1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

2662 Commits

Author SHA1 Message Date
Björn Baumbach
e84f8bdff5 samba-tool: Optionally hide disabled/expired accounts in "group listmembers"
--hide-expired        Do not list expired group members
  --hide-disabled       Do not list disabled group members

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jan 15 16:34:11 UTC 2021 on sn-devel-184
2021-01-15 16:34:11 +00:00
Björn Baumbach
7dad13cc86 samba-tool: Optionally hide disabled/expired accounts in "user list"
--hide-expired        Do not list expired user accounts
  --hide-disabled       Do not list disabled user accounts

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
2021-01-15 15:24:37 +00:00
Gary Lockyer
c00d537526 tests python krb5: PEP8 cleanups
Fix all the PEP8 warnings in samba/tests/krb5. With the exception of
rfc4120_pyasn1.py, which is generated from rfc4120.asn1.

As these tests are new, it makes sense to ensure that they conform to
PEP8. And set an aspirational goal for the rest of our python code.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon Dec 21 21:29:28 UTC 2020 on sn-devel-184
2020-12-21 21:29:28 +00:00
Gary Lockyer
03676a4a5c tests python krb5: use key usage constants
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-12-21 20:18:35 +00:00
Gary Lockyer
d8ed73b75a tests python krb5: Add key usage constants
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-12-21 20:18:35 +00:00
David Mulder
9b44f7a71e gpo: Apply Group Policy Sudo Rights from VGP
This adds a Group Policy extension which applies
Sudo rights set by Vintela Group Policy in the
SYSVOL.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Dec 19 08:11:50 UTC 2020 on sn-devel-184
2020-12-19 08:11:50 +00:00
David Mulder
932af62ead gpo: Test Group Policy VGP Sudo Rights
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-12-19 07:00:36 +00:00
David Mulder
440802c24a gpo: Add gp_xml_ext parser for group policy
This adds an extension parser for parsing xml
files in the sysvol.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-12-19 07:00:36 +00:00
Björn Baumbach
0133c17c09 python/tests: add tests for smb notify and the dependency to the TRAVERSE privilege
The easiest way to run this against Windows was to use a domain
controller and configure an enforce group policy and grant the
"Bypass Traverse Checking" only to the "BUILTIN\Administrators" group.
(Note that "LOCAL SERVICE" and "NETWORK SERVICE" are always added in
the local security policy.

The test runs like this:

  SMB_CONF_PATH=/dev/null \
  SERVER=172.31.9.188 \
  TARGET_HOSTNAME=w2012r2-188.w2012r2-l6.base \
  USERNAME=administrator \
  PASSWORD=A1b2C3d4 \
  NOTIFY_SHARE=torture \
  USERNAME_UNPRIV=ldaptestuser \
  PASSWORD_UNPRIV=a1B2c3D4 \
  python/samba/tests/smb-notify.py -v -f SMBNotifyTests

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-12-17 13:59:38 +00:00
Björn Baumbach
f4e578aa24 python/ntacls.py: add SMBHelper.set_acl() helper function
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-12-17 13:59:38 +00:00
Stefan Metzmacher
b082cf321e python/ntacls.py: let SMBHelper.get_acl() use the default values of self.smb_conn.get_acl()
Now that self.smb_conn.get_acl() has sane default values for secinfo and
access_mask we can remove any additional logic in SMBHelper.

The resulting values are the same.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-12-17 13:59:38 +00:00
Stefan Metzmacher
18dd953d83 libsmb_samba_internal: calculate the access_mask for {g,s}et_acl() based on the secinfo flags
SEC_FLAG_MAXIMUM_ALLOWED will never result in SEC_FLAG_SYSTEM_SECURITY
being granted. As SECINFO_SACL is part of the default secinfo value
(SECINFO_DEFAULT_FLAGS), {g,s}et_acl() will always return
NT_STATUS_ACCESS_DENIED by default.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-12-17 13:59:38 +00:00
Stefan Metzmacher
0ccdce67d3 libsmb_samba_internal: don't send SECINFO_[UN]PROTECTED_{S,D}ACL by default
We want to get the default behavior.

It's also pointless to set PROTECTED and UNPROTECTED at the same time.
These are defined in MS-DTYP 2.4.7 SECURITY_INFORMATION with a brief
description, but they aren't referenced in anywhere in MS-DTYP itself,
nor in MS-FSA are any other document.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-12-17 13:59:38 +00:00
Gary Lockyer
1ed461a142 tests python krb5: initial TGS tests
Initial tests on the KDC TGS

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-12-16 23:48:05 +00:00
Gary Lockyer
0f232ed42f tests python krb5: add test base class
Add a base class for the KDC tests to reduce the amount of code
duplication in  the tests.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-12-16 23:48:05 +00:00
Gary Lockyer
d74c9dcf3a tests python krb5: Add Authorization data ad-type constants
Add constants for the Authorization Data Type values.
RFC 4120 7.5.4.  Authorization Data Types

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-12-16 23:48:05 +00:00
Douglas Bagnall
9bf9b99808 dbcheck: clarify check_object userparams
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-15 14:32:43 +00:00
Douglas Bagnall
8337144389 dbcheck: check_object/userparams: use variable for clarity
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-15 14:32:43 +00:00
Douglas Bagnall
22447a5159 dbcheck: reduce useless use of str(attrname)
it's already a string!

