1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

4643 Commits

Author SHA1 Message Date
Joseph Sutton
a84c521265 python: Remove unused parameter ‘backend_store’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
95e0df789c python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
7064e39fae python: Remove unused parameter ‘logger’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
a341aca14c python: Make use of ‘prefix’ parameter
This method is now consistent with the other ‘add_*_record()’ methods.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
d8b5cb103b python: Remove unused parameter ‘lp’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
7e65a368d6 python: Remove unused parameter ‘targetdir’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
f9b22c6d5e python: Make use of ‘serverdn’ parameter
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
dddaed61ea python: Remove unused variable ‘machinesid’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
dd9dfb0e66 python: Remove unfinished join method
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14 03:31:37 +00:00
Joseph Sutton
9b06fd8dda tests/krb5: Remove unused parameter
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-08 02:28:33 +00:00
Joseph Sutton
2e891f59b8 tests/krb5: Fix indentation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-08 02:28:33 +00:00
Joseph Sutton
d791bfae77 tests/dcerpc: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-08 02:28:33 +00:00
Joseph Sutton
e7a2c4ba64 tests/dcerpc: Correct docstring
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-08 02:28:33 +00:00
Joseph Sutton
5287411be8 python:tests: Remove leftover debugging message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-08 02:28:33 +00:00
Joseph Sutton
49f54e2bd6 python:tests: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-08 02:28:33 +00:00
Joseph Sutton
abab561d44 python:tests: Remove unnecessary f‐strings
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-08 02:28:33 +00:00
Joseph Sutton
2eb7b95de3 python: Add missing word to comment
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-08 02:28:33 +00:00
Joseph Sutton
c7ab99a866 python: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-08 02:28:33 +00:00
Joseph Sutton
b82abfe00c gp: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-08 02:28:33 +00:00
Joseph Sutton
60e9e3e01c tests/ndr: Add tests for Group Key Distribution Service blobs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-08 02:28:33 +00:00
Joseph Sutton
261d3ade8d python:tests: Permit newer copyright notice
We can use an HTTPS URL (https://www.gnu.org/licenses/) now.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-08 02:28:33 +00:00
Andrew Bartlett
af53df6cd6 python/samba/tests: Fix incorrect super-class in cred_opt.py setUp()
This will allow TEST_DEBUG_LEVEL to work in this test.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov 30 02:03:05 UTC 2023 on atb-devel-224
2023-11-30 02:03:05 +00:00
Andrew Bartlett
0f2ff51a4b python/samba/tests: Fix incorrect superclass in test_min_domain_uid.py
This was not intentional as far as can be determined.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-30 01:05:32 +00:00
Andrew Bartlett
42e7828563 python: Correct Python2 super() calls that called the wrong class
These changes have been checked as safe as skipping a superclass
has no actual impact.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-30 01:05:32 +00:00
Rob van der Linde
6ac4833678 python: tests: update all super calls to python 3 style in tests
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

[abartlet@samba.org Some python2 style super() calls remain due
 to being an actual, even if reasonable, behaviour change]
2023-11-30 01:05:32 +00:00
Rob van der Linde
e8fda61a57 python: get rid of pointless empty overridden methods
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 01:05:32 +00:00
Andrew Bartlett
983f222e38 python: Use constants from hresult.h for python constants
This encourages us to keep a single source for constants.

In the future this should be a generated python file like for ntstatus.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-30 01:05:32 +00:00
Rob van der Linde
b14ead30da python: move HRES_SEC_* constants to samba module
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 01:05:32 +00:00
Rob van der Linde
6bcfcacd53 python: PEP275: docstrings should always use double quotes
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 01:05:32 +00:00
Rob van der Linde
35d71bfc6f python: fix missing colon around param in docstring
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-30 01:05:32 +00:00
Rob van der Linde
e265162884 tests: claims blackbox: add device and server silo restrictions test
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 29 04:15:27 UTC 2023 on atb-devel-224
2023-11-29 04:15:27 +00:00
Rob van der Linde
834fc223e2 python: tests: claims blackbox tests use ntstatus constants
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Rob van der Linde
0d907a0214 tests: claims blackbox: use raw strings rather than escaping \
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Rob van der Linde
dc74cabaa4 tests: claims: blackbox device tests
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Andrew Bartlett
0293d233bf python/tests: Add test for creds.set_krb5_fast_credentials()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Andrew Bartlett
ebdb1f6b43 python/tests: Lock in key-word arguments as key-word only in samba.tests.gssapi
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Andrew Bartlett
61b0397de2 python/tests: Import samba.gensec, not gensec
This allows this function to be used by gensec.py (a test) without collision.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-11-29 03:11:34 +00:00
Douglas Bagnall
a836ad1442 pytest: conditional_ace_claims tests large composite comparisons
Our composite comparisons are currently all wrong.

