summaryrefslogtreecommitdiff
path: root/python
AgeCommit message (Collapse)AuthorFilesLines
2024-03-20python: move models out of the netcmd packageRob van der Linde41-40/+38
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-20python: create domain module to move models intoRob van der Linde1-0/+21
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-20netcmd: gmsa: show viewers also works if SID is not foundRob van der Linde1-4/+5
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-20netcmd: gmsa: add and remove don't fetch trustee if it is a SIDRob van der Linde1-10/+10
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-20netcmd: gmsa: add_trustee and remove_trustee change argument to sidRob van der Linde2-7/+10
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-20netcmd: gmsa: fix typo if trustee is not foundRob van der Linde1-2/+2
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-20netcmd: gmsa: create should allow custom SDDLRob van der Linde1-1/+6
gMSA update already supported it but not create Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-20netcmd: models: improve Computer constructor adding "$" handlingRob van der Linde1-8/+29
In some cases the previous code would end up creating computers where the account name ended on double "$" Rewrote constructor to handle more cases, for example only an account name is provided, only a name is provided, or both. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-20netcmd: models: allow scope to be overridden in queryRob van der Linde1-2/+4
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-20netcmd: models: add User.get_sid_for_principal helperRob van der Linde1-0/+17
Unlike User.find, this will not fetch the User if an SID is provided. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-20netcmd: models: User.find also tries object_sidRob van der Linde1-3/+7
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-20python: samdb: Make connecting_user_sid a propertyRob van der Linde2-1/+4
This is following the same design as other similar properties like samdb.domain_sid, only it doesn't need a setter. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-20python: samdb: Move get_connecting_user_sid to samdbRob van der Linde2-2/+6
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-14selftest: Add tests of samba-tool domain export-keytab --keep-stale-entries ↵Andrew Bartlett1-0/+201
behaviour Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14selftest: Add tests for "samba-tool domain exportkeytab" with existing files"Andrew Bartlett1-8/+75
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14samba-tool domain exportkeytab: Raise a proper CommandErrorAndrew Bartlett1-6/+9
This avoids giving just a backtrace for things like exporting a keytab to an existing file. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14samba-tool: Add option --keep-stale-entries to "samba-tool domain exportkeytab"Andrew Bartlett1-2/+7
This will keep stale keys in the keytab, which may be useful for wireshark but is not correct if the keytab is used for accepting Kerberos tickets, as tickets encrypted with old passwords would still be accepted. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14python/tests: Add test that gMSA keytab export works and matches direct ↵Andrew Bartlett1-4/+123
keytab export Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14auth/credentials: Make cli_credentials_get_aes256_key into generic key accessAndrew Bartlett1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14auth/credentials: Use salt on credentials object for Creds.get_aes256_key()Andrew Bartlett1-1/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14samba-tool domain exportkeytab: Add support for -H to point to a different ↵Andrew Bartlett1-2/+10
sam.ldb Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14python: Explain strange enable_net_export_keytab() behaviour is no longer ↵Andrew Bartlett1-2/+2
due Heimdal This code is now common between Heimdal and MIT Kerberos, but can still be missing for builds of "samba-tool" that do not include the whole AD DC. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-12selftest: add tests for "samba-tool user list --locked-only"Jule Anger1-0/+25
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Jule Anger <janger@samba.org> Autobuild-Date(master): Tue Mar 12 10:54:49 UTC 2024 on atb-devel-224
2024-03-12samba-tool: add "samba-tool user list --locked-only"Jule Anger1-1/+12
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-05dsdb: Remove calls to ldb.set_opaque_integer()Andrew Bartlett2-10/+10
This routine will shortly be removed, it is now replaced by an improved ldb.set_opaque() Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-05python/samba/provision: Ensure KDS root key is usable as soon as provision ↵Andrew Bartlett1-1/+11
is complete We do this by setting the start time to being 10 hours 5min earlier than now. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-05selftest: Assert that the provision KDS root key is already valid for useAndrew Bartlett1-2/+12
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-04pytest:samba-tool domain kds root-key: test with normal userDouglas Bagnall1-0/+105
It would be bad if samba-tool let ordinary users read root-key secrets. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Mar 4 03:20:46 UTC 2024 on atb-devel-224
2024-03-04samba-tool: tidy up uncaught insufficient rights LdbErrorDouglas Bagnall1-1/+4
It is likely that many sub-commands will produce a traceback when people go `-H ldap://server -Ubob` when they needed to go `-UAdministrator`. We can catch these and show only the core message. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-03pyldb: Remove unused and broken Python access to LDB module APIAndrew Bartlett1-4/+0
These exposed the private LDB modules API to python, and was untested and broken since LDB was made async internally as it never called ldb_wait() on the result. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: models: Create ClaimType in the model layer insteadRob van der Linde2-27/+51
Having it inside a command isn't very re-usable. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Mar 1 05:52:53 UTC 2024 on atb-devel-224
2024-03-01netcmd: models: ClaimType: move all dunder methods to the top for consistencyRob van der Linde1-3/+3
It's nice to consistently list the __str__ method first and all the dunder methods, then the static methods, then the rest. At least for the models. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: claims: tidy up, avoid setting enabled twiceRob van der Linde1-8/+8
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: models: rename lookup methods to find for consistencyRob van der Linde5-16/+12
There are a mixture of methods called either 'lookup' or 'find'. This dates back to when they raised LookupError, but these now raise NotFound. They should be all called 'find' for consistency. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: models: Rename username to account_name for consistencyRob van der Linde9-56/+56
When creating the User model initially, "username" was the only field that was inconsistently named, it maps to "sAMAccountName". It should really have been account "account_name". There is also a field "account_type" and should be similarly named to "account_name". Basically the naming of fields should always be consistent, breaking the rule for one field only was a mistake. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: models: Add optional base_dn argument to Model.query methodRob van der Linde1-2/+4
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: models: Add Person and OrganizationalPersonRob van der Linde3-5/+44
Move only those fields over that we already had on User that actually belong on Person and OrganizationalPerson There are more fields to add later. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: models: Add a repr method to Query for help in the shellRob van der Linde1-0/+4
This means in the shell you can just do User.query(samdb) without having to wrap it in list() all the time. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: models: Rename method to Query._from_message for consistencyRob van der Linde1-6/+6
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: models: Model.from_message should be internalRob van der Linde2-4/+4
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: silos: silo and auth policy commands use Query class betterRob van der Linde4-24/+18
Since the introduction of the Query class these can be written to be a lot clearer using models. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: silos: silo and auth policy commands use printRob van der Linde4-16/+15
This adds more consistency with newer code added after these commands. But also print seems more flexible and requires no newline characters added constantly which ends up being a bit cleaner. Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: models: move remove trustee code to the GMSA modelRob van der Linde2-6/+13
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: models: move add trustee code to the GMSA modelRob van der Linde2-12/+20
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: tests: add tests for service-account commandsRob van der Linde1-0/+333
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: gmsa: cli commands for managing group msa membershipRob van der Linde2-0/+233
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01netcmd: gmsa: base cli commands for group managed service accountsRob van der Linde3-0/+261
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01python: models: Computer constructor automatically adds "$" to account nameRob van der Linde2-2/+41
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01selftest: aces: fix mutable default args in assemble_aceRob van der Linde1-1/+4
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-03-01selftest: aces: use constant from samba.securityRob van der Linde1-1/+1
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-07 01:21:39 +0000