summaryrefslogtreecommitdiff
path: root/python
AgeCommit message (Collapse)AuthorFilesLines
2025-02-17python:lsa_utils: Fix fallback to OpenPolicy2Stefan Metzmacher4-99/+130
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680 Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Feb 17 18:33:15 UTC 2025 on atb-devel-224
2025-02-17python:lsa_utils: Don't use optional arguments for OpenPolicyFallback()Andreas Schneider4-5/+9
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15680 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2025-02-14pytests: test pysmbd with relative path names via samba-tool ntaclBjörn Baumbach1-0/+61
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15806 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Björn Baumbach <bb@sernet.de> Autobuild-Date(master): Fri Feb 14 16:18:19 UTC 2025 on atb-devel-224
2025-02-14pytests: test pysmbd with non-existent fileBjörn Baumbach1-0/+19
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15807 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-02-14python:tests/krb5: only expect compressed claims if the compression reduces ↵Stefan Metzmacher1-9/+27
the size I have captures showing that claims compression depends on the payload itself and how well it compresses, instead of the pure length of the payload. E.g. a single string claim with a value of 68 'a' characters has an unpressed size of 336 and compressed size is 335. While a single string with random string s1 has an unpressed size of 504 and it's still uncompressed on the wire. A different random string s2 also has an unpressed size of 504, but it is compressed into a size of 502. So it really depends if the compression makes it actually smaller than the uncompressed version. This makes the tests more reliable against Windows DCs with existing claims defined. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-14python:tests: add ClaimsTransformationTests to security.pyStefan Metzmacher1-2/+462
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-13pytest: add ndr packing tests for security descriptorsDouglas Bagnall1-0/+623
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-02-08security.idl: change ORGANISATION into ORGANIZATIONStefan Metzmacher1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-02-08python:tests: let lsa_utils.py use valid netbios namesStefan Metzmacher1-2/+2
createtrustrelax has 16 characters, but only 15 are allowed and they are typically uppercase. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-08samba-tool contact: remove useless versionopts referencesDouglas Bagnall1-14/+1
These are now redundant as all samba-tool sub-commands handle -V/--version automatically. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-02-08py:get_opts:VersionOptions prints version in --helpDouglas Bagnall1-2/+2
Because it might as well. Like this: Version Options: -V, --version Display version number (4.22.2) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15770 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-02-08samba-tool: --version shortcircuits option evaluationDouglas Bagnall1-2/+5
This means in bin/samba-tool spn -h -V the -V takes precedence over the -h, as with the 'net' tool. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15770 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-02-08samba-tool: all subcommands know --versionDouglas Bagnall2-7/+33
Before `samba-tool -V` would give you the version, but `samba-tool spn -V` would complain. An ad-hoc selection of sub-commands already supported --version, depending on whether VersionOptions was manually added to the takes_options dict. The .run() methods of these subcommands all take a 'versionopts' keyword argument, but never use it. If it was set (i.e., argv contained "--version"), the process never gets to .run(), so the value of versionopts.version is always None in run(). After this commit we can remove VersionOptions/versionopts from sub-commands. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15770 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-02-08samba-tool: do not complain of no sub-command with '-V'Douglas Bagnall1-1/+2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15770 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-02-08pytest: samba-tool --version testsDouglas Bagnall1-0/+31
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15770 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-02-04provision: always use a large transaction index cacheDouglas Bagnall1-6/+3
A larger cache costs more per transaction, but makes a large number of operations within a transaction faster. We expect to be dealing with the latter case here, regardless of the batch_mode parameter and the database size. 200000 is chosen because it is also used in join and schemaupgrade, and should be sufficient in most cases. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15795 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Tue Feb 4 22:47:35 UTC 2025 on atb-devel-224
2025-02-04netcmd: Increase the transaction_index_cache_size to 200k for schemaupgradeAndréas Leroux1-1/+5
Increasing this value greatly improve the performances of schema upgrade for large domains (>200k entries). The value 200000 is chosen because it is already used in join.py, and should be sufficient for known domains. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15795 Signed-off-by: Andréas Leroux <aleroux@tranquil.it> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2025-01-29python:tests/dcerpc/lsa: add tests for invalid LookupSids2 combinationsStefan Metzmacher1-2/+224
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14213 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-01-24s3/mdssvc: add option "elasticsearch:force_substring_search = yes | no" ↵Ralph Boehme1-0/+34
(default: no) Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Jan 24 10:52:33 UTC 2025 on atb-devel-224
2025-01-23samba-tool user disable: add new --remove-supplemental-groups optionBjörn Baumbach3-14/+193
