summaryrefslogtreecommitdiff
path: root/python
AgeCommit message (Collapse)AuthorFilesLines
2016-03-08dbcheck: Check for and remove duplicate values in attributesAndrew Bartlett1-0/+26
This can happen with three DCs and custom schema, but we test it by just forcing the values directly into the backing tdb. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08dbcheck: Avoid spurious warnings in dbcheck due to objectclass sortingAndrew Bartlett1-1/+13
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11433 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08dbcheck: Fix incorrect/duplicate attrid in replPropertMetaDataAndrew Bartlett1-19/+101
If custom schema is used in a replicated DC environment, these are created as soon as an attribute is modified on more than one DC. We have to remove these. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11443 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08pidl: Fix our python reference handlingAndrew Bartlett2-6/+179
The new talloc.BaseObject allow us to hold a talloc context per python object (there may be many referring to the same C object) and the talloc context that the actual object pointer is under. Another advantage is that talloc.BaseObject(), has less of an ABI surface. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-07Remove posixAccount from samdb.pyRowland Penny1-1/+0
Signed-off-by: Rowland Penny rpenny@samba.org Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Mon Mar 7 08:13:42 CET 2016 on sn-devel-144
2016-02-25samba-tool: Support preloading multiple usersAndrew Bartlett2-22/+131
Based on patches by Adrian Cochrane Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Feb 25 07:58:55 CET 2016 on sn-devel-144
2016-02-25python: Allow optional multi-value arguements for samba-tool commandsAndrew Bartlett1-2/+3
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-02-08test:docs: remove unused param_table/get_param_table_full()Michael Adam1-64/+0
No tests use this any more, hence we should not parse the file anymore either. It is generated directly from the parametersr.all.xml file. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2016-02-03python:tests/core: add tests for arcfour_encrypt() and string_to_byte_array()Stefan Metzmacher1-0/+16
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Feb 3 11:42:29 CET 2016 on sn-devel-144
2016-02-03python:samba/netcmd/domain: make use of the generic arcfour_encrypt() and ↵Stefan Metzmacher1-18/+5
string_to_byte_array() functions BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-02-03python:samba/join.py: make use of the generic arcfour_encrypt() and ↵Stefan Metzmacher1-16/+3
string_to_byte_array() functions BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-02-03python:samba: add a generic arcfour_encrypt() helper functionStefan Metzmacher1-0/+16
This works with Crypto.Cipher.ARC4 (from python*-crypto) and fallback to M2Crypto.RC4.RC4 (from [python*-]m2crypto). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-02-03python:samba: add a generic string_to_byte_array() helper functionStefan Metzmacher1-0/+8
We should avoid implementing this again and again. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11699 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2015-12-24samldb: ensure subnets have proper net rangesDouglas Bagnall1-0/+24
A subnet name needs to be a valid CIDR address range -- that's the ones that look like 10.9.8.0/22, where the number after the / determines how many bits are in the address suffix. It can be IPv4 or IPv6. There are a few odd constraints (see MS-ADTS v20150630 6.1.1.2.2.2.1 "Subnet Object") -- for example, with IPv4, the implied bit mask can't equal the address. That is, you can't have a subnet named "255.255.255.0/24" in a Windows subnet. This rule does not apply to IPv6. Windows and Samba both make some ensure that subnets have a unique valid name, though unfortunately Windows 2008R2 is rather slack when it comes to IPv6. We follow Windows 2012R2, which roughly follows RFC5952 -- with one caveat: Windows will allow an address like "::ffff:0:1:2", which translates to the IPv4 address "0.1.0.2" using the SIIT translation scheme, and which inet_ntop() would render as "::ffff:0:0.1.0.2". In the Samba implementation we use an inet_pton()/ inet_ntop() round-trip to establish canonicality, so these addresses fail. Windows wisely does not allow the SIIT style addresses (the acronym is widely agreed to be off-by-one in the second letter), and it will regard "::ffff:0:1:2" as simply "::ffff:0:1:2" and allow it. We would like to do that too. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-12-24samba-tool: add sites subnet subcommandsDouglas Bagnall3-2/+360
This allows you to add, remove, or shift subnets. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-12-24samba-tool tests: Add command line tests for sitesDouglas Bagnall1-0/+57
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-12-24python/sites: Rework site DN constructionAndrew Bartlett1-12/+22
This new routine is safe against escape characters and works against Windows 2012R2. The dn= filter in the old code was samba-specific. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-24samba.sites: reduce code duplication in Exception classesDouglas Bagnall1-16/+1
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-12-24samba.sites: improve grammar in an error messageDouglas Bagnall1-1/+1
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-12-24samba-tool sites: use -H to set URL with standard handlingDouglas Bagnall1-14/+19
samba-tool sites was defaulting to the local database, but we might want to use another URL. This allows that case while defaulting to the old behaviour. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-12-24sambatool sites: PEP8/flake8 improvementsDouglas Bagnall2-4/+6
We were nearly there, so lets make the jump. This involves removing some unused variables. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-24s4:samba-tool domain raise tool - make it aware of newer domain function levelsMatthias Dieter Wallnöfer1-8/+31
http://msdn.microsoft.com/en-us/library/Cc223742.aspx Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date(master): Thu Dec 24 04:08:04 CET 2015 on sn-devel-144
