summaryrefslogtreecommitdiff
path: root/python/samba/netcmd
AgeCommit message (Collapse)AuthorFilesLines
2023-12-21python/netcmd: Improve documentation for "samba-tool user getpassword"Andrew Bartlett1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-12-21python/netcmd: Add "samba-tool user get-kerberos-ticket" to get a ticket for ↵Andrew Bartlett4-3/+153
a gMSA Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-12-21samba-tool: document that -H can be used with gMSA accountsRob van der Linde1-2/+9
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-12-21samba-tool: fix some grammar in getpassword docstringsRob van der Linde1-5/+5
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-12-21samba-tool: Make samba-tool user getpassword support a ';previous=1' optionAndrew Bartlett1-11/+32
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-12-21samba-tool user getpassword: Prepare to support a ;previous=1 option, change ↵Andrew Bartlett1-1/+1
behaviour for ;rounds= This will return the previous password, but the pattern is to include the option in the returned attribute name, so we need to use vatter["raw_attr"], not 'a'. This changes the behaviour for the ;rounds= option used when we hold the plaintext password (possibly under GPG encryption). This is now consistant with other parameters in the LDAP attribute, and is now included in the returned attribute name. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-12-21samba-tool: Add support for getting the generated unicodePwd for a gMSA accountAndrew Bartlett1-0/+10
This pre-hashed value may be more practical to use than the random "UTF-16" password. In particular it is easy to compare with the DB values. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-12-21netcmd: user: samba-tool support to allow non-windows use of GMSA accounts ↵Rob van der Linde1-3/+13
(show password) Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-12-21samba-tool user getpassword: Use UTF16_MUNGED charcnv to map "UTF16" to UTF8Andrew Bartlett2-10/+11
This copes with random invalid UTF-16 as seen with gMSA accounts. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-12-21samba-tool: Prepare to allow samba-tool user getpasswords to operate against ↵Andrew Bartlett3-29/+32
a remote server While passwords are not normally available for read, Group Managed Service Account passwords are, as this is how they are distributed. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-12-21netcmd: models: add object sid field to User modelRob van der Linde1-1/+2
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-12-21netcmd: getpassword: print OK message on stderrRob van der Linde1-1/+1
This makes it easier to machine parse the output in tests Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-12-15netcmd: add shell commandRob van der Linde2-0/+75
A simple samba-tool shell, can be quite useful to play around with the ldb database and models. All models get imported and the samdb connection variable made available. Example usage: bin/samba-tool shell -H <host> --workgroup <workgroup> --realm <realm> >>> silos = AuthenticationSilo.query(ldb) >>> for silo in silos: ... print(silo) ... Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Dec 15 03:51:55 UTC 2023 on atb-devel-224
2023-12-15python: use python3 style super statementsRob van der Linde2-3/+2
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-15netcmd: getpassword: get rid of pointless overridden constructorsRob van der Linde2-4/+0
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-15python: pep257: docstring should use double quotesRob van der Linde6-42/+42
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-12-14python: Remove unused parameter ‘netlogon’Joseph Sutton1-2/+1
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-27samba-tool: Improve help messages for "samba-tool domain auth policy"Andrew Bartlett1-17/+19
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Nov 27 04:05:46 UTC 2023 on atb-devel-224
2023-11-27netcmd: auth: set better metavar that matches the docsRob van der Linde2-21/+42
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: auth policy: add allowed-to-authenticate-from-device-group attributesRob van der Linde1-0/+36
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: auth policy: fix missing 'by' in help stringRob van der Linde1-2/+2
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: auth policy: add allowed-to-authenticate-to-by-group attributesRob van der Linde1-1/+56
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: auth policy: rename "from silo" to "from device silo"Rob van der Linde1-23/+23
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: auth policy: add allowed to authenticate to by silo attributesRob van der Linde1-0/+66
--user-allowed-to-authenticate-to-by-silo --service-allowed-to-authenticate-to-by-silo --computer-allowed-to-authenticate-to-by-silo Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: models: add a Group modelRob van der Linde2-0/+43
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: models: make systemFlags and systemOnly fields readonlyRob van der Linde3-5/+5
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: models: ensure that backlinks are always readonlyRob van der Linde2-2/+7
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: models: add readonly attribute on fields to exclude it from saveRob van der Linde2-3/+6
There was trouble when saving fields like is system object, these need to be excluded on save. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: models: get_base_dn returns default rather than be abstractRob van der Linde1-2/+1
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: models: add SIDField fieldRob van der Linde1-0/+25
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: models: use correct SDDL for authentication silosRob van der Linde1-2/+2
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-22netcmd: fix typo in groups and computer commandsRob van der Linde2-2/+2
Everywhere else it is using Group's except for one place which makes it obvious this was incorrect. Same goes for Computers's vs Computer's Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member: update docstrings comments and print statements for ↵Rob van der Linde1-6/+6
grant + revoke Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member: update command line options help text for grant + revokeRob van der Linde1-2/+2
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member: rename add and remove commands to grant and revokeRob van der Linde1-5/+5
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member: update model docstrings and exception textRob van der Linde1-5/+5
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member: rename model methods to grant and revokeRob van der Linde2-5/+5
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member: rename exceptions to grant and revokeRob van der Linde2-5/+5
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: models: fix incorrect return type should not be UserRob van der Linde1-1/+1
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: models: Model.query method makes use of Query classRob van der Linde1-25/+5
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: models: add Query class to replace simple generatorRob van der Linde1-0/+81
This allows other methods to be added on top of the Query class like .first() and .one() Sometimes it's useful to raise an exception if 0 rows are returned, while other times it's best to return None. Having a Query class makes it easy to add methods like .one() and .first() to take care of this requirement. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: add auth silo and policy sub-commands to samba-tool userRob van der Linde4-0/+396
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member: Make output consistent with user commandRob van der Linde1-3/+17
* Use print with file=self.outf * Show assigned or unassigned silo Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: model: User model str method returns username not cnRob van der Linde1-0/+4
If the cn is needed then user.cn can be used, this makes it nicer if using {user} in format strings. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member uses consistent output with other commandsRob van der Linde1-4/+4
This also includes always spelling out "authentication silo" or "authentication policy" in full, not just calling it "silo." Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member add and remove should not set assigned_siloRob van der Linde1-10/+2
The Windows tools don't do this either Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: silo member: make use of User.find functionRob van der Linde1-15/+2
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: model: add a find method to User model to avoid repeating codeRob van der Linde1-0/+15
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: model: add missing assigned_policy field on User modelRob van der Linde1-0/+1
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15netcmd: user: PEP8 E303 E305: fix too many or too little blank linesRob van der Linde2-2/+1
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-07 09:02:45 +0000