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-15 14:32:43 +00:00
Douglas Bagnall
0dd736ff33 dbcheck: better disambiguate 'attrs'
We had too many things called 'attrs'; now we have just one, but we
don't want it to look like it is *the* one.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-15 14:32:43 +00:00
Douglas Bagnall
206a028e1e dbcheck: split out attr calculations from check_object()
check_object is too long!

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-15 14:32:43 +00:00
Douglas Bagnall
43530f087d dbcheck: add a helper function for attr tracking
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-15 14:32:43 +00:00
Douglas Bagnall
b21287c2f4 dbcheck: do not add duplicate attrs for checking
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-15 14:32:43 +00:00
Douglas Bagnall
6b4ff45805 dbcheck: check_object() caches of lower case attr names
The construct `'name' in map(str.lower, attrs)` is doubly inefficient,
because not only is it running the lower() function too often, it is
searching linearly in a temporary iterator for membership.

So we make a set, and use that.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-15 14:32:43 +00:00
Douglas Bagnall
25a94fa474 dbcheck: make rIDSetReferences attr check case-insensitve
Yes, it looks inefficient, but that's because it is just trying to fit
in. Very soon we will fix it it properly.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-15 14:32:43 +00:00
David Mulder
ef5ea147dd samba-tool: Add a gpo command for setting smb.conf Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-12-09 17:38:28 +00:00
David Mulder
2705d39bff samba-tool: Test gpo smb.conf set command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-12-09 17:38:28 +00:00
David Mulder
fff3e0eb6a samba-tool: Add a gpo command for listing smb.conf Group Policies
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-12-09 17:38:28 +00:00
David Mulder
f74dea08be samba-tool: Test gpo smb.conf list command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-12-09 17:38:28 +00:00
David Mulder
111f07fd58 samba-tool: Add a gpo command for listing Security Group Policies
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-12-09 17:38:28 +00:00
David Mulder
aba8ece11d samba-tool: Test gpo Security list
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-12-09 17:38:28 +00:00
David Mulder
eea46a38eb samba-tool: Add a gpo command for setting Security Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-12-09 17:38:28 +00:00
David Mulder
5b49e0ac71 samba-tool: Test gpo Security set command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-12-09 17:38:28 +00:00
David Mulder
f509550f87 samba-tool: Add a gpo command for removing Sudoers Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-12-09 17:38:28 +00:00
David Mulder
f67a3644f4 samba-tool: Test gpo Sudoers remove command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-12-09 17:38:28 +00:00
David Mulder
5f9d2456fb samba-tool: Add a gpo command for adding Sudoers Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-12-09 17:38:28 +00:00
David Mulder
b0ccebd3ee samba-tool: Test gpo Sudoers add command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-12-09 17:38:28 +00:00
David Mulder
b402c7642c samba-tool: Add a gpo command for listing Sudoers Group Policies
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-12-09 17:38:28 +00:00
David Mulder
6f1374844c samba-tool: Test gpo Sudoers list command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-12-09 17:38:28 +00:00
Douglas Bagnall
cc9ff79d86 dbcheck: err_normalise-mismatch_replace: no msg if no error
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Dec  9 17:04:23 UTC 2020 on sn-devel-184
2020-12-09 17:04:23 +00:00
Douglas Bagnall
f1be8813b0 dbcheck: fix doc for err_normalise_mismatch*
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Douglas Bagnall
c28a3dd6d2 dbcheck: fix doc for do_rename()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Douglas Bagnall
17fb635532 dbcheck: remove unused fix_incorrect_deleted_objects flag
This was introduced in db15993401
but not actually referenced then or since.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Douglas Bagnall
0aec5b930d dbcheck: improve some duplicate doc strings
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Douglas Bagnall
99cdb2191e dbcheck: drop py2 support from dump_attr_values()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Douglas Bagnall
713117401c dbcheck: don't try to stringify values list twice
dump_attr_values already turns it into a comma separated list.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Douglas Bagnall
081d12de52 dbcheck: add docstring for err_odd_userParameters
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Douglas Bagnall
9fabe3aafd dbcheck: fix documentation for err_doubled_userParameters
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Douglas Bagnall
c7b39f1cea dbcheck: fix documentation and typo for err_utf_userParameters
pseudo, not psudo.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Douglas Bagnall
fa0350374d dbcheck: fix documentation for err_base64_userParameters
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Douglas Bagnall
3afd594273 dbcheck: fix documentation for err_duplicate_values
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Douglas Bagnall
02c3a66cbe drs_utils: remove unused sendRemoveDsServer()
The only caller of this was `samba-tool domain demote` which stopped
using it in 2015 with commit f121173cbf.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Douglas Bagnall
a8d1a6c59b python: remove unused provision.check_install()
Unused for at last 10 years.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Douglas Bagnall
e253c45c6d samba-tool gpo: use common attr_default
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Douglas Bagnall
816dee1a13 samba-tool drs: move attr_default to common
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Douglas Bagnall
2c48e90fad samba-tool pso uses common timestamp functions
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Douglas Bagnall
c8d3547c5f samba-tool domain: move timestamp functions to common
Other tools use identical functions, and they too can use common.py