Soon they will be fixed, but we are going to have an inflection point
where we switch from the naive compare-everything approach to a sort
based comparison, and we want to test both sides. Also, we use these
tests for a little bit of timing, which reveals it is all fast enough.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
bc9da95682 pytest: conditional_ace_claims: write_c_test_on_failure() copes with claims
*copes badly, but better than crashing.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
4cc91d2828 pytest: token_factory note that a flag is not set
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
51d9444baa pytest: token_factory copes with empty claims
We don't have a good story yet with regard to empty claims, but we at
least want to be able to create them in tests.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
f9f8724718 pytest: token_factory claims can have case_sensitive flag
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Douglas Bagnall
adf695aa34 pytest: token_factory separate out list_to_claim() helper
This is so conditional_ace_claims test can create claim objects which
can e.g. have the case sensitive flag set.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 22:37:32 +00:00
Andrew Bartlett
0b74adb3f0 samba-tool: Improve help messages for "samba-tool domain auth policy"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 27 04:05:46 UTC 2023 on atb-devel-224
2023-11-27 04:05:46 +00:00
Rob van der Linde
9c5a7d1244 netcmd: auth: set better metavar that matches the docs
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 03:08:28 +00:00
Douglas Bagnall
14b17c3de6 libcli/security/tests: gunzip the oversized-acls test vectors
These are just as readable with `less` as they were with `zless`.

This file has been slightly manually edited to add line-breaks. There
is not an easy setting in Python's json module to get good formatting.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 27 02:10:12 UTC 2023 on atb-devel-224
2023-11-27 02:10:12 +00:00
Douglas Bagnall
8e3be66a49 pytest: security_descriptors tests get enumerator in name
This will make knownfails easier, given the names contain so many
regular expression metacharacters.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27 01:12:40 +00:00
Rob van der Linde
83e8971c0f Claims initial black box tests
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Nov 23 00:32:33 UTC 2023 on atb-devel-224
2023-11-23 00:32:33 +00:00
Rob van der Linde
fad29cd0a6 netcmd: auth policy: add allowed-to-authenticate-from-device-group attributes
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22 23:35:33 +00:00
Rob van der Linde
1b4514712d netcmd: auth policy: fix missing 'by' in help string
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22 23:35:33 +00:00
Rob van der Linde
eaf1bd5623 netcmd: auth policy: add allowed-to-authenticate-to-by-group attributes
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22 23:35:33 +00:00
Rob van der Linde
dbeb424e6c netcmd: auth policy: rename "from silo" to "from device silo"
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22 23:35:33 +00:00
Rob van der Linde
42de24d73a netcmd: auth policy: add allowed to authenticate to by silo attributes
--user-allowed-to-authenticate-to-by-silo
--service-allowed-to-authenticate-to-by-silo
--computer-allowed-to-authenticate-to-by-silo

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22 23:35:33 +00:00
Rob van der Linde
9fe147a02c netcmd: models: add field test for SIDField
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22 23:35:33 +00:00
Rob van der Linde
96aaa0059f netcmd: models: add a Group model
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22 23:35:33 +00:00
Rob van der Linde
e9b1ac93b5 netcmd: models: make systemFlags and systemOnly fields readonly
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22 23:35:33 +00:00
Rob van der Linde
c1f56feefb netcmd: models: ensure that backlinks are always readonly
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22 23:35:33 +00:00
Rob van der Linde
6255d57ce8 netcmd: models: add readonly attribute on fields to exclude it from save
There was trouble when saving fields like is system object, these need to be excluded on save.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22 23:35:33 +00:00
Rob van der Linde
e256a04d5d netcmd: models: get_base_dn returns default rather than be abstract
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22 23:35:33 +00:00
Rob van der Linde
91cc73352e netcmd: models: add SIDField field
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22 23:35:33 +00:00
Rob van der Linde
0ce9b75325 netcmd: models: use correct SDDL for authentication silos
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22 23:35:33 +00:00
Rob van der Linde
bf07a97931 netcmd: fix typo in groups and computer commands
Everywhere else it is using Group's except for one place which makes it obvious this was incorrect.