Removes all supplemental groups from a user, what is commonly wanted when a user is disabled. Pair-programmed-with: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Baumbach <bb@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jule Anger <janger@samba.org> Autobuild-User(master): Björn Baumbach <bb@sernet.de> Autobuild-Date(master): Thu Jan 23 19:51:05 UTC 2025 on atb-devel-224
2025-01-23samba-tool user disable: make sure that filter matches only one userBjörn Baumbach1-0/+11
toggle_userAccountFlags() can only handle one user. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Jule Anger <janger@samba.org>
2025-01-23samba-tool user disable: rename filter variable to search_filterBjörn Baumbach1-7/+10
filter() is a Python built-in function to filter iterables. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Jule Anger <janger@samba.org>
2025-01-23samba-tool user disable: set proper --filter option descriptionBjörn Baumbach1-1/+3
Seems to be copied from samba-tool user setpassword command. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Jule Anger <janger@samba.org>
2025-01-23samba-tool group removemembers: avoid python backtrace on errorBjörn Baumbach1-1/+1
Pair-programmed-with: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Baumbach <bb@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jule Anger <janger@samba.org>
2025-01-23python/samdb: no need to set member_base_dn multiple timesBjörn Baumbach1-3/+3
Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Jule Anger <janger@samba.org>
2025-01-23python/samdb: fix group member removal by SIDBjörn Baumbach1-4/+28
Otherwise the removal of groupmembers by SID fails silently, because the DN does not match the the DN in group member list. Pair-programmed-with: Stefan Metzmacher <metze@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Jule Anger <janger@samba.org>
2025-01-23python/samdb: fix check which checks if user is already member of groupBjörn Baumbach1-1/+1
Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Jule Anger <janger@samba.org>
2025-01-23python/samdb: rename filter variable to search_filterBjörn Baumbach1-2/+2
filter() is a Python built-in function to filter iterables. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Jule Anger <janger@samba.org>
2025-01-23python/samdb: add missing function parameter descriptionBjörn Baumbach1-0/+3
Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Jule Anger <janger@samba.org>
2025-01-23python/samdb: fix attribute name in parameter descriptionBjörn Baumbach1-6/+6
Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Jule Anger <janger@samba.org>
2025-01-15python:tests/krb5: let netlogon.py check for NETLOGON_NTLMV2_ENABLEDStefan Metzmacher1-0/+22
It's there for network_samlogon and interactive_samlogon, but not in ticket_samlogon. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15783 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-01-13python:tests: let s3_net_join.py avoid kerberos_state=DONT_USE_KERBEROSStefan Metzmacher1-2/+1
We may use ServerAuthenticateKerberos in future and that needed to use kerberos. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-13python:tests: let auth_log.py also test --option=clientusekrb5netlogon=yesStefan Metzmacher1-0/+97
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-13python:tests: let auth_log.py explicitly use --option=clientusekrb5netlogon=noStefan Metzmacher1-12/+99
It also add some additional checks to make sure netlogon with AES was used. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-13python:tests: let auth_log.py use self.assertIn(received, [4, 5]Stefan Metzmacher1-22/+11
This will simplify further changes. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-08python:tests/krb5: let netlogon.py test referral ticket for SEC_CHAN_DNS_DOMAINStefan Metzmacher1-2/+21
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-08python:tests/krb5: allow get_service_ticket to accept a trust referral ↵Stefan Metzmacher1-0/+2
ticket without kvno Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-08python:tests/krb5: allow tickets without a kvnoStefan Metzmacher1-1/+5
This is needed for trust referrals. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-08python:tests/krb5: let netlogon.py export changed passwords to keytabStefan Metzmacher1-0/+14
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-08python:tests/krb5: add domain trust tests to netlogon.pyStefan Metzmacher1-26/+176
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-08python:tests/krb5: add a create_trust() helper function to test trusted domainsStefan Metzmacher1-2/+292
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-08python:tests/krb5: allow exporting a keytab file of the accounts used by the ↵Stefan Metzmacher2-1/+197
tests EXPORT_KEYTAB_FILE=/dev/shm/export.keytab EXPORT_KEYTAB_APPEND=0 or 1 EXPORT_EXISTING_CREDS_TO_KEYTAB=0 or 1 EXPORT_GIVEN_CREDS_TO_KEYTAB=0 or 1 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-08python:tests/krb5: add ↵Stefan Metzmacher1-0/+25
KerberosCredentials.[g|s]et_trust_{incoming,outgoing,account}_creds Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-08python:tests/krb5: let netlogon.py run the tests also as rodcStefan Metzmacher1-1/+14
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-08python:tests/krb5: allow netlogon.py tests to work against a KDC with claims ↵Stefan Metzmacher1-4/+8
enabled Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-08python:tests/krb5: allow get_mock_rodc_krbtgt_creds(preserve=False) to ↵Stefan Metzmacher2-19/+89
create a tmp rodc This also exposes credentials for the machine account for netlogon testing. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-08python:tests/krb5: fix etypes_to_test values in RawKerberosTestStefan Metzmacher1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-07tests: test SMB3 POSIX append-IO behaviourRalph Boehme1-0/+46
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2025-01-07tests: add a test for copy-chunk on a POSIX handleRalph Boehme1-0/+33
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15751 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2025-01-07tests: use libsmb.unix_mode_to_wire() in smb3unix.pyRalph Boehme1-10/+19
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15751 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-06 21:40:00 +0000