_KeyMaterialInternal samba/librpc/ndr/ndr_keycredlink.c:959:10 15 0x572ebc788e90 in LLVMFuzzerTestOneInput samba/bin/default/lib/fuzzing/fuzz_ndr_keycredlink_TYPE_STRUCT.c:282:13 REF: https://issues.oss-fuzz.com/issues/435039896 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Thu Jul 31 05:45:07 UTC 2025 on atb-devel-224
2025-07-29librpc: keycredlink support X509 public keysGary Lockyer1-0/+232
Add support for X509 encoded public keys in msDSKeyCredentialLink KeyMaterial. Note: Only RSA public keys are supported. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-07-29librpc/idl: Add idl for tpm20_rsakey_blobGary Lockyer1-0/+130
Idl and tests for TPM20_RSAKEY_BLOB, one of the possible encoding of msDSKeyCredentialLink KeyMaterial Derived from: https://dox.ipxe.org/Tpm20_8h_source.html#l00164 https://stackoverflow.com/questions/78958315/cannot-parse-tpm2-0-public-key Note: this is a greatly simplified implementation that only handles TPM version 2, RSA public keys. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-07-29librpc/idl: Add idl for BCRYPT_RSAKEY_BLOBGary Lockyer1-0/+221
Idl and tests for BCRYPT_RSAKEY_BLOB See https://learn.microsoft.com/en-us/windows/win32/api/ bcrypt/ns-bcrypt-bcrypt_rsakey_blob This is one of the encodings of msDSKeyCredentialLink KeyMaterial when KeyUsage is KEY_USAGE_NGC. As there appears to be no official documentation on the contents of KeyMaterial have based this on. https://github.com/p0dalirius/pydsinternals/blob/271dd969e07a8939044bfc498d94443082ec6fa9/ dsinternals/common/data/hello/KeyCredential.py#L75-L92 Note: only RSA public keys are handled Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-07-10Add check for the GPO link to have at least two attributes separated by ↵Aleksandr Sharov1-1/+3
semicolumn. Allows to handle empty links. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15877 RN: Fix handling of empty GPO link Singed-off-by: Alex Sharov (kororland@gmail.com) Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jul 10 18:55:33 UTC 2025 on atb-devel-224
2025-07-10tests: Rename local variable: prefix_abs -> prefixPavel Filipenský1-2/+2
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jul 10 16:15:24 UTC 2025 on atb-devel-224
2025-07-10tests: Replace PREFIX_ABS with PREFIXPavel Filipenský2-2/+2
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-07-07tests: expand SMB3 POSIX test for Windows illegal characters behaviourRalph Boehme1-2/+19
The test was testing file creation, but not FIND behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15862 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2025-06-24python:tests/nss: Add NSS group enumeration testSamuel Cabrero2-0/+131
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-06-19librpc/idl: Add idl for msDS-KeyCredentialLinkGary Lockyer1-0/+555
Idl and supporting helpers for msDS-KeyCredentialLinks. See [MS-ADTS] 2.2.20 Key Credential Link Structures Currently the KeyMaterial is treated as a binary blob The naming and casing of the variable names is close as is possible to those in the specification. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Thu Jun 19 00:08:31 UTC 2025 on atb-devel-224
2025-06-16python: Do not interpret 16 character group names as GUIDsDouglas Bagnall1-1/+9
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15854 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Björn Baumbach <bb@samba.org> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Mon Jun 16 22:22:27 UTC 2025 on atb-devel-224
2025-06-16pytest: samba-tool group: test with 16 character nameDouglas Bagnall1-1/+2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15854 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Björn Baumbach <bb@samba.org>
2025-06-16pytest:samba-tool group: test addmembersDouglas Bagnall1-0/+14
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15854 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Björn Baumbach <bb@samba.org>
2025-06-05samba-tool dns: add --allow-existing to not complain if records existDouglas Bagnall1-5/+17
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13613 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Rowland Penny <rpenny@samba.org>
2025-06-05samba-tool tests: test dns --allow-existingDouglas Bagnall1-0/+13
This will fail until the next commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13613 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Rowland Penny <rpenny@samba.org>
2025-06-05tests/samba-tool: optionally allow exception to be a failure in .run*()Douglas Bagnall1-7/+20
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13613 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Rowland Penny <rpenny@samba.org>
2025-06-05pytests: samba_dnsupdate --use-samba-tool versus existing recordsDouglas Bagnall1-0/+13