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-12-09 16:00:39 +00:00
Gary Lockyer
7f7e2b0e1e tests python krb5: Extra canonicalization tests
Add tests that set the server name to the client name for the machine
account in the kerberos AS_REQ.  This replicates the TEST_AS_REQ_SELF
test phase in source4/torture/krb5/kdc-canon-heimdal.c.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 30 05:21:42 UTC 2020 on sn-devel-184
2020-11-30 05:21:42 +00:00
Andrew Bartlett
8ad82ae661 samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14575

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Thu Nov 26 21:15:40 UTC 2020 on sn-devel-184
2020-11-26 21:15:40 +00:00
David Mulder
a31891c742 Test password removal via python proctitle
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-26 06:52:41 +00:00
Heiko Baumann
9ec698954d Remove password from samba-tool proctitle
This fix makes sure the password is removed from the proctitle
of samba-tool so it cannot be exposed by e.g. ps(1).
- Moved code to python/samba/getopt.py as suggested by David Mulder
- Except ModuleNotFoundError when trying to load setproctitle module
- Improved code to keep option separator (space or equal sign) while
  removing password from proctitle.

Signed-off-by: Heiko Baumann <heibau@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
2020-11-26 06:52:41 +00:00
Andrew Bartlett
15609cb919 samba-tool domain backup: Confirm the sidForRestore we will put into the backup is free
Otherwise the administrator might only find there is a problem once they
attempt to restore the domain!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14575
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-26 06:52:40 +00:00
Volker Lendecke
0f67dd540f tests: SMB2 rename fails to check del-on-close on dst dir
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-19 22:56:41 +00:00
Volker Lendecke
fec5a569b6 tests: Factor out prep_creds()
3 times the same code can be put together

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-19 22:56:40 +00:00
Rowland Penny
1d12806d66 uptodateness.py: remove what appears to be debugging lines
They do nothing except confuse users.

Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Nov 19 00:36:58 UTC 2020 on sn-devel-184
2020-11-19 00:36:58 +00:00
Volker Lendecke
42be033b0b pylibsmb: Move set_acl() to python
The previous code was not available in threaded environments

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-16 19:53:45 +00:00
Volker Lendecke
472c16d554 pylibsmb: Move get_acl() to python
The previous code was not available in threaded environments

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-16 19:53:45 +00:00
Volker Lendecke
13aecb22f7 pylibsmb: Move deltree to python code
This is much shorter. There's also another aspect: I'm working on
improving cli_list() to not collect all files before starting to call
the callback function. This means that the cli_list cb will be called
from within tevent_loop_once(). In pylibsmb.c's deltree code this
would create a nested event loop. By moving the deltree code into the
python world this nested event loop is avoided. Now the python code
will first collect everything and then start to delete, avoiding the
nesting. A future development should make listing directories a
generator or something like that.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-16 19:53:44 +00:00
Volker Lendecke
2cff5990da pylibsmb: Add a compatible python-level wrapper
Right now this is empty, but it is the basis for moving complexity out
or pylibsmb.c into python code.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-11-16 19:53:44 +00:00
Gary Lockyer
2ba6d596ff tests python krb5: add arcfour salt tests
MIT kerberos returns a salt when ARCFOUR_HMAC_MD5 encryption selected,
Heimdal does not.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov 12 22:54:22 UTC 2020 on sn-devel-184
2020-11-12 22:54:22 +00:00
Gary Lockyer
d492355f29 tests python krb5: refactor compatability tests
Refactor to aid the adding of tests for the inclusion of a salt when
ARCFOUR_HMAC_MD5 encryption selected

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-12 21:30:32 +00:00
Gary Lockyer
a00a1c9745 tests python krb5: Convert kdc-heimdal to python
Implement the tests in source4/torture/krb5/kdc-heimdal.c in python.
The following tests were not re-implemented as they are client side
tests for the "Orpheus Lyre" attack:
       TORTURE_KRB5_TEST_CHANGE_SERVER_OUT
       TORTURE_KRB5_TEST_CHANGE_SERVER_IN
       TORTURE_KRB5_TEST_CHANGE_SERVER_BOTH

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-12 21:30:32 +00:00
Gary Lockyer
1bab87c50b tests python krb5: raw_testcase permit RC4 salts
MIT kerberos returns a salt when ARCFOUR_HMAC_MD5, this commit removes
the check that a salt is not returned.  A test for the difference
between MIT and Heimdal will be added in the subsequent commits.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-12 21:30:32 +00:00
Gary Lockyer
82a413f48b tests python krb5: Refactor compatability test constants
Modify tests to use the constants defined in rfc4120_constants.py