Same goes for Computers's vs Computer's

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22 23:35:33 +00:00
Rob van der Linde
faf0b784a1 tests: gensec: docstrings in the middle of code should be comments
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22 23:35:33 +00:00
Joseph Sutton
028c90547e python:tests: Add ndrdump test for GMSA Managed Password blobs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 20 22:51:17 UTC 2023 on atb-devel-224
2023-11-20 22:51:17 +00:00
Joseph Sutton
c0e6fe0bff tests/ndr: Add tests for GMSA Managed Password blobs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-20 21:50:32 +00:00
Joseph Sutton
21a3f60cfc python:tests: Move NDR tests to their own directory
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-20 21:50:32 +00:00
Andreas Schneider
938afb8b28 python:tests: SHA1 is no longer supported by cryptography module
See https://github.com/pyca/cryptography/issues/8213#issuecomment-1419060001

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-20 15:37:33 +00:00
Andreas Schneider
362b0d69b1 python:tests: Fix assertEquals which doesn't exist in Python 3.12
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-20 15:37:33 +00:00
Joseph Sutton
df19006c78 tests/krb5: Allow creating Group Managed Service Accounts
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-16 05:18:36 +00:00
Joseph Sutton
7c1e3f0d82 python:tests: Ensure we clean up callbacks in pymessaging tests
Not calling ‘deregister()’ results in memory getting leaked.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 15 23:11:13 UTC 2023 on atb-devel-224
2023-11-15 23:11:13 +00:00
Joseph Sutton
beff3e6d77 python:tests: Fix crashing pymessaging tests
Commit 8c75d9fc73 changed
Messaging.deregister() to take a two‐element tuple containing private
data as well as a callback, but it did not change the call in
samba.tests.messaging.MessagingTests.test_register to match.

Since imessaging_deregister() completely ignored the ‘private_data’
parameter passed to it (assuming the callback was registered with
msg_type == -1), everything still appeared to work — until commit
b22c217995 changed Messaging.deregister()
to no longer leak memory. Now the wrong variable had its reference count
decremented, causing the test to crash.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 22:07:36 +00:00
Douglas Bagnall
23a83d37df pytest:samba-tool domain auth policy: expect error message detail
The knownfail will stay around for a few commits, because the message
we get is slightly wrong.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 22:07:35 +00:00
Rob van der Linde
88ea6b17e1 netcmd: tests: update silo member grant and revoke docstings and comments
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
9708209d75 netcmd: tests: rename silo member tests to grant + revoke
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
2ee86e78cf netcmd: tests: rename add_silo_member and remove_silo_member methods in test
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
d9552dc08d netcmd: silo member: update docstrings comments and print statements for grant + revoke
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
becb0ecf35 netcmd: silo member: update command line options help text for grant + revoke
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
fb2453d1a3 netcmd: silo member: rename add and remove commands to grant and revoke
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
047ddb1001 netcmd: silo member: update model docstrings and exception text
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
abc3b50831 netcmd: silo member: rename model methods to grant and revoke
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
19613057d9 netcmd: silo member: rename exceptions to grant and revoke
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
422cc1d17d netcmd: models: fix incorrect return type should not be User
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
42be08c192 netcmd: models: Model.query method makes use of Query class
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
efedfab33e netcmd: models: add Query class to replace simple generator
This allows other methods to be added on top of the Query class like .first() and .one()

Sometimes it's useful to raise an exception if 0 rows are returned, while other times it's best to return None.
Having a Query class makes it easy to add methods like .one() and .first() to take care of this requirement.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
c9ba99a948 netcmd: tests: add tests for user auth policy and silo commands
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
ca9a11c6e8 netcmd: tests: rename domain_auth_base.py to silo_base.py
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
bcc77601f2 netcmd: tests: rename base class to be used by more tests
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
422680f82f netcmd: add auth silo and policy sub-commands to samba-tool user
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
2f20fa9b90 netcmd: silo member: Make output consistent with user command
* Use print with file=self.outf
 * Show assigned or unassigned silo

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
30992e865c netcmd: model: User model str method returns username not cn
If the cn is needed then user.cn can be used, this makes it nicer if using {user} in format strings.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
d4e84177ca netcmd: tests: make use of unique_name
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
d3e18dbe43 netcmd: silo member uses consistent output with other commands
This also includes always spelling out "authentication silo" or "authentication policy" in full, not just calling it "silo."

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
0eb727a54d netcmd: silo member add and remove should not set assigned_silo
The Windows tools don't do this either

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
9250508601 netcmd: silo member: make use of User.find function
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
921cc1df67 netcmd: model: add a find method to User model to avoid repeating code
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
a75cbd85e0 netcmd: model: add missing assigned_policy field on User model
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
925ec0e6c8 netcmd: user: PEP8 E303 E305: fix too many or too little blank lines
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
db08030c8f netcmd: user: PEP8 E225: missing whitespace around operator
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
f1c6d4cb73 netcmd: user: PEP8 E221: fix multiple spaces before operator
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
6b0cb65363 netcmd: user: PEP8 E127: fix hanging indent not lining up
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
30cb66aec4 netcmd: user: PEP8 E502: backslash is redundant between brackets
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
cae5456a29 netcmd: user: PEP8 E117: code is overindented
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Noel Power
d9c230ff80 python/samba/tests: Add smbcacl tests for save/restore
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Douglas Bagnall
426ca4cf4b pytests: sid_strings: do not fail if epoch ending has zeros
To avoid collisions in random OID strings, we started using the epoch
date modulus 100 million. The trouble is we did not strip out the
leading zeros, so the field might be '00000123' when it should be
'123', if the date happened not to correspond to an epoch with a zero
in the eighth to last place. This has been the case for most of the
last 1041 days, but fortunately the bug was only introduced earlier
this year.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15520