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13613 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Rowland Penny <rpenny@samba.org>
2025-05-26samba-tool: Fix invalid escape sequencesJennifer Sutton1-1/+1
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Jo Sutton <jsutton@samba.org> Autobuild-Date(master): Mon May 26 03:44:44 UTC 2025 on atb-devel-224
2025-05-26python: Fix code spellingJennifer Sutton1-1/+1
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python: Make use of OID comparator constantsJennifer Sutton2-3/+3
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26tests/krb5: Correct commentJennifer Sutton1-1/+1
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26samba-tool: Fix code spellingJennifer Sutton1-1/+1
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python:join: Add missing wordJennifer Sutton1-1/+1
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python:tests: Permit expected_count to be zeroJennifer Sutton1-1/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python:tests: Decode stdout for greater readabilityJennifer Sutton1-1/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python:tests: Decode stdout and stderr for greater readabilityJennifer Sutton1-1/+9
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python: Fix logging callJennifer Sutton1-1/+1
ERROR(<class AttributeError>): uncaught exception - RootLogger object has no attribute notice File "/samba/bin/python/samba/netcmd/__init__.py", line 387, in _run return self.run(*args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/samba/bin/python/samba/netcmd/domain/backup.py", line 698, in run logger.notice("back-up has no sysvol data") ^^^^^^^^^^^^^ BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26samba-tool: Filter confidential attributes out of backups made with the ↵Jennifer Sutton2-2/+86
‘--no-secrets’ option Without this change, ‘lab domains’ and backups intended not to contain secrets will still contain confidential information, such as BitLocker recovery data and KDS root keys. Add a new class that filters these attributes out. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26drs_utils: Split process_chunk() out into its own classJennifer Sutton2-34/+77
This makes it easier to add classes with new functionality without having to figure out how to slot them into a linear class hierarchy. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python:tests: Test that secret keys and confidential attributes are not ↵Jennifer Sutton1-6/+136
included in a --no-secrets backup BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26drs_utils: Check for presence of more_flags attribute directlyJennifer Sutton1-3/+3
This more directly indicates what we are trying to achieve. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python:samdb: Add get_searchFlags_from_lDAPDisplayName() methodJennifer Sutton1-0/+4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python:samdb: Add get_must_contain_from_lDAPDisplayName() methodJennifer Sutton1-0/+4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python:samdb: Add get_lDAPDisplayName_by_governsID_id() methodJennifer Sutton1-0/+4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python3: Remove Python 2–only call to decode()Jennifer Sutton1-1/+1
AttributeError: 'str' object has no attribute 'decode' BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python: Make set of seen GUIDs a local variableJennifer Sutton1-3/+3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python: Correct commentJennifer Sutton1-1/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python: Simplify GetNCChanges call setupJennifer Sutton1-15/+6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python: Remove unused ‘more_flags’ parameterJennifer Sutton1-2/+2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python: Tidy up formattingJennifer Sutton1-10/+6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26python:join: Remove unnecessary local variableJennifer Sutton1-2/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26drs_utils: Make loop exit condition explicitJennifer Sutton1-4/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-05-26drs_utils: Remove unnecessary qualificationJennifer Sutton1-4/+4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15852 Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-04-18docs-xml/smbdotconf: change 'smb ports' into a synonym for 'server smb ↵Stefan Metzmacher1-3/+1
transport' Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-04-03python:tests/krb5: let _{get,modify}_tgt() also change the objectsid in ↵Stefan Metzmacher1-0/+13
UPN_DNS_INFO Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-07 11:45:53 +0000