2015-12-24s4:samba-tool domain raise tool - handle Windows 2000 mode AD domains correctlyMatthias Dieter Wallnöfer1-16/+23
Considering http://msdn.microsoft.com/en-us/library/cc220262.aspx they do not provide any "msDS-Behavior-Version" attributes. gulikoza <gulikoza@users.sourceforge.net> noticed this correctly. Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-12-15Fix bug 10881 Wrong keytab permissions when joining additional DC with BIND ↵Andrew Bartlett1-0/+10
backend BUG: https://bugzilla.samba.org/show_bug.cgi?id=10881 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Dec 15 11:47:21 CET 2015 on sn-devel-104
2015-12-15python: Give a more helpful error message when we do not have an smb.confAndrew Bartlett1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-12-07samba-tool: user create examples show 'add' instead of 'create'Rowland Penny1-4/+4
Signed-off-by: Rowland Penny <repenny241155@gmail.com> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-06samba-tool: fsmo.py throws an uncaught exception if noRowland Penny1-1/+2
fSMORoleOwner attribute This will fix bug 11613 where a user got the uncaught exception when trying to seize an FSMO role that didn't have the required attribute. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11613 Signed-off-by: Rowland Penny <repenny241155@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Autobuild-User(master): Uri Simchoni <uri@samba.org> Autobuild-Date(master): Sun Dec 6 00:33:10 CET 2015 on sn-devel-104
2015-11-23samba-tool: replace use of os.popenUri Simchoni1-3/+11
The netcmd/domain.py module uses os.popen() on user-supplied parameters. This opens up the way to code injection. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11601 Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Uri Simchoni <uri@samba.org> Autobuild-Date(master): Mon Nov 23 22:19:34 CET 2015 on sn-devel-104
2015-11-21samba-tool:provision: fix bug 11600Rowland Penny1-6/+5
If you join a second DC after changing the name of the 'Default Domain Policy' or 'Default Domain Controllers Policy' the join will fail as the search is hardcoded to these names, this fix changes the search to the objects name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11600 Signed-off-by: Rowland Penny <repenny241155@gmail.com> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Sat Nov 21 04:44:58 CET 2015 on sn-devel-104
2015-11-06Fix various spelling errorsMathieu Parent1-1/+1
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Nov 6 13:43:45 CET 2015 on sn-devel-104
2015-10-29KCC: kcc.import_ldif doesn't need credsDouglas Bagnall2-5/+4
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: remove NTDSConnection API methods that are never usedDouglas Bagnall1-6/+0
These are not used, and using them would not be considered Pythonic. The flags they alter are always changed directly. The similar set_modified() method IS used. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: whitespace for pep8Douglas Bagnall1-2/+0
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: fix pep8 line length in load_ip_transport()Douglas Bagnall1-3/+4
You are right to sigh about this one. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: Correct capitalisation of KCCErrorDouglas Bagnall1-1/+1
previously we had "raise KccError", which of course would raise a NameError. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: raise KCCError, not Exception, in multiple placesDouglas Bagnall1-42/+41
"except Exception" lines will still catch them, but more fine-grained control is possible. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: NTDSConnection.load_connection() requires objectGUIDDouglas Bagnall1-1/+4
If there is no GUID, that is an error, so we raise an exception instead of stepping around it. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: remove debug print statements from intrasite and intersiteDouglas Bagnall1-2/+0
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: load samdb before calling kcc.run()Douglas Bagnall1-11/+10
kcc.run() is a mega-function that does nearly everything, including loading the database. The --list-valid-dsas and --test-all-reps-from tasks also want to load the database, but not do all that other run() stuff, so it makes sense to pull it out. When the samdb has not been loaded, run() will still load it -- this avoids having to change all the tests. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: load the object GUID with --import-ldifDouglas Bagnall1-1/+1
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: avoid logging alarming things about exected eventsDouglas Bagnall1-4/+4
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: more debug info when --import-ldif goes badlyDouglas Bagnall1-4/+5
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: default to not loading new samdb when we already have oneDouglas Bagnall1-10/+15
This should make things simpler in the --import-ldif case. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: fix typo in error pathDouglas Bagnall1-1/+1
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: better explain our confusion in colour_vertices commentDouglas Bagnall1-1/+1
Reviewed-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: clarify debugging messages in bridgehead finding codeDouglas Bagnall1-8/+7
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: keep track of IP transport for dsa.new_connection()Douglas Bagnall2-3/+3
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: set system flags for new intrasite connectionsDouglas Bagnall1-1/+4
These flags are mandatory for intrasite connections. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: correctly use dsa.new_connection() system_flags argumentDouglas Bagnall1-2/+3
The dsa.system_flags attribute is important and gets saved in the database, but was never getting altered because we were setting dsa.flags instead. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-10-29KCC: Use detect_failed in create_connectionsGarming Sam1-1/+1
Without this, dead DCs were treated as live, and could be used in the tree. If they're in the tree they can split the network. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-07 16:41:47 +0000