1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

4674 Commits

Author SHA1 Message Date
Andrew Bartlett
380c80b4d6 samba-tool user getpassword: Do not show preview of gMSA password
The AD server will send a preview of the next gMSA password, 5mins before
it is expected to be active.

This is useful in a keytab, which needs to be in place before a ticket
could possibly be issued, but is not helpful for authentication, as
the server also accepts passwords for 5mins after the change.

This avoids needing teach all users of this tool how to fall back to
the previous password for a 5min period every 30 days, by default.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-02-29 01:31:31 +00:00
Andrew Bartlett
009a4706d2 python/samba/tests/krb5: Expect SID_FRESH_PUBLIC_KEY_IDENTITY (only) when PKINIT freshness used
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-28 03:44:37 +00:00
Jo Sutton
4b0f3f3d10 python: Fail the test if we don’t receive an NTSTATUSError
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-27 01:11:37 +00:00
Jo Sutton
3e342e2d37 tests/krb5: Move assertLocalSamDB() into RawKerberosTest
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-27 01:11:37 +00:00
Jo Sutton
df475fbc2f tests/krb5: type hinting
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-27 01:11:37 +00:00
Andrew Bartlett
69c3044a72 python/tests: Use TestCaseInTempDir rather than "private dir" for exported keytab
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-27 01:11:37 +00:00
Andrew Bartlett
a1d7af2485 python/tests: Convert dckeytab test to use new NDR keytab parser
This is much nicer than reading strings out of the binary file.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-27 01:11:37 +00:00
Andrew Bartlett
2e230f728e python/tests: Add test for new krb5 keytab parser
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-27 01:11:37 +00:00
Andrew Bartlett
9a5cc12042 python/samba/samdb: Only do caching of well known DNs in dbcheck
The fact that get_wellknown_dn() returned a cached DN that could
not be modified safely was unexpected, particularly given that
other similar routines did not do that.

The use case given at the time this was written by
Matthieu Patou in 6122acad0f
was dbcheck, so move the cache there, and name it clearly.

dbcheck is the only case that uses this rotuine in an inner
loop.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-27 01:11:37 +00:00
Andreas Schneider
e4c3c61302 python:gp: Implement client site lookup in site_dn_for_machine()
This is [MS-GPOL] 3.2.5.1.4 Site Search.

The netr_DsRGetSiteName() needs to run over local rpc, however we do not
have the call implemented in our rpc_server. What netr_DsRGetSiteName()
actually does is an ldap query to get the sitename, we can just do the
same.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15588

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Feb 26 08:06:08 UTC 2024 on atb-devel-224
2024-02-26 08:06:08 +00:00
Jo Sutton
8fe5765822 python:tests: Remove unused imports
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-16 02:41:36 +00:00
Jo Sutton
2748466ec6 python: Reformat nt_time.py
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-16 02:41:36 +00:00
Jo Sutton
22c6629e16 samba-tool: Display friendlier error message if no password is available
‘samba-tool user get-kerberos-ticket’ is supposed to display an error
message if no password is available. However, the conditions for which
the message is displayed are impossible to be met. If ‘utf16_pw’ is not
None, the message is not displayed; if ‘utf16_pw’ *is* None, ‘nt_pass’
is assigned with a samr.Password object, which is not None — and so the
message is still not displayed.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-16 02:41:36 +00:00
Jo Sutton
75ca027f61 python:tests: Pass correct arguments to set_named_ccache()
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-16 02:41:36 +00:00
Jo Sutton
678ed54e78 python:tests: Fix code spelling
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-16 02:41:36 +00:00
Jo Sutton
b2215aaee0 python:tests: Produce more helpful error message for future GKIDs
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-16 02:41:36 +00:00
Rob van der Linde
b401502c55 netcmd: models: add GroupManagedServiceAccount model
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-16 02:41:36 +00:00
Rob van der Linde
5e52e211a9 netcmd: models: add missing fields to User model
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-16 02:41:36 +00:00
Rob van der Linde
b31cdb0398 netcmd: models: add missing enum fields to Group model
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-16 02:41:36 +00:00
Rob van der Linde
16e1ea9bf5 netcmd: models: make Group.system_flags a flags based EnumField
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-16 02:41:36 +00:00
Rob van der Linde
5165d54da4 netcmd: models: add Computer model subclass of User
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-16 02:41:36 +00:00
Rob van der Linde
128a5cf087 netcmd: models: stop using LookupError exception and change it to NotFound
LookupError is a base class for IndexError and KeyError and isn't really the appropriate exception.

