summaryrefslogtreecommitdiff
path: root/python/samba/netcmd/domain/auth
AgeCommit message (Collapse)AuthorFilesLines
2024-10-04netcmd:domain:policy: Fix missing conversion from tgt_lifetime minutes to ↵Andréas Leroux1-6/+12
10^(-7) seconds BUG: https://bugzilla.samba.org/show_bug.cgi?id=15692 Signed-off-by: Andréas Leroux <aleroux@tranquil.it> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Fri Oct 4 04:01:22 UTC 2024 on atb-devel-224
2024-04-08python: lint: fix pylint R1720 unnecessary "raise" after "else"Rob van der Linde2-4/+4
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-08python: lint: remove unused imports in claims and gmsa commandsRob van der Linde1-2/+1
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28netcmd: auth policy: remove old service-allowed-to-authenticate-from-silo ↵Rob van der Linde1-57/+0
and group Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28netcmd: auth policy: add service-allowed-to-authenticate-from subcommandsRob van der Linde2-0/+128
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28netcmd: auth policy: remove old user-allowed-to-authenticate-from-silo and groupRob van der Linde1-42/+0
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28netcmd: auth policy: add user-allowed-to-authenticate-from subcommandsRob van der Linde2-0/+128
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28netcmd: auth policy: remove old service-allowed-to-authenticate-to-silo and ↵Rob van der Linde1-42/+0
group Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28netcmd: auth policy: add service-allowed-to-authenticate-to subcommandsRob van der Linde2-0/+128
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28netcmd: auth policy: remove old user-allowed-to-authenticate-to-silo and groupRob van der Linde1-42/+0
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28netcmd: auth policy: add user-allowed-to-authenticate-to subcommandsRob van der Linde2-0/+130
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28netcmd: auth policy: remove old computer-allowed-to-authenticate-to-silo and ↵Rob van der Linde1-42/+0
group Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28netcmd: auth policy: add computer-allowed-to-authenticate-to subcommandsRob van der Linde2-0/+130
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28netcmd: auth policy: extract policy base commands into policy.pyRob van der Linde2-648/+679
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28netcmd: auth policy: turn policy.py into moduleRob van der Linde1-0/+0
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28netcmd: auth silo: extract silo base commands into silo.pyRob van der Linde2-363/+393
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28netcmd: auth silo: move silo_member.py into silo moduleRob van der Linde2-1/+1
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28netcmd: auth silo: turn silo.py into moduleRob van der Linde1-0/+0
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-20python: pep8: fix import sorting after moveRob van der Linde3-7/+6
Only touch files where samba.domain.models import was moved Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-20python: move models out of the netcmd packageRob van der Linde3-9/+9
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-01netcmd: models: rename lookup methods to find for consistencyRob van der Linde1-2/+2
There are a mixture of methods called either 'lookup' or 'find'. This dates back to when they raised LookupError, but these now raise NotFound. They should be all called 'find' for consistency. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: silos: silo and auth policy commands use Query class betterRob van der Linde2-12/+8
Since the introduction of the Query class these can be written to be a lot clearer using models. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: silos: silo and auth policy commands use printRob van der Linde2-8/+8
This adds more consistency with newer code added after these commands. But also print seems more flexible and requires no newline characters added constantly which ends up being a bit cleaner. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-02-16netcmd: models: stop using LookupError exception and change it to NotFoundRob van der Linde1-2/+2
LookupError is a base class for IndexError and KeyError and isn't really the appropriate exception. NotFound inherits from ModelError just like the other model exceptions. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-08netcmd: models: enums and constants also brought forwardRob van der Linde1-4/+4
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27samba-tool: Improve help messages for "samba-tool domain auth policy"Andrew Bartlett1-17/+19
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Nov 27 04:05:46 UTC 2023 on atb-devel-224
2023-11-27netcmd: auth: set better metavar that matches the docsRob van der Linde2-21/+42
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: auth policy: add allowed-to-authenticate-from-device-group attributesRob van der Linde1-0/+36
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: auth policy: fix missing 'by' in help stringRob van der Linde1-2/+2
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: auth policy: add allowed-to-authenticate-to-by-group attributesRob van der Linde1-1/+56
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: auth policy: rename "from silo" to "from device silo"Rob van der Linde1-23/+23
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: auth policy: add allowed to authenticate to by silo attributesRob van der Linde1-0/+66
--user-allowed-to-authenticate-to-by-silo --service-allowed-to-authenticate-to-by-silo --computer-allowed-to-authenticate-to-by-silo Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member: update docstrings comments and print statements for ↵Rob van der Linde1-6/+6
grant + revoke Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member: update command line options help text for grant + revokeRob van der Linde1-2/+2
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member: rename add and remove commands to grant and revokeRob van der Linde1-5/+5
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member: rename model methods to grant and revokeRob van der Linde1-2/+2
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member: Make output consistent with user commandRob van der Linde1-3/+17
* Use print with file=self.outf * Show assigned or unassigned silo Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member uses consistent output with other commandsRob van der Linde1-4/+4
This also includes always spelling out "authentication silo" or "authentication policy" in full, not just calling it "silo." Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member add and remove should not set assigned_siloRob van der Linde1-10/+2
The Windows tools don't do this either Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member: make use of User.find functionRob van der Linde1-15/+2
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-27python: silos: add support for allowed to authenticate from silo shortcutRob van der Linde1-1/+60
this avoids the need to write SDDL, the user just needs to give the silo name Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Oct 27 00:30:05 UTC 2023 on atb-devel-224
2023-10-26netcmd: silo command uses more consistent naming for tgt argsRob van der Linde1-3/+3
The args --user-tgt-lifetime-mins, --service-tgt-lifetime-mins and --computer-tgt-lifetime-mins suffixed with -mins to be consistent with Windows tooling. For these, the internal names don't need to change and neither do the model fields, only the external cli interface has this. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26netcmd: silo command uses more consistent naming for policy argsRob van der Linde1-44/+56
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-26netcmd: silo command remove combined --policy which set all 3Rob van der Linde1-26/+6
doesn't make much sense to set all 3 to the same policy, user authentication policy, service authentication policy, computer authentication policy Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24netcmd: auth policy: add OptionGroup classes for user, service and computer ↵Rob van der Linde1-116/+109
options Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24python: netcmd: make use of HostOptions for claims and sites commandsRob van der Linde3-52/+39
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-24python: netcmd: make use of required flag on Option for claims commandsRob van der Linde3-46/+13
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-29netcmd: auth: add new SDDL fields to create and modify auth policy commandsRob van der Linde1-4/+65
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-25netcmd: domain: add error handling to domain auth commandsRob van der Linde3-32/+96
Where we wre catching LdbError before we now catch ModelError, all exceptions that are known and handled in the model layer will have a user-friendly error message. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25netcmd: domain: silo member add and remove does not write whole listRob van der Linde1-22/+7
Writing the whole list at once can lead to data loss if multiple administrators are doing this at the same time. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-06 21:27:48 +0000