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
2023-11-15 04:05:34 +00:00
Ralph Boehme
8ccc809f93 CI/smb3unix: add test_delete_on_close
BUG:https://bugzilla.samba.org/show_bug.cgi?id=15517

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-13 18:35:32 +00:00
Ralph Boehme
f09c5a3dcb python: move clean_file() to samba/tests/libsmb.py
BUG:https://bugzilla.samba.org/show_bug.cgi?id=15517

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-13 18:35:32 +00:00
Joseph Sutton
fb867873d8 netcmd: Disallow device‐specific attributes and operators for allowed‐to‐authenticate‐from fields
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov  9 09:01:25 UTC 2023 on atb-devel-224
2023-11-09 09:01:25 +00:00
Joseph Sutton
c5932c4794 netcmd: Add ‘allow_device_in_sddl’ parameter to SDDLField()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-09 08:00:30 +00:00
Joseph Sutton
a08a724a28 netcmd:tests: Test authentication policies containing device‐specific attributes and operators
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-09 08:00:30 +00:00
Joseph Sutton
5ebd1b8dae tests/krb5: Test Kerberos principal names containing non–BMP Unicode characters
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-09 08:00:30 +00:00
Joseph Sutton
0b059dafd9 tests/krb5: Add ‘expected_sname’ parameter to _fast_as_req()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-09 08:00:30 +00:00
Joseph Sutton
e802cce43e tests/krb5: Encode KerberosString objects as UTF‐8
Windows treats Kerberos strings as UTF‐8, but by default, pyasn1 encodes
strings as ISO-8859-1. (There is a UTF8String type that gets encoded as
UTF‐8, but it has a different ASN.1 encoding from GeneralString, and so
can’t be used). asn1ate provides no way to override the encoding.
Except…

It turns out we can force UTF‐8 encoding by cunningly overriding
KerberosString.__getattribute__().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-09 08:00:30 +00:00
Joseph Sutton
ff83d4b08f tests/krb5: Move ‘rfc4120_pyasn1’ to ‘rfc4120_pyasn1_generated’
‘rfc4120_pyasn1_generated’ is not to be used directly. Its contents are
now reexported from ‘rfc4120_pyasn1’, which becomes a simple wrapper.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-09 08:00:30 +00:00
Joseph Sutton
beaec758c9 tests/krb5: Add tests for AllowedToAuthenticateTo with SamLogon
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-07 21:54:32 +00:00
Joseph Sutton
c277a4d363 tests/krb5: Add test for an authentication policy that allows a specific account
This is a counterpart to ‘test_conditional_ace_allowed_from_user_deny’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-07 21:54:32 +00:00
Joseph Sutton
64806f37ab tests/krb5: Correct authentication policy SDDL
There is no claim called ‘abc’, so the condition ‘(abc)’ is always going
to fail. Replace this with a condition using ‘Member_of’.

