summaryrefslogtreecommitdiff
path: root/python
AgeCommit message (Collapse)AuthorFilesLines
2021-02-09gpo: Apply Group Policy OpenSSH settings from VGPDavid Mulder1-1/+61
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-09gpo: Test Group Policy OpenSSH for VGPDavid Mulder2-0/+89
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-08samba-tool: Add a gpo command for removing VGP Files Group PolicyDavid Mulder1-1/+61
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Feb 8 23:36:57 UTC 2021 on sn-devel-184
2021-02-08samba-tool: Test gpo manage files remove commandDavid Mulder2-0/+50
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-08samba-tool: Add a gpo command for adding VGP Files Group PolicyDavid Mulder1-1/+82
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-08samba-tool: Test gpo manage files add commandDavid Mulder2-0/+73
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-08samba-tool: Add a gpo command for listing VGP Files Group PolicyDavid Mulder1-1/+45
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-08samba-tool: Test gpo manage files list commandDavid Mulder2-1/+96
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-08gpo: Apply Group Policy Files Policy from VGPDavid Mulder1-3/+117
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-08gpo: Test Group Policy VGP Files PolicyDavid Mulder2-1/+116
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-03dbcheck: Check Deleted Objects and reduce noise in reports about expired ↵Andrew Bartlett1-1/+24
tombstones These reports (about recently deleted objects) create concern about a perfectly normal part of DB operation. We must not operate on objects that are expired or we might reanimate them, but we must fix "Deleted Objects" if it is wrong (mostly it is set as being deleted in 9999, but in alpha19 we got this wrong). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14593 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Feb 3 05:29:11 UTC 2021 on sn-devel-184
2021-02-02selftest: Directly import python-iso8601Andreas Schneider1-3/+0
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-02-02python:subunit: Use UTC timezone from datatime moduleAndreas Schneider1-4/+2
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-01-27samba-tool: Add a gpo command for removing VGP Symbolic Link Group PolicyDavid Mulder1-1/+59
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jan 27 07:32:03 UTC 2021 on sn-devel-184
2021-01-27samba-tool: Test gpo manage symlink remove commandDavid Mulder2-0/+50
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-27samba-tool: Add a gpo command for adding VGP Symbolic Link Group PolicyDavid Mulder1-2/+64
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-27samba-tool: Test gpo manage symlink add commandDavid Mulder2-0/+54
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-27samba-tool: Add a gpo command for listing VGP Symbolic Link Group PolicyDavid Mulder1-1/+39
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-27samba-tool: Test gpo manage symlink list commandDavid Mulder2-0/+74
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-27gpo: Apply Group Policy Symlink Policy from VGPDavid Mulder1-2/+54
This adds a Group Policy extension which applies symlink policies set by Vintela Group Policy in the SYSVOL. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-27gpo: Test Group Policy VGP Symlink PolicyDavid Mulder2-0/+98
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-15samba-tool: Optionally hide disabled/expired accounts in "group listmembers"Björn Baumbach2-3/+135
--hide-expired Do not list expired group members --hide-disabled Do not list disabled group members Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Jan 15 16:34:11 UTC 2021 on sn-devel-184
2021-01-15samba-tool: Optionally hide disabled/expired accounts in "user list"Björn Baumbach3-2/+113
--hide-expired Do not list expired user accounts --hide-disabled Do not list disabled user accounts Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Volker Lendecke <vl@samba.org>
2021-01-12python/wscript: python3-asn1 -> python3-pyasn1Karolin Seeger1-1/+1
Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Björn Jacke <bjacke@samba.org>
2020-12-21tests python krb5: PEP8 cleanupsGary Lockyer10-263/+413
Fix all the PEP8 warnings in samba/tests/krb5. With the exception of rfc4120_pyasn1.py, which is generated from rfc4120.asn1. As these tests are new, it makes sense to ensure that they conform to PEP8. And set an aspirational goal for the rest of our python code. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Mon Dec 21 21:29:28 UTC 2020 on sn-devel-184
2020-12-21tests python krb5: use key usage constantsGary Lockyer7-34/+42
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2020-12-21tests python krb5: Add key usage constantsGary Lockyer1-0/+50
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2020-12-19gpo: Apply Group Policy Sudo Rights from VGPDavid Mulder1-1/+80
This adds a Group Policy extension which applies Sudo rights set by Vintela Group Policy in the SYSVOL. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 19 08:11:50 UTC 2020 on sn-devel-184
2020-12-19gpo: Test Group Policy VGP Sudo RightsDavid Mulder2-0/+90