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-12 21:30:32 +00:00
Gary Lockyer
97b830cbca tests python krb5: Refactor canonicalization test constants
Modify tests to use the constants defined in rfc4120_constants.py

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-12 21:30:32 +00:00
Gary Lockyer
532c941fbb tests python krb5: Add constants module
Extract the constants used in the tests into a separate module.
To reduce code duplication

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-12 21:30:32 +00:00
Stefan Metzmacher
b3ffc61e2f SambaToolCmdTest: let assertCmdSuccess() escape ']\n' lines
This gives a much higher chance to see the actual problem
without having them filtered by various 'filter-subunit' invocations.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-11-11 21:14:32 +00:00
Andrew Bartlett
f214a3ba5a selftest: Windows 2019 implements the RemoveDollar behaviour for Enterprise principals
This is documented in MS-KILE.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed Nov 11 02:38:46 UTC 2020 on sn-devel-184
2020-11-11 02:38:46 +00:00
Andrew Bartlett
fc77ece0e2 selftest: Add in encrypted-pa-data from RFC 6806
This comes from Windows 2019 which supports FAST.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-11 01:15:39 +00:00
Andrew Bartlett
ab8c0a181b selftest: Fix formatting of failure (traceback and options swapped in format string)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-11 01:15:39 +00:00
Andrew Bartlett
2693f12fbe selftest: Make as_canonicalization_tests.py auto-detect the NT4 domain name
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-11 01:15:39 +00:00
Andrew Bartlett
d79218dbba samdb: Add samdb.domain_netbios_name()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-11 01:15:39 +00:00
Andrew Bartlett
d85e71f449 selftest: Make as_canonicalization_tests.py easier to run outside "make test"
This takes the realm from the LDAP base DN and so avoids one
easy mistake to make.  So far the NT4 domain name is not
auto-detected, so much be read from the smb.conf.

By using .guess() the smb.conf is read for the unspecified
parts (eg workstation for an NTLM login to the LDAP server if
the target server is an IP address).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-11 01:15:39 +00:00
Andrew Bartlett
579a3c641c selftest: Fix flipped machine and user constants
This naturally does not change the test, but reduces developer
confusion.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-11 01:15:39 +00:00
Andrew Bartlett
d7f731ed35 selftest: Send enterprise principals tagged as such
This test passed against Samba but failed against Windows when
an enterprise principal (user@domain.com@REALM) was encoded as
NT_PRINCIPAL.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-11 01:15:39 +00:00
Gary Lockyer
1e1d8b9c83 tests python krb5: Add python kerberos compatability tests
Add new python test to document the differences between the MIT and
Heimdal Kerberos implementations.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-09 02:46:50 +00:00
Isaac Boukris
cfaad16ff6 selftest: add a test for the CreateTrustedDomainRelax wrapper
Originally copied from 'source4/scripting/devel/createtrust'
(had to drop the TRUST_AUTH_TYPE_VERSION part though, as it
fails against samba DC).

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-11-06 10:02:35 +00:00
Isaac Boukris
baf4e2930e Use the new CreateTrustedDomainRelax()
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-11-06 10:02:35 +00:00
Isaac Boukris
c2644032b4 Add CreateTrustedDomainRelax wrapper for fips mode
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-11-06 10:02:35 +00:00
Isaac Boukris
a77551bea9 selftest: add a test for py dce transport_encrypted
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-11-06 10:02:35 +00:00
Alexander Bokovoy
49efe0ca0b Revert "cli_credentials_parse_string: fix parsing of principals"
This reverts commit eb0474d27b.
2020-11-05 06:30:31 +00:00
Gary Lockyer
005435dc4d tests python krb5: Add python kerberos canonicalization tests
Add python canonicalization tests, loosely based on the code in
source4/torture/krb5/kdc-canon-heimdal.c.  The long term goal is to move
the integration level tests out of kdc-canon-heimdal, leaving it as a
heimdal library unit test.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-04 22:54:41 +00:00
Gary Lockyer
41c8aa4b99 tests python krb5: Add canonicalize flag to ASN1
Add the canonicalize flag to KerberosFlags, so that it can be used in
python based canonicalization tests.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-04 22:54:41 +00:00
Gary Lockyer
b14dca7c1c tests python krb5: Make PrincipalName_create a class method
Make PrincipalName_create a class method, so it can be used in helper
classes.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-04 22:54:41 +00:00
Alexander Bokovoy
eb0474d27b cli_credentials_parse_string: fix parsing of principals
When parsing a principal-like name, user name was left with full
principal instead of taking only the left part before '@' sign.

>>> from samba import credentials
>>> t = credentials.Credentials()
>>> t.parse_string('admin@realm.test', credentials.SPECIFIED)
>>> t.get_username()
'admin@realm.test'

The issue is that cli_credentials_set_username() does a talloc_strdup()
of the argument, so we need to change order of assignment to allow
talloc_strdup() to copy the right part of the string.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-11-04 14:59:34 +00:00
Björn Baumbach
a1b021200e selftest: add test for new "samba-tool user unlock" command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Nov  4 00:19:25 UTC 2020 on sn-devel-184
2020-11-04 00:19:25 +00:00
Björn Baumbach
0bc93500a8 samba-tool: add new "user unlock" command
Can be used to unlock a user when the badPwdCount has been reached.