Furthermore, an ACL containing only Deny ACEs will only ever deny. Add a
trailing Allow ACE so that the ACL might allow other principals.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-07 21:54:32 +00:00
Joseph Sutton
6b2de47488 tests/krb5: Remove unused parameter ‘expected_device_groups’
It was never passed in by any callers.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-07 21:54:32 +00:00
Joseph Sutton
f8fb8f028c tests/krb5: Remove unused parameter ‘expected_device_groups’
It was never passed in by any callers.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-07 21:54:32 +00:00
Ralph Boehme
273d48504e CI: smb3unix.py: check more attributes of test files (and dirs) in test_posix_perm_files()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Nov  5 19:35:51 UTC 2023 on atb-devel-224
2023-11-05 19:35:51 +00:00
Joseph Sutton
3ef68efca2 tests/krb5: Fix comments
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov  2 20:13:50 UTC 2023 on atb-devel-224
2023-11-02 20:13:50 +00:00
Joseph Sutton
62373eeef0 tests/krb5: Test RODC‐issued TGTs that already contain device info/claims
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-02 19:14:37 +00:00
Joseph Sutton
86fb7d17ff tests/krb5: Don’t reuse SID S-1-2-3-4
We’re already using it in ‘client_sids’ to work around a bug in Windows.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-02 19:14:37 +00:00
Joseph Sutton
224408f959 tests/krb5: Test target authentication policies when the TGT already contains device info/claims
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-02 19:14:37 +00:00
Joseph Sutton
622ac53f22 tests/krb5: Add tests for PACs containing extraneous buffers
Test that the KDC removes these buffers from RODC‐issued PACs.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-02 19:14:37 +00:00
Joseph Sutton
69d588a870 tests/krb5: Pass a list of PAC modification functions
This is simpler than chaining functions together.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-02 19:14:37 +00:00
Joseph Sutton
6e999eab1c tests/krb5: Test performing a FAST‐armored TGS‐REQ when the TGT already contains device info/claims
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-02 19:14:37 +00:00
Joseph Sutton
014c939bdd tests/krb5: Add support to test framework for existing device info or claims buffers
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-02 19:14:37 +00:00
Joseph Sutton
e468a7d627 tests/krb5: Always expect client claims
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-02 19:14:37 +00:00
Joseph Sutton
7048f380eb tests/krb5: Ensure that device SIDs and claims are present only if we expect them to be
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-02 19:14:37 +00:00
Joseph Sutton
51a4443b04 tests/krb5: No longer pass two‐component form of TGS principal
Samba now handles one‐component TGS principals more correctly.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-02 19:14:37 +00:00
Joseph Sutton
6033b1c00d tests/krb5: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-02 19:14:37 +00:00
Volker Lendecke
687b1b9931 tests: Convert the regression test for bug15505 to python
The shell version is flapping, but I can't really figure out
why. Maybe this version is not flapping, and it also shows the failure
if you revert 952d6c2cf4.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-02 19:14:37 +00:00
Volker Lendecke
9dd5e12cfa tests: Make clean_file() handle directories
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-02 19:14:37 +00:00
Volker Lendecke
b5392b552e tests: Allow to specify share names in smb2symlink tests
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-02 19:14:37 +00:00
Joseph Sutton
5f865bd14d tests/krb5: Test conditional ACE expressions with empty composite literals
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-02 03:08:37 +00:00
Douglas Bagnall
e7f38c3a19 pytest:samba-tool domain test policy: test SDDL diagnostics
The existing 'bad SDDL' test has SDDL so bad that the diagnostics
are not exercised.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov  1 21:12:33 UTC 2023 on atb-devel-224
2023-11-01 21:12:33 +00:00
Douglas Bagnall
d915443ab0 pytest: samba_tool domain auth policy fix for SDDL err msg
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-01 20:10:46 +00:00
Douglas Bagnall
cc2498f35b samba-tool: try to present diagnostics for SDDL errors.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-01 20:10:46 +00:00
Douglas Bagnall
42b5a09a03 pytest:sddl: assert SDDLValueError values make sense
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-01 20:10:46 +00:00
Douglas Bagnall
d7fe04205f s4/librpc/py_security: use SDDLValueError for better error messages
The aim is to allow samba-tool to tell users where their SDDL went
wrong.

Some tests would turn into errors (not knownfail-able failures)
if they were not changed at the same time, so they are changed too.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-01 20:10:46 +00:00
Douglas Bagnall
fd8cf82be1 pytest:sddl: handle SDDLValueError
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-01 20:10:46 +00:00
Douglas Bagnall
328ddf6d3a pytest:security_descriptors: handle SDDLValueError
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-01 20:10:46 +00:00
Douglas Bagnall
d47c6654f9 pytest: sid_strings: handle SDDLValueError
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-01 20:10:46 +00:00
Joseph Sutton
f8bfd607ca tests/krb5: Test device info generated from RODC‐issued tickets without certain SIDs
These tests crash Windows, but we can assume reasonable behaviour for
Samba.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-01 20:10:45 +00:00
Joseph Sutton
54eb175816 tests/krb5: Rename ‘krbtgt_creds’ to ‘rodc_krbtgt_creds’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-01 20:10:45 +00:00
Joseph Sutton
66b4597862 tests/krb5: Don’t pass unnecessary parameter
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-01 20:10:45 +00:00
Joseph Sutton
2b69e1e7c3 tests/krb5: Use __slots__ to indicate which attributes are used by classes
These should help to catch mistaken attempts to set invalid attributes.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-01 20:10:45 +00:00
Joseph Sutton
7ba4bb8164 tests/krb5: Add tests to see how SIDs are conveyed from PACs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-01 20:10:45 +00:00
Joseph Sutton
dc1e2b41ca tests/krb5: Test that the Claims Valid SID is added to RODC‐issued PACs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-01 20:10:45 +00:00
Joseph Sutton
947d3e5932 tests/krb5: Test that the Service Asserted Identity SID is not regarded from an RODC‐issued PAC
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-01 20:10:45 +00:00
Ralph Boehme
7a5228ffce CI: smb3unix.py: check basic CreateContexts response
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 31 05:41:17 UTC 2023 on atb-devel-224
2023-10-31 05:41:17 +00:00
Ralph Boehme
ea89dd0069 libsmb: infer posix context from info_level
No need for an explcit additional argument, we can just infer this from the
info_level.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
2023-10-31 04:38:42 +00:00
Ralph Boehme
6944aa7caf CI: smb3unix.py: use libsmb.SMB2_FIND_POSIX_INFORMATION
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
2023-10-31 04:38:42 +00:00
Gabriel Nagy
03af117693 gp_pol: Test multiple values multi_sz roundtrip
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>

Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Fri Oct 27 14:45:28 UTC 2023 on atb-devel-224
2023-10-27 14:45:28 +00:00
Gabriel Nagy
d5d96bed02 gp_pol: Allow null data for REG_MULTI_SZ
The parser is able to convert data from binary to XML (it generates an
empty <Value> tag) but not the other way around. This is a common
occurrence for empty multitext fields.

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
2023-10-27 13:47:31 +00:00
Gabriel Nagy
9c5a924428 gp_pol: Test empty multi_sz roundtrip
Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
2023-10-27 13:47:30 +00:00
Rob van der Linde
0bb67a3a7e python: silos: add support for allowed to authenticate from silo shortcut
this avoids the need to write SDDL, the user just needs to give the silo name

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 27 00:30:05 UTC 2023 on atb-devel-224
2023-10-27 00:30:05 +00:00
Rob van der Linde
8491693575 python: add docstring for escaped_claim_id function
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26 23:32:34 +00:00
Rob van der Linde
16d52aa559 python: move method escaped_claim_id from test to samba.sd_utils
This is so that it can be used in other places too without the need to import or extend the test base class

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26 23:32:34 +00:00
Rob van der Linde
47f5bc78b8 python: silos: add some missing tests for auth policy command
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26 23:32:34 +00:00
Rob van der Linde
2aa4d67411 python: tests: claims and silo tests make use of unique_name
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26 23:32:34 +00:00
Rob van der Linde
2dd06ae41a python: tests: improve comments for auth silo and policy tests
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26 23:32:34 +00:00
Rob van der Linde
95cb6a0bb1 python: tests: qa and developers were not in the correct case
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26 23:32:34 +00:00
Rob van der Linde
e87d74066a python: tests: addCleanup is always before create operation
This way if it raises during a create, it will still end up running the cleanup.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26 23:32:34 +00:00
Rob van der Linde
d19e268221 python: tests: function to generate a unique name from caller
Uses the caller function to generate a unique name from the test function name.

Unique name is converted to camel case

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26 23:32:34 +00:00
Rob van der Linde
ed245e2887 netcmd: tests: make use of addCleanup
Makes self.members redundant and tearDown method can go completely.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26 23:32:34 +00:00
Rob van der Linde
3e9f74a680 netcmd: claims: rename claims and silo tests
Rename test function names that were starting to get very long.

They were all prefixed with the test name, stop doing that and use double underscore for better separation.

e.g. AuthPolicyCmdTestCase.test_authentication_policy_list_json

becomes AuthPolicyCmdTestCase.test_list__json

The claim types and value types test cases have been split into two testcases.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26 23:32:34 +00:00
Rob van der Linde
156887c6d0 netcmd: silo command uses more consistent naming for tgt args
The args --user-tgt-lifetime-mins, --service-tgt-lifetime-mins and
--computer-tgt-lifetime-mins suffixed with -mins to be consistent
with Windows tooling.

For these, the internal names don't need to change and neither do
the model fields, only the external cli interface has this.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26 23:32:34 +00:00
Rob van der Linde
15fb8a5f2e netcmd: silo command uses more consistent naming for policy args
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26 23:32:34 +00:00
Rob van der Linde
c22400fd8e netcmd: silo command remove combined --policy which set all 3
doesn't make much sense to set all 3 to the same policy, user authentication policy, service authentication policy, computer authentication policy

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26 23:32:34 +00:00
Joseph Sutton
3917a1995c tests/krb5: Add tests for single‐component krbtgt principals
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26 01:24:32 +00:00
Joseph Sutton
f266f5c670 tests/krb5: Also consider single‐component krbtgt principals to be TGS principals
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26 01:24:32 +00:00
Joseph Sutton
46f4dd3ea7 tests/krb5: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Joseph Sutton
1ce4af01bd python:tests: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Joseph Sutton
5f0ebf08c7 tests/krb5: Add tests for group membership with RBCD
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Joseph Sutton
49dca84731 tests/krb5: Add more tests of the device belonging to certain groups
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Joseph Sutton
d0c24a52f2 tests/krb5: Sort imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Joseph Sutton
defeb3e698 tests/krb5: Don’t pass parameters unnecessarily
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Joseph Sutton
c750c1db7f python:tests: Remove unnecessary f‐strings
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Joseph Sutton
1798342735 python: Remove unnecessary f‐strings
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25 22:23:37 +00:00
Rob van der Linde
50b8a2de2a python: getopt: HostOptions and other option groups inherit from samba OptionGroup class
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 25 00:31:37 UTC 2023 on atb-devel-224
2023-10-25 00:31:36 +00:00
Rob van der Linde
7c389e1921 netcmd: auth policy: add OptionGroup classes for user, service and computer options
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
0667708cef python: netcmd: make use of HostOptions for claims and sites commands
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
e1244ba304 python: getopt: Add HostOptions to avoid need to manually add -H
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
0f3d6d80da python: netcmd: make use of required flag on Option for claims commands
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
e60f3afcc5 python: getopt: implement required flag on options and OptionParser
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
837e1d9fda python: getopt: subclass OptionParser to populate option_class
The option_class needs to be set correctly for OptionGroups that use self.add_option