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-12-19gpo: Add gp_xml_ext parser for group policyDavid Mulder1-0/+9
This adds an extension parser for parsing xml files in the sysvol. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-12-17python/tests: add tests for smb notify and the dependency to the TRAVERSE ↵Björn Baumbach2-0/+431
privilege The easiest way to run this against Windows was to use a domain controller and configure an enforce group policy and grant the "Bypass Traverse Checking" only to the "BUILTIN\Administrators" group. (Note that "LOCAL SERVICE" and "NETWORK SERVICE" are always added in the local security policy. The test runs like this: SMB_CONF_PATH=/dev/null \ SERVER=172.31.9.188 \ TARGET_HOSTNAME=w2012r2-188.w2012r2-l6.base \ USERNAME=administrator \ PASSWORD=A1b2C3d4 \ NOTIFY_SHARE=torture \ USERNAME_UNPRIV=ldaptestuser \ PASSWORD_UNPRIV=a1B2c3D4 \ python/samba/tests/smb-notify.py -v -f SMBNotifyTests Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Baumbach <bb@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-12-17python/ntacls.py: add SMBHelper.set_acl() helper functionBjörn Baumbach1-0/+14
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Baumbach <bb@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-12-17python/ntacls.py: let SMBHelper.get_acl() use the default values of ↵Stefan Metzmacher1-9/+5
self.smb_conn.get_acl() Now that self.smb_conn.get_acl() has sane default values for secinfo and access_mask we can remove any additional logic in SMBHelper. The resulting values are the same. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-12-17libsmb_samba_internal: calculate the access_mask for {g,s}et_acl() based on ↵Stefan Metzmacher1-4/+73
the secinfo flags SEC_FLAG_MAXIMUM_ALLOWED will never result in SEC_FLAG_SYSTEM_SECURITY being granted. As SECINFO_SACL is part of the default secinfo value (SECINFO_DEFAULT_FLAGS), {g,s}et_acl() will always return NT_STATUS_ACCESS_DENIED by default. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-12-17libsmb_samba_internal: don't send SECINFO_[UN]PROTECTED_{S,D}ACL by defaultStefan Metzmacher1-5/+1
We want to get the default behavior. It's also pointless to set PROTECTED and UNPROTECTED at the same time. These are defined in MS-DTYP 2.4.7 SECURITY_INFORMATION with a brief description, but they aren't referenced in anywhere in MS-DTYP itself, nor in MS-FSA are any other document. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-12-16tests python krb5: initial TGS testsGary Lockyer4-1/+214
Initial tests on the KDC TGS Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-12-16tests python krb5: add test base classGary Lockyer1-0/+419
Add a base class for the KDC tests to reduce the amount of code duplication in the tests. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-12-16tests python krb5: Add Authorization data ad-type constantsGary Lockyer1-0/+14
Add constants for the Authorization Data Type values. RFC 4120 7.5.4. Authorization Data Types Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-12-15dbcheck: clarify check_object userparamsDouglas Bagnall1-6/+17
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
2020-12-15dbcheck: check_object/userparams: use variable for clarityDouglas Bagnall1-6/+7
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
2020-12-15dbcheck: reduce useless use of str(attrname)Douglas Bagnall1-12/+12
it's already a string! Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
2020-12-15dbcheck: better disambiguate 'attrs'Douglas Bagnall1-7/+6
We had too many things called 'attrs'; now we have just one, but we don't want it to look like it is *the* one. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
2020-12-15dbcheck: split out attr calculations from check_object()Douglas Bagnall1-5/+18
check_object is too long! Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
2020-12-15dbcheck: add a helper function for attr trackingDouglas Bagnall1-6/+8
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
2020-12-15dbcheck: do not add duplicate attrs for checkingDouglas Bagnall1-3/+5
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
2020-12-15dbcheck: check_object() caches of lower case attr namesDouglas Bagnall1-12/+19
The construct `'name' in map(str.lower, attrs)` is doubly inefficient, because not only is it running the lower() function too often, it is searching linearly in a temporary iterator for membership. So we make a set, and use that. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
2020-12-15dbcheck: make rIDSetReferences attr check case-insensitveDouglas Bagnall1-1/+1
Yes, it looks inefficient, but that's because it is just trying to fit in. Very soon we will fix it it properly. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
2020-12-09samba-tool: Add a gpo command for setting smb.conf Group PolicyDavid Mulder1-2/+78
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-12-09samba-tool: Test gpo smb.conf set commandDavid Mulder2-0/+66
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-12-09samba-tool: Add a gpo command for listing smb.conf Group PoliciesDavid Mulder1-1/+42
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-27 14:04:14 +0000