1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

136438 Commits

Author SHA1 Message Date
Rob van der Linde
83e36d97c9 netcmd: add shell command
A simple samba-tool shell, can be quite useful to play around with the ldb database and models.

All models get imported and the samdb connection variable made available.

Example usage:

    bin/samba-tool shell -H <host> --workgroup <workgroup> --realm <realm>

>>> silos = AuthenticationSilo.query(ldb)
>>> for silo in silos:
...     print(silo)
...

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 15 03:51:55 UTC 2023 on atb-devel-224
2023-12-15 03:51:55 +00:00
Rob van der Linde
c8ded4621d python: use python3 style super statements
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-15 02:54:34 +00:00
Rob van der Linde
3db3251342 netcmd: getpassword: get rid of pointless overridden constructors
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-15 02:54:34 +00:00
Rob van der Linde
ddba4a06bb python: pep257: docstring should use double quotes
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-15 02:54:34 +00:00
Joseph Sutton
ff52e34288 python: Remove references to removed parameters
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Dec 14 04:32:31 UTC 2023 on atb-devel-224
2023-12-14 04:32:31 +00:00
Joseph Sutton
ddddf9d4a4 python: Remove unused parameter ‘backup’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
891e1da968 python: Remove unused parameter ‘serverrole’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
7750edc14e python: Remove unused parameter ‘am_rodc’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
10d79ef21f python: Remove unused parameter ‘am_rodc’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
e67196e13c python: Remove unused parameters ‘backend_store’ and ‘backend_store_size’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
beefbb277a python: Remove unused parameters ‘backend_store’ and ‘backend_store_size’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
7e7f7d63ed python: Remove unused parameter ‘fill’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
9fbd343551 python: Remove unused parameter ‘keytab_path’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
9cc823454a python: Remove unused parameter ‘erase’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
efaa27c498 python: Remove unused parameter ‘backend_store_size’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
b6dc21169c python: Remove unused parameter ‘root_gid’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
6fdf710ba7 python: Remove unused parameters ‘maxuid’ and ‘maxgid’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
8c288c6beb python: Remove unused parameters ‘maxuid’ and ‘maxgid’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
8331142081 python: Remove unused parameter ‘name’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
704ad18bf5 python: Remove unused parameter ‘netlogon’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
eb727331a3 python: Remove unused parameter ‘samdb’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
d9a665a0e4 python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
246666e722 python: Remove unused parameter ‘message’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
5132771fb7 python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
8439dcb484 python: Remove unused parameter ‘backend_store’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
e37dfc2967 python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
58814bfd39 python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
c692653459 python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
49801372c6 python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
a84c521265 python: Remove unused parameter ‘backend_store’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
95e0df789c python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
7064e39fae python: Remove unused parameter ‘logger’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
a341aca14c python: Make use of ‘prefix’ parameter
This method is now consistent with the other ‘add_*_record()’ methods.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
d8b5cb103b python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
7e65a368d6 python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
f9b22c6d5e python: Make use of ‘serverdn’ parameter
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
dddaed61ea python: Remove unused variable ‘machinesid’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
dd9dfb0e66 python: Remove unfinished join method
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Douglas Bagnall
25f8e50793 libcli/security: allow SDDL conditional ACE round-trip for -00 and -0x0
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Douglas Bagnall
66f341e5c3 libcli/security: allow round-trip for conditional ACE hex integers
As with the previous commit, though not addressing the particular fuzz
case, zero hex numbers need to be explicitly written as "0x0", or the
round-trip will fail.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Douglas Bagnall
d33ed63147 libcli/security: allow round-trip for conditional ACE octal integers
The string "00" will decode into an integer tagged as octal, but
`snprintf("%#oll")` will write the string "0", which would decode as
decimal, so the in the SDDL1->SD1->SDDL2->SD2 round trip, SD1 would
not be the same as SD2.

The effect is really only relevant to SDDL, which wants to remember
what base the numbers were presented in, though the fuzzers and tests
don't directly compare SDDL, which can have extra spaces and so forth.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Douglas Bagnall
bbe217604b libcli/security: tests for conditional ACE integer base persistence
Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62929

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Douglas Bagnall
b247a11e62 libcli/security: fix tests for SDDL conditional ACE round-trip
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Douglas Bagnall
db6b06578b libcli/security: clarify tests for SDDL round trips
The `failed = failed || ok` did the same thing, obscurely.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Douglas Bagnall
a016ce7068 libcli/security: don't allow conditional ACE SIDs to have trailing bytes
They should be tightly packed, allowing conditional ACEs to
round-trip.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64197

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Douglas Bagnall
e004a5a444 libcli/security: SDDL decode stops earlier with too many ACEs
For this purpose, "too many" means we know for sure that it won't fit
in packet format, even if all the ACEs are minimum size. This would
fail anyway.

Credit to OSS-Fuzz, who found that 50 thousand ACEs that took more
than 60 seconds to decode. This will now fail after 4096 ACEs which
should be about 150 times faster than 50k (because the realloc loop in
quadratic), so ~0.5 seconds in the fuzz context with sanitisers
enabled. That is still slowish, but SDDL parsing is not a critical
path and without address sanitisers it will be many times faster.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62511

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:36 +00:00
Samuel Cabrero
3a01ef710d tests: Add a test for the idmap_nss : use_upn setting
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Wed Dec 13 16:05:19 UTC 2023 on atb-devel-224
2023-12-13 16:05:19 +00:00
Samuel Cabrero
086a90d52b idmap_nss: Install a messaging filter to reload the configuration
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2023-12-13 15:07:38 +00:00
Samuel Cabrero
a7a4d8e533 idmap_nss: Add a parameter to use UPNs instead of plain names
idmap config <DOMAIN> : backend = nss
idmap config <DOMAIN> : use_upn = yes|no

When translating a Unix ID to a SID the module calls get[pwu|grg]id() but the
name returned by some NSS modules might be a UPN instead of a plain name. If
the new parameter is enabled the returned name will be parsed and correctly
handled.

On the other hand, when translating a SID to a Unix ID the module first
resolves the SID to a domain + name, and then calls get[pw|gr]name() with the
plain name, or the UPN if the new parameter is enabled.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2023-12-13 15:07:38 +00:00
Samuel Cabrero
c8e4777a92 idmap_nss: Increase debug on failures
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2023-12-13 15:07:38 +00:00