Introduces SamDB error classes, as suggested by
Douglas Bagnall <douglas.bagnall@catalyst.net.nz> - thanks!
This helps to handle expected failures.
Tracebacks of really unexpected failures will not be hidden.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-11-03 22:55:37 +00:00
Jule Anger
9214fcec34 tests: avoid returning an already used ID in randomXid()
The error 'uidNumber xxx is already being used.' in the samba tool tests
occurs when the random.randint functions returns the same value twice and
therefore a user or group with an already used gid or uid should be created.

Avoid this error by adding a list that stores the used IDs, so that the randomXid
function can check wheter a value is already used before returning it.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 29 18:54:24 UTC 2020 on sn-devel-184
2020-10-29 18:54:24 +00:00
Andreas Schneider
9a3ba502d8 python:tests: Add SAMR password change tests for fips
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-29 14:19:37 +00:00
Alexander Bokovoy
183d5d63f4 DNS Resolver: support both dnspython before and after 2.0.0
`dnspython` 2.0.0 has many changes and several deprecations like:

```
> dns.resolver.resolve() has been added, allowing control of whether
search lists are used. dns.resolver.query() is retained for backwards
compatibility, but deprecated. The default for search list behavior can
be set at in the resolver object with the use_search_by_default
parameter. The default is False.

> dns.resolver.resolve_address() has been added, allowing easy
address-to-name lookups.
```

The new class `DNSResolver`:
- provides the compatibility layer
- defaults the previous behavior (the search list configured in the
  system's resolver configuration is used for relative names)
- defaults lifetime to 15sec (determines the number of seconds
  to spend trying to get an answer to the question)

The compatibility shim was developed by Stanislav Levin for FreeIPA and
adopted for Samba by Alexander Bokovoy.

Signed-off-by: Stanislav Levin <slev@altlinux.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-10-26 18:33:40 +00:00
David Mulder
895c729ce3 py3: Add is_ad_dc_built option to python glue
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-10-23 03:25:34 +00:00
Andreas Schneider
76db796181 python: Create targetdir recursively
This fixes `make test` in a release tarball.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14542

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-22 16:05:30 +00:00
Stefan Metzmacher
80347deb54 python/tests: add DynamicTestCase setUpDynamicTestCases() infrastructure
This can be used in order to run a sepcific test (coded just once)
with an autogenerated set of arguments.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531

Pair-Programmed-With: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-21 07:25:37 +00:00
David Mulder
a3cd315321 python2 reduction: Merge remaining compat code into common
The remaining compat code (get_string, get_bytes,
cmp) are useful helper routines which we should
simply merge into common (especially since there
is some duplication here).

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Fri Oct  2 14:49:36 UTC 2020 on sn-devel-184
2020-10-02 14:49:36 +00:00
David Mulder
85d2ff2f00 python: Move dsdb_Dn to samdb
The import dsdb needed for dsdb_Dn causes import
errors when trying to import get_bytes/get_string
in some places.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-02 13:29:35 +00:00
Jule Anger
ab0e5e3c43 samba-tool tests: rename 'contact create' to 'contact add'
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Oct  1 02:44:09 UTC 2020 on sn-devel-184
2020-10-01 02:44:09 +00:00
Jule Anger
f38336ac0e samba-tool contact: rename 'contact create' to 'contact add'
Keep 'contact create' for compatibility reasons.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:41 +00:00
Jule Anger
6686235819 samba-tool tests: rename 'group create' to 'group add'
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:41 +00:00
Jule Anger
90988ff69f samba-tool group: add 'group create' as synonym for 'group add'
Add 'group create' command for a symmetric set of
samba-tool subcommands

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:41 +00:00
Jule Anger
1f61ef204d samba-tool tests: rename 'computer create' to 'computer add'
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:41 +00:00
Jule Anger
1703ca1136 samba-tool computer: rename 'computer create' to 'computer add'
Keep 'computer create' for compatibility reasons.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:40 +00:00
Jule Anger
051364487c samba-tool tests: rename 'user create' to 'user add'
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:40 +00:00
Jule Anger
95ba8a3f8c samba-tool user: rename 'user create' to 'user add'
Keep 'user create' for compatibility reasons.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:40 +00:00
Jule Anger
6315deaa67 samba-tool tests: rename 'ou create' to 'ou add'
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:40 +00:00
Jule Anger
419e75cc38 samba-tool ou: rename 'ou create' to 'ou add'
Keep 'ou create' for compatibility reasons.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:40 +00:00
Jule Anger
b83b4c92df samba-tool tests: add test-cases for 'contact rename'
Tests the following options:
 --surname
 --given-name
 --initials
 --force-new-cn
 --reset-cn
 --display-name
 --mail-address

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:40 +00:00
Jule Anger
bf04cb3b7a samba-tool contact: add new contact 'rename' command
Usage: samba-tool contact rename <contactname> [options]

Rename a contact and related attributes.

