summaryrefslogtreecommitdiff
path: root/python
AgeCommit message (Collapse)AuthorFilesLines
2021-08-18tests/krb5: Check version number of obtained ticketJoseph Sutton1-1/+1
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Assert that more variables are not NoneJoseph Sutton1-0/+9
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Ensure in assertElementPresent() that container elements are not ↵Joseph Sutton1-0/+5
empty Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Only allow specifying one of check_rep_fn and check_error_fnJoseph Sutton2-7/+20
This means that there can no longer be surprises where a test receives a reply when it was expecting an error, or vice versa. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Include kdc_options in kdc_exchange_dictJoseph Sutton2-7/+12
Make kdc_options an element of kdc_exchange_dict instead of a parameter to _generic_kdc_exchange(). This allows testing code to adjust the reply checking based on the options that were specified in the request. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Always specify expected error codeJoseph Sutton2-8/+16
Now the expected error code is always determined by the test code itself rather than by generic_check_as_error(). Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Add check_reply() method to check for AS or TGS replyJoseph Sutton1-21/+5
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Add method to calculate account saltJoseph Sutton2-4/+17
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Add more methods for obtaining machine and service credentialsJoseph Sutton1-0/+74
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Allow specifying additional details when creating an accountJoseph Sutton1-1/+3
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Use encryption with admin credentialsJoseph Sutton1-0/+2
This ensures that account creation using admin credentials succeeds. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Add get_EpochFromKerberosTime()Joseph Sutton2-9/+14
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Make _test_as_exchange() return value more consistentJoseph Sutton2-34/+33
Always return the reply and the kdc_exchange_dict so that the caller has more potentially useful information. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Add method to return dict containing padata elementsJoseph Sutton1-0/+12
This makes checking multiple padata elements easier. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Add get_enc_timestamp_pa_data_from_key()Joseph Sutton1-0/+4
This makes it easier to create encrypted timestamp padata when the key has already been obtained. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Refactor get_pa_data()Joseph Sutton4-43/+42
The function now returns a single padata object rather than a list, making it easier to combine multiple padata elements into a request. The new name 'get_enc_timestamp_pa_data' also makes it clearer as to what the method generates. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Allow cf2 to automatically use the enctype of the first keyJoseph Sutton1-5/+7
RFC6113 states: "Unless otherwise specified, the resulting enctype of KRB-FX-CF2 is the enctype of k1." This change means the enctype no longer has to be specified manually. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Use credentials kvno when creating password keyJoseph Sutton1-1/+2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Check Kerberos protocol version numberJoseph Sutton1-0/+1
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Expect e-data except when the error code is KDC_ERR_GENERICJoseph Sutton2-1/+3
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Fix encpart_decryption_key with MIT KDCJoseph Sutton1-3/+10
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Fix callback_dict parameterJoseph Sutton1-2/+8
Items contained in a default-created callback_dict should not be carried over between unrelated calls to {as,tgs}_as_exchange_dict(). Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Fix including enc-authorization-dataJoseph Sutton8-34/+21
Remove the EncAuthorizationData parameters from AS_REQ_create(), since it should only be present in the TGS-REQ form. Also, fix a call to EncryptedData_create() to supply the key usage when creating enc-authorization-data. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Remove magic constantsJoseph Sutton2-13/+24
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Simplify Python syntaxJoseph Sutton1-7/+5
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Use more compact dict lookupJoseph Sutton2-18/+5
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Remove unneeded statementsJoseph Sutton2-68/+33
A return statement is redundant as the last statement in a method, as methods will otherwise return None. Also, code blocks consisting of a single 'pass' statement can be safely omitted. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: formattingJoseph Sutton3-156/+209
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Fix method name typoJoseph Sutton3-15/+15
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Fix comment typoJoseph Sutton1-1/+1
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-18tests/krb5: Fix ms_kile_client_principal_lookup_test errorsJoseph Sutton1-5/+6
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-08-13gpo: Print getcert message to debugDavid Mulder1-6/+16
Otherwise re-running gpupdate to enforce policy displays 'already exists' messages, which confusingly appear to be a failure, but are actually intentional behavior. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Aug 13 20:06:31 UTC 2021 on sn-devel-184
2021-08-13gpo: Decode the bytes for cepces-submit failureDavid Mulder1-2/+2
When displaying the error from cepces-submit, make sure to decode the bytes (otherwise it is hard to read). Also print the error to debug instead of warn (it may dump a traceback). Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-13gpo: Ignore symlink failure on sscep renewDavid Mulder1-0/+5
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-13gpo: Apply Group Policy User ScriptsDavid Mulder1-2/+77
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-13gpo: Test Group Policy User ScriptsDavid Mulder3-3/+103
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-08-13gpo: Enable user policy applicationDavid Mulder3-35/+107
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-21python:waf: Correctly check for python-dateutilAndreas Schneider1-3/+20
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-07-20gpo: Improve debug when extension fails to applyDavid Mulder1-1/+3
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-20gpo: Warn when fetching the supported templates failsDavid Mulder1-5/+11
When Certificate Auto Enrollment fails to fetch the list of supported templates, display a warning. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-20gpo: Ensure Network Device Enrollment Service if sscep failsDavid Mulder1-0/+2
Prompt the user to check that Network Device Enrollment Service is installed and configured if sscep fails to download the certificate root chain. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-19examples: Make winreg.py sample work with python3 in current masterVolker Lendecke1-29/+33
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Jul 19 17:44:08 UTC 2021 on sn-devel-184
2021-07-15gpo: Test Certificate Auto Enrollment PolicyDavid Mulder5-0/+243
Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15gpo: Fix up rsop output of ca certificateDavid Mulder1-3/+3
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-15gpo: Add Certificate Auto Enrollment PolicyDavid Mulder1-0/+244
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-05samba-tool: dns update rejects malformed addressesDouglas Bagnall1-2/+11
Because neither filling out the struct will not necessarily tell you you got it wrong, and the RPC could succeed in setting an arbitrary wrong address (typically, an IPv6 address would set an A record to "255.255.255.255"). Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-07-05py/dnsserver: TXTRecord copes with single stringsDouglas Bagnall1-0/+2
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-07-01tests/krb5: Use admin creds for SamDB rather than user credsJoseph Sutton1-1/+1
This makes the purpose of each set of credentials more consistent, and makes some tests more convenient to run standalone as they no longer require user credentials. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-07-01tests/krb5/as_canonicalization_tests.py: Refactor account creationJoseph Sutton1-111/+25
Making this test a subclass of KDCBaseTest allows us to make use of its methods for obtaining credentials and creating accounts, which helps to eliminate some duplicated code. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-07-01tests/krb5: Deduplicate 'host' attribute initialisationJoseph Sutton2-3/+2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-26 07:41:16 +0000