Override OptionParser `__init__` to change the default Option class to the samba one.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
6943a58bff netcmd: tests: stop checking for ERROR prefix from CommandError
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
fb058e7f2c python: netcmd: remove OptionError alias to OptionValueError
The other methods in this file already raise optparse.OptionValueError
directly, except for two older ones.

They are using an alias which changes the name to OptionError, the
confusing part about this is that optparse.OptionError actually does
exist, so the incorrect alias needs to be removed.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
14b2129868 python: netcmd: catch parent exception class OptParseError instead
This covers both OptionError and OptionValueError

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
f77064c822 python: getopt: rename SambaOption to Option
* Nothing uses SambaOption directly, everything imports it through samba.netcmd.Option
 * Avoid an unnecessary rename on import

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
d54f52b847 python: netcmd: parser class in getSamDB should set option_class
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
b7a1946d8b python: netcmd: fix import grouping and sorting in base first
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
5f8c46d1de python: netcmd: remove redundant Option subclass
Instead, just import SambaOption as Option, so all the existing commands don't need changing.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
32032937ed python: netcmd: SUPPRESS_HELP constant has no effect here
Where it is used, on a few options, the constant should be used
directly instead.

This means that in the following commit, the Option subclass of
SambaOption can be removed, as it will become redundant.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
a930456f0c python: netcmd: dbcheck: fix import grouping and order
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
3a5a5cae3a python: netcmd: ntacl: fix import grouping and order
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
0f93e1d17f python: add docstrings to Validator and ValidationError
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
dc513a82a6 python: move Validator base class and ValidationError to getopt
It makes more sense for these to exist in the top package, because they are used by SambaOption.

validators.py can still exist in netcmd, just not the base class and exception.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
29c9991594 python: getopt: move validators logic to parent class
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
bdad257a31 netcmd: don't turn exception into CommandError in run_validators
It's the wrong place to do it.

Instead, let it raise the original exception, capture it in _run, and
call existing show_command_error method.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
99c93c1e89 netcmd: PEP8: minor whitespace fix, file did not pass PEP8
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
c3876242fd netcmd: move comment above class to docstring
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
8b57561297 netcmd: correctly pass Samba option class to OptionParser
On OptionGroups it will set option_class and then this gets used by self.add_option

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
96959b7267 python: getopt: move SambaOption to the top of the file
This is needed for the next commit

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
c688e73358 python: getopt: correctly group and sort imports
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
1f8b4913c6 python: getopt: update super calls to python3 style
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
e209b8d79c python: move comment for check_bytes to docstring
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
22316fea33 python: PEP8 fixup whitespace in getopt.py first
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
029e0457cc netcmd: tests: make check_run and related methods classmethod for consistency
Before that only run_command was turned into a @classmethod, but not
the other related methods which were left unchanged, this made it
inconsistent.