This command allows to set the contact's name related attributes.

Use an empty attribute value to remove the specified attribute.

The contactname specified on the command is the CN.

Example1:
samba-tool contact rename "John Doe" --surname=Bloggs \\
    --force-new-cn=John

Example1 shows how to change the surname ('sn' attribute) of a contact
'John Doe' to 'Bloggs' and change the CN to 'John' on the local server.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:40 +00:00
Jule Anger
ac283a96e7 samba-tool tests: add test-cases for 'group rename'
Tests the following options:
 --samaccountname
 --force-new-cn
 --reset-cn
 --mail-address

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:40 +00:00
Jule Anger
4b06ff7ffc samba-tool group: add new group 'rename' command
Usage: samba-tool group rename <groupname> [options]

Rename a group and related attributes.

This command allows to set the group's name related attributes.

Use an empty attribute value to remove the specified attribute.

The groupname specified on the command is the sAMAccountName.

Example1:
samba-tool group rename employees --samaccountname=staff

Example1 shows how to change the sAMAaccountName of a group 'employees' to
'staff' on the local server.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:39 +00:00
Jule Anger
ea8b3f928e samba-tool tests: add test-cases for 'user rename'
Tests the following options:
--surname
--given-name
--initials
--force-new-cn
--reset-cn
--display-name
--mail-address
--samaccountname
--upn

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:39 +00:00
Björn Baumbach
891af24054 samba-tool user: add new user 'rename' command
Usage: samba-tool user rename <username> [options]

Rename a user and related attributes.

This command allows to set the user's name related attributes. The user's
CN will be renamed automatically.
The user's new CN will be made up by combining the given-name, initials
and surname. A dot ('.') will be appended to the initials automatically.
Use the --force-new-cn option to specify the new CN manually.

The username specified on the command is the sAMAccountName.

Example1:
samba-tool user rename johndoe --surname='Bloggs'

Example1 shows how to change the surname of a user 'johndoe' to 'Bloggs' on
the local server. The user's CN will be renamed automatically, based on
the given name, initials and surname.

Pair-Programmed-With: Jule Anger <ja@sernet.de>

Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:39 +00:00
Jule Anger
899e66d47f samdb: add fullname_from_names() method
Add a method to construct the fullname, using the given name, the initials
and the surname.
If one of this values is empty, try to use the old one, given by an
attributs set.
If the combination is empty, the method will return the fallback-default
parameter.

Use this method to construct the CN or the displayName of users or
contacts.

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:39 +00:00
Jule Anger
a22a80ed6e samdb: add prepare_attr_replace() method
Add a method to prepare a given Message to replace the given attribute.
If the given new value is None or the old value and the new value are
the same, do nothing.
If the new value is empty, prepare to replace the given attribute with
[].
Else prepare to replace the given attribute with the new value.

Use this for samdb.modify(msg).

Signed-off-by: Jule Anger <ja@sernet.de>
Reviewed-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-10-01 01:18:39 +00:00
Amitay Isaacs
1bccc67ce7 provision: BIND 9.17.x is not supported
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Rowland Penny <rpenny@samba.org>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Sep 24 05:55:43 UTC 2020 on sn-devel-184
2020-09-24 05:55:43 +00:00
Amitay Isaacs
5b2ccb1c7c provision: Add support for BIND 9.16.x
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Rowland Penny <rpenny@samba.org>
2020-09-24 04:32:42 +00:00
Amitay Isaacs
4d09797652 provision: BIND 9.15.x is not supported
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Rowland Penny <rpenny@samba.org>
2020-09-24 04:32:41 +00:00
Amitay Isaacs
016c1174ef provision: Add support for BIND 9.14.x
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Rowland Penny <rpenny@samba.org>
2020-09-24 04:32:41 +00:00
Amitay Isaacs
9527861882 provision: BIND 9.13.x is not supported
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Rowland Penny <rpenny@samba.org>
2020-09-24 04:32:41 +00:00
Stefan Metzmacher
b716dbc976 python/tests/gpo: this should fix a Popen deadlock
It is inspired by commit 5dc773a5b0
   Author: Joe Guo <joeg@catalyst.net.nz>
   Date:   Fri Sep 15 16:13:26 2017 +1200

      python: use communicate to fix Popen deadlock

      `Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and the
      child process generates large output to a pipe such that it blocks waiting for
      the OS pipe buffer to accept more data. Use communicate() to avoid that.

      Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
      Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
      Reviewed-by: Andrew Bartlett <abartlet@samba.org>

      Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
      Autobuild-Date(master): Thu Oct 19 09:27:16 CEST 2017 on sn-devel-144

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2020-09-07 12:02:15 +00:00
Hezekiah
bd9f64d19d Fixed arrow keys typo to the computer move command utility
Signed-off-by: Hezekiah <hezekiahmaina3@gmail.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Fri Sep  4 16:57:30 UTC 2020 on sn-devel-184
2020-09-04 16:57:30 +00:00
David Mulder
11f97148bb gpo: Pass necessary parameters to rsop
These parameters were missed by mistake when exts
were modified to be initialized within the rsop
command. Fixes an exception thrown when executing
samba-gpupdate --rsop:

Traceback (most recent call last):
  File "/usr/sbin/samba-gpupdate", line 99, in <module>
    rsop(lp, creds, gp_extensions, opts.target)
  File "/usr/lib64/python3.8/site-packages/samba/gpclass.py", line 512, in rsop
    ext = ext(logger, lp, creds, store)
NameError: name 'logger' is not defined

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-09-02 09:11:30 +00:00
David Mulder
dff01a5edf gpo: Test rsop function for success
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-09-02 09:11:30 +00:00
David Mulder
07ce480888 samba-tool: Create unix user with modified template homedir
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-09-02 09:11:29 +00:00
David Mulder
38fcad60a8 samba-tool: Test creating unix user with modified template homedir
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-09-02 09:11:29 +00:00
Noel Power
e3079c5387 python/samba/tests/blackbox: Tests with nested DFS container
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 31 19:09:24 UTC 2020 on sn-devel-184
2020-08-31 19:09:24 +00:00
Noel Power
7faab75b47 python/samba/tests/blackbox: python smbcacls '--propagate-inherit' test
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-31 17:44:38 +00:00
Noel Power
c681f5bfe3 python/samba/tests/blackbox: Preparatory change to support custom share
tearDown method doesn't handle local file deletion fallback if a share
other than 'tmp' is used

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-31 17:44:38 +00:00
Noel Power
8826d74ae8 python/samba/tests:blackbox: Fix local file delete test tree fallback
Wrong indentation ensures the fallback where we use file system removal
of test files if the test's tearDown method fails.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-31 17:44:38 +00:00
Noel Power
05de29a4d0 python/samba/tests/blackbox: Fix undetected deltree fail
With msdfs root share smbclient deltree command can fail without
setting the errorcode (e.g. when do_list encounters an error it will
log a warning message and continue rather than error out fatally)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-31 17:44:38 +00:00
David Mulder
811e2f5529 GPO: Add rsop output for Messages policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Aug 27 17:19:48 UTC 2020 on sn-devel-184
2020-08-27 17:19:48 +00:00
David Mulder
2ef88466f4 GPO: Test rsop output for Messages policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:34 +00:00
David Mulder
1544929fee gpo: Apply Group Policy Login Prompt Message
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:34 +00:00
David Mulder
b76d55cc90 gpo: Test Group Policy Login Prompt Message
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:34 +00:00
David Mulder
a4f598fde8 gpo: Apply Group Policy Message of the day
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:34 +00:00
David Mulder
e8757e0d36 gpo: Test Group Policy Message of the day
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:34 +00:00
David Mulder
fee00231f6 GPO: Add rsop output for smb.conf policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:34 +00:00
David Mulder
101b5f17f1 GPO: Test rsop output for smb.conf policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:34 +00:00
David Mulder
3303869c4b gpo: Add CSE for applying smb.conf
Add an extension that applies smb.conf params
applied via the smb.conf admx files.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:34 +00:00
David Mulder
37661d1aac gpo: Test Group Policy smb.conf Extension
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:34 +00:00
David Mulder
ab347c861c gpo: gp_krb_ext always uses set_kdc_tdb to update
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:33 +00:00
David Mulder
5128dc7db3 gpo: Move gp_sec_ext conversion functions to top
These functions don't actually use self, so can
be moved to top level functions.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:33 +00:00
David Mulder
7d6d160a8e gpo: Display Security Extension RSOP on ADDC only
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:33 +00:00
David Mulder
c887f7a7d2 gpo: Fix unapply failure when multiple extensions run
When multiple Group Policy Extensions are present,
only the last executed extension saves it's
changes to the Group Policy Database, due to the
database being loaded seperately for each
extension.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:33 +00:00
David Mulder
7e507dd886 gpo: Test multiple extention unapply
Verify that an unapply of multiple extentions
deletes the script files and policy settings.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:33 +00:00
David Mulder
8626910c0e gpo: Sudoers ext should not crash if policy missing
If a user has manually removed a policy, the
extension should not crash in an unapply removing
it.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:33 +00:00
David Mulder
87fe86270e gpo: Script ext should not crash if script missing
If a user has manually removed a script, the
extension should not crash in an unapply removing
it.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:33 +00:00
David Mulder
7c6969e9c9 gpo: Cleanup sudoers policy test
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:33 +00:00
David Mulder
7acbb44040 gpo: Cleanup script policy test
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:33 +00:00
David Mulder
0544237ea2 gpo: Avoid using distutils since it will be deprecated
We shouldn't use distutils.spawn.find-executable
here, since its use is discouraged:
https://docs.python.org/3/library/distutils.html