NotFound inherits from ModelError just like the other model exceptions.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-16 02:41:36 +00:00
Rob van der Linde
0a3da8dccd netcmd: models: rename DoesNotExist exception to NotFound
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-16 02:41:36 +00:00
Rob van der Linde
73c44e96dd netcmd: models: SDDLField move line down where it gets used
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-16 02:41:36 +00:00
Rob van der Linde
63064d4c9f netcmd: models: SDDLField parses to object instead of string
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-16 02:41:36 +00:00
Rob van der Linde
9ca05ec28c netcmd: delegation: don't use assert but raise CommandError
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-16 02:41:36 +00:00
Rob van der Linde
6d7ad27865 netcmd: delegation: initial value not required because of raise below
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-16 02:41:36 +00:00
Rob van der Linde
ec6fb98b4a netcmd: delegation: move line down where it gets used
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-16 02:41:36 +00:00
Rob van der Linde
1608dde944 netcmd: delegation: pep8 fix blank lines
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-16 02:41:36 +00:00
Rob van der Linde
68092f85fa netcmd: bugfix: json encoder failed to call super method
This lead to a strange recursion error when a field came up that the JSONEncoder couldn't encode.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-16 02:41:36 +00:00
Rob van der Linde
ea63b058fc netcmd: json encoder supports security descriptor objects
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-16 02:41:36 +00:00
Rob van der Linde
de8b61cbbe netcmd: support hyphens in top-level commands and convert to underscore
Hyphens in python modules are invalid and makes them only importable by importlib, which makes them harder to import in tests.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-02-16 02:41:36 +00:00
Rob van der Linde
a3641b323b netcmd: models: mark some hidden fields on the base Model as readonly
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Rob van der Linde
dcb3dd5914 netcmd: models: tests: add tests for NtTimeField
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Rob van der Linde
37855511f6 netcmd: models: add new NtTimeField model field
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Rob van der Linde
4c08b420dd netcmd: models: model field DateTimeField returns datetime in UTC
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Rob van der Linde
10ef49b049 netcmd: models: move enum import to correct place
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Rob van der Linde
21667b9b51 netcmd: models: fix build_expression on SIDField handles security.dom_sid
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Rob van der Linde
cbcc8039d1 netcmd: models: fix build_expression did not work with EnumField
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Rob van der Linde
9bd7a56364 netcmd: models: fix BooleanField filtering didn't work on FALSE value
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Rob van der Linde
e11aa29ef8 netcmd: models: move expression code to Field class
This is necessary to deal with edge cases for specific fields.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Rob van der Linde
d8251cc0ea netcmd: models: add AccountType enum to User model
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Rob van der Linde
884b24dc6d netcmd: models: add AccountType IntFlag field
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Rob van der Linde
4595a1dae3 netcmd: models: EnumField now also supports IntFlag
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Rob van der Linde
3c8d449ad3 netcmd: models: check for None in build_expression instead
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Rob van der Linde
c2b63fe85e netcmd: models: change import style to use brackets
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Rob van der Linde
d046f71878 netcmd: models: enums and constants also brought forward
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Rob van der Linde
05f90fe1e4 netcmd: models: fix docstring was missing param
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Jo Sutton
d6fe66ddee python: Remove ‘typing.Final’
This is only present in Python 3.8 and above.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15575

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00
Rob van der Linde
ecc84aa448 python: do not make use of typing.Final for python 3.6
Python 3.6 does not have typing.Final yet

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15575

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-02-08 02:48:44 +00:00