Some of these methods need to be called from setUpTestData so they
really need to be @classmethod anyway.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Rob van der Linde
b543874abc tests: minor indentation and whitespace fixes
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 23:31:29 +00:00
Joseph Sutton
eb21ac8777 tests/krb5: Test whether the device belongs to some default groups
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 00:54:31 +00:00
Joseph Sutton
0f5033a1e7 tests/krb5: Work around Samba’s incorrect krbtgt principal handling
These tests fail only because they are using the ‘krbtgt@REALM’ form of
the krbtgt principal that Samba doesn’t handle correctly.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 00:54:31 +00:00
Joseph Sutton
4e8fb9706e tests/krb5: Remove unnecessary target_creds variables
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24 00:54:31 +00:00
Joseph Sutton
053292a7e8 tests/krb5: Delete connection variable
This avoids a ‘variable set but unused’ warning.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
7ea71c4882 tests/krb5: Make ‘services’ parameter required
We use it unconditionally without a check for None.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
ea10d01bfd tests/krb5: Remove unreachable exception handlers
‘IOError’ is a subclass of ‘error’, which has already been handled.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
e48eb621cd tests/krb5: Fix RC4‐only Protected Users tests
We forgot to actually use the ‘supported_enctypes’ parameter.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
f1babf2f3d tests/krb5: Remove unnecessary f‐strings
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
137499aef6 tests/krb5: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
d363c7bf55 tests/krb5: Fix DES3CBC random_to_key()
Because ‘keybytes’ is an immutable bytes object, ‘keybytes[7] = …’ has
no hope of working.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
a0d32a3980 tests/krb5: Make ‘keybytes’ a bytes object rather than a list
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
69db1b5888 tests/krb5: Don’t expect edata if no error is expected
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
ee43eed635 tests/krb5: Add parameter to _tgs() specifying whether FAST is to be used
View with ‘git show -b’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
991e8f5a7f tests/krb5: Use None for the default values of parameters
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
2ddd8ca3c7 tests/krb5: Move assignments closer to where the variables are used
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
7f860d1cba tests/krb5: Remove incorrect functional level check
RBCD has no relevance to a method called _tgs().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
11835ed5bb tests/krb5: Update method names to be consistent with other tests
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
88d5ae3218 tests/krb5: Have _modify_tgt() accept only keyword arguments
to prevent further accidents.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
59f7052295 tests/krb5: Correctly pass arguments to _modify_tgt()
We were passing the new realm as the ‘renewable’ parameter!

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
a365f04d0f tests/krb5: Add KDC_ERR_SERVER_NOMATCH error code
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
fc475b2e20 tests/krb5: Add ‘expect_edata’ parameter to _user2user()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
fcdc010122 tests/krb5: Fix comment
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Joseph Sutton
879e7a3c3e tests/krb5: Remove marker
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-19 21:37:36 +00:00
Stefan Metzmacher
09daeba696 libcli/util: let win_errstr() fallback to hresult_errstr()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 19:20:38 +00:00
Joseph Sutton
c15a9af8e5 tests/krb5: Fix ASN.1 source
It currently fails to compile.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 03:19:38 +00:00
Joseph Sutton
1712449aa6 tests/krb5: Don’t expect groups if we’re expecting an error
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 03:19:38 +00:00
Joseph Sutton
a8a186868e tests/krb5: Fix tests that crash Windows
Expect an actual error code or an outcome, not CRASHES_WINDOWS.

I don’t know which error codes Windows might be expected to produce, so
I’ve chosen some that seem plausible.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 03:19:38 +00:00
Joseph Sutton
52ea480543 tests/krb5: Expect a status code with policy errors
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 03:19:38 +00:00
Joseph Sutton
b5b8b16a50 tests/krb5: Don’t consider RODC‐issued tickets to be banned with RBCD
If we’re verifying that a ticket was permitted to be issued by an RODC,
and not trusting the group SIDs in the ticket, is there any reason to
ban its use with RBCD?

A client with a ticket issued by an RODC that happens to select a DC to
direct an RBCD request at should not have the request mysteriously fail.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-17 03:19:38 +00:00
Stefan Metzmacher
c99fe118fd tests/krb5/kdc_tgs_tests: add user2user tests using a normal user account
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-16 14:39:33 +00:00
Stefan Metzmacher
97e4aab1a6 CVE-2018-14628: python:descriptor: let samba-tool dbcheck fix the nTSecurityDescriptor on CN=Deleted Objects containers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-16 14:39:33 +00:00
Stefan Metzmacher
7058606112 CVE-2018-14628: dbchecker: use get_deletedobjects_descriptor for missing deleted objects container
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-16 14:39:33 +00:00
Stefan Metzmacher
0c329a0fda CVE-2018-14628: python:provision: make DELETEDOBJECTS_DESCRIPTOR available in the ldif files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-16 14:39:33 +00:00
Stefan Metzmacher
3be190dcf7 CVE-2018-14628: python:descriptor: add get_deletedobjects_descriptor()
samba-tool drs clone-dc-database was quite useful to find
the true value of nTSecurityDescriptor of the CN=Delete Objects
containers.

Only the auto inherited SACL is available via a ldap search.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-16 14:39:33 +00:00
David Mulder
b76e184c07 gpdupate: Implement Drive Maps Client Side Extension
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-16 00:59:32 +00:00
David Mulder
42d03da306 gpupdate: Test Drive Maps Client Side Extension
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-16 00:59:32 +00:00
Joseph Sutton
1a4ec25b32 tests/krb5: Fix assertion messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 03:50:31 +00:00
Joseph Sutton
2f5833cbb3 tests/krb5: Use assertEqual() instead of assertEquals()
assertEquals() was removed in Python 3.12.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 03:50:31 +00:00
Joseph Sutton
f7009e2a35 python:tests: Use now() instead of utcnow()
utcnow() is deprecated and will be removed in a future version of Python.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13 03:50:31 +00:00