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:33 +00:00
David Mulder
0a7e2e3984 gpo: Clarify the contents of deleted_gpo_list in process_group_policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:33 +00:00
David Mulder
bc38d3afe3 gpo: Add rsop output for Sudoers policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:32 +00:00
David Mulder
4148af125b gpo: Test rsop output for Sudoers policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:32 +00:00
David Mulder
4a252f6e0f python compat: remove ConfigParser
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-08-24 01:46:30 +00:00
Andrew Bartlett
4dbe8d1131 python: Remove remaining references to third_party python libs
For now at least we do not have any in third_party.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 21 00:12:52 UTC 2020 on sn-devel-184
2020-08-21 00:12:51 +00:00
Andreas Schneider
7e3ceaec44 python:tests: Add test for SMB encrypted DCERPC connection
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Aug 19 17:46:28 UTC 2020 on sn-devel-184
2020-08-19 17:46:28 +00:00
Andreas Schneider
5bff7a061f python: Add a test for SMB encryption
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:42 +00:00
Andreas Schneider
6f552204d4 s3:client: Turn off smb signing for message op
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:42 +00:00
Andreas Schneider
67323b1ffa python:tests: Set smb ipc signing via the creds API
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:42 +00:00
Andreas Schneider
1a74c790bf python:tests: Mark libsmb connection as an IPC connection
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:42 +00:00
Andreas Schneider
946e43f0cc python: Set smb signing via the creds API
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:41 +00:00
Andreas Schneider
d55950b840 python: Remove unused sign argument from smb_connection()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:41 +00:00
Andreas Schneider
84f1e4683e auth:creds: Add python bindings for cli_credentials_set_conf()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:41 +00:00
Andreas Schneider
66c9c68bad auth:creds: Add python bindings for (get|set)_smb_encryption
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:41 +00:00
Andreas Schneider
ef12caea07 auth:creds: Add python bindings for (get|set)_smb_ipc_signing
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:41 +00:00
Andreas Schneider
098774b244 auth:creds: Add python bindings for (get|set)_smb_signing
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19 16:22:40 +00:00
Stefan Metzmacher
e913503540 auth:creds: Introduce CRED_SMB_CONF
We have several places where we check '> CRED_UNINITIALISED',
so we better don't use CRED_UNINITIALISED for values from
our smb.conf.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-08-19 16:22:40 +00:00
Volker Lendecke
acd8de28ac auth_log_test: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-17 19:35:37 +00:00
Volker Lendecke
2d29bb42c7 test: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-17 19:35:37 +00:00
Douglas Bagnall
f0860de5bb python compat: remove text_type
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-08-11 16:37:35 +00:00
Douglas Bagnall
ace5038031 python compat: remove binary_type
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-08-11 16:37:35 +00:00
Douglas Bagnall
bcaf076d30 python compat: reduce use of 'if PY3:'
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-08-11 16:37:35 +00:00
Douglas Bagnall
4d9d63b000 python compat: remove StringIO
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-08-11 16:37:35 +00:00
Douglas Bagnall
9cc65a552b python compat: remove string_types
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-08-11 16:37:35 +00:00
Douglas Bagnall
323073f4e0 python compat: remove integer_types
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2020-08-11 16:37:35 +00:00
David Mulder
d512b1a4bd gpo: Remove unused gp_ext_setter code
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Aug  6 18:01:49 UTC 2020 on sn-devel-184
2020-08-06 18:01:49 +00:00
David Mulder
627fb5471b gpo: Extract Access policy from Security extension
Rewrite the extension to be easier to understand,
and to remove references to gp_ext_setter.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
8971876128 gpo: Extract Kerberos policy from Security extension
Rewrite the extension to be easier to understand,
and to remove references to gp_ext_setter.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
bf74bf1c4e gpo: Add RSOP output for Scripts Extension
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
1f63103041 gpo: Add RSOP output for Security Extension
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
5361f25800 gpo: Test samba-gpupdate --rsop
Test that the rsop command produces the expected
output.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
f5202c7b55 gpo: Add --rsop option to samba-gpupdate
This command prints the Resultant Set of Policy
for applicable GPOs, for either the Computer or
User policy (depending on the target specified).
Policy specific output must be implemented for
each client side extension.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
0f3066abbb gpo: Properly decode utf-8/16 inf files from bytes
This code was python 2 specific (string handling
has changed dramatically in python 3), and didn't
correctly decode utf-16 in python3. We should
instead read the file as bytes, then attempt a
utf-8 decode (the default), and try utf-16 if
encountering a decode failure.
The existing code actually throws an exception on
the initial file read when the data is utf-16,
since it tries to decode the bytes to a utf-8
string.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
70a38eb548 gpo: Test proper decoding of utf-16 inf files
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
88b6266168 gpo: Apply Group Policy Sudo Rights
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
9679ba9577 gpo: Test Group Policy Sudo Rights
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
e387aa937e gpo: Scripts gpo add warning about generated scripts
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
edf4b6eb12 gpo: Scripts extension use 'gp_' prefix, not 'tmp'
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
b30a604f73 gpo: Apply Group Policy Weekly Scripts
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:35 +00:00
David Mulder
7e5c842cba gpo: Test gpo weekly scripts apply
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:35 +00:00
David Mulder
1810e4f10c gpo: Apply Group Policy Monthly Scripts
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:35 +00:00