1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

872 Commits

Author SHA1 Message Date
Rob van der Linde
5949adab16 netcmd: user: turn user.py into module netcmd.user
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-04 04:31:37 +00:00
Rob van der Linde
3cf81e98f3 netcmd: sites: make use of ldb_connect from base class
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-19 03:31:30 +00:00
Rob van der Linde
752eae68c2 netcmd: add list and view commands for sites and subnets
* samba-tool sites list
* samba-tool sites view
* samba-tool sites subnet list
* samba-tool sites subnet view

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-19 03:31:30 +00:00
Rob van der Linde
b9d01c6420 netcmd: add Subnet and Site models
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-19 03:31:30 +00:00
Stefan Metzmacher
85080ba9ea ldapcmp: also ignore operatingSystem similar to operatingSystemVersion
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-19 03:31:30 +00:00
Joseph Sutton
539cd51600 netcmd: domain: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-06-26 11:10:31 +00:00
Joseph Sutton
7818680531 netcmd: domain: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-25 23:29:32 +00:00
Rob van der Linde
0cfa7f6cff netcmd: domain: add error handling to domain claims commands
Similar to the auth commands commit prior to this.

Where we wre catching LdbError before we now catch ModelError, all
exceptions that are known and handled in the model layer will have a
user-friendly error message.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
76ca95db6b netcmd: domain: add error handling to domain auth commands
Where we wre catching LdbError before we now catch ModelError, all
exceptions that are known and handled in the model layer will have a
user-friendly error message.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
ca4e36d17a netcmd: domain: add model exceptions and error handling
* Only handle what we know, otherwise raise the existing LdbError
* Cutom messages added in the model layer so we don't have to do it in
  the commands themselves

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
b00761da1d netcmd: domain: model stores ldb message for save
The message is stored in self._apply which also gets called by
self.refresh()

This is the better thing to do than fetching in save.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
8311284224 netcmd: domain: silo member add and remove does not write whole list
Writing the whole list at once can lead to data loss if multiple
administrators are doing this at the same time.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
705e65c16e netcmd: domain: remove parse_guid and parse_text as they are no longer used
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
daac480eb7 netcmd: domain: claims: base class is no longer required
base.py has been removed as this has all been moved to the model layer

as the auth commands ldb is now just a local variable

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
bb0ab7b241 netcmd: domain: claims: move claim value type lookup by attribute to model
Also, there was no need for the cached property previously in the
command, as the command only calls this once.

Fetching all value types seems excessive now with the new model layer,
we just fetch the one we need and get a model object back.

Use the method lookup, it's consistent with the rest, and raise either
LookupError or ValueError.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
61ee26ade9 netcmd: domain: claims: make use of AttributeSchema and ClassSchema models
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
44aaba8a82 netcmd: domain: add models for ClassSchema and AttributeSchema
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
3ecea860aa netcmd: auth silos: remove base class
There is no point to the base class anymore.

And since the model layer has dramatically simplified the code in the
commands, ldb can just be a local variable.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
df5e6045fa netcmd: move get_policy method from base class to the model
There isn't much left of the base class, the next thing is to remove
it.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
2842ed824a netcmd: move method print_json to command base class
This is used in quite a few commands, move to base class.

This ensures the correct encoder class and settings are always used,
and they are only defined in one place.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
15440c6d6b netcmd: fix import sort/grouping as per python standard
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
3da5be0b8f netcmd: move ldb_connect method to base class
This method is needed by just about every command and moving it here
is another step towards elinimanting the base classes in domain/auth
and domain/claim.

The base classes are almost empty now, since introducing the model
layer. The next step is to get rid of these base classes completely.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
d558b20ed1 netcmd: PEP257 fix incorrect docstring quotes
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
b6fda29fc7 netcmd: domain: claims: use consistent naming for options
The name of the option should be the same as the attribute name.

You can still tell where it's being used (display_name), especially
now with the model layer:

    ClaimType.get(ldb, display_name=name)

The silo commands tend to use the `cn` field, while the claims
commands use the `displayName` field, but the option is always called
`name` for consistency.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
b3fac344a3 netcmd: domain: claim commands use the model layer
This makes it consistent with the auth silo code, both should now make
use of the models.

Claims commands are now using the model layer with one exception and
that is the get_attribute_from_schema and get_class_from_schema
methods in the base class.

These will be made into models in another commit.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
40da71fe9c netcmd: domain: fix claims constant name was wrong should be claim type CN
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
3df634e752 netcmd: domain: add authentication silo commands
Authentication policies:

 * samba-tool domain auth policy list
 * samba-tool domain auth policy view
 * samba-tool domain auth policy create
 * samba-tool domain auth policy modify
 * samba-tool domain auth policy delete

Authentication silos:

 * samba-tool domain auth silo list
 * samba-tool domain auth silo view
 * samba-tool domain auth silo create
 * samba-tool domain auth silo modify
 * samba-tool domain auth silo delete

Authentication silo members:

 * samba-tool domain auth silo member list
 * samba-tool domain auth silo member add
 * samba-tool domain auth silo member remove

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
3a0160ae94 netcmd: add domain models and basic model layer
The ORM is somewhat inspired by Django, but it has some key
differences that make it work better with the Ldb database.

A field can be a singular value or a list, so a BooleanField can
either be True, or [True, False, True], or None.

The only thing that many=True does is say that the field "prefers" to
be a list, but really any field can be a list. For example when
creating a new object, it initialises the field as an empty list
rather than None if many=True.

When saving an object, if it is an update operation, only write the
fields that have actually changed.

When updating an object, any fields that are unset (set to None, or an
empty list) will be treated as a REMOVE operation.

Note that silo members should not be saved this way, writing the whole
list can lead to data loss if multiple admins are saving the silo at
the same time. Silo members will need to be handled differently, just
removing one member but not writing the whole list.

Unlike Django, there is no .objects class, instead there are a bunch
of static methods for querying:

  * Model.get
  * Model.query
  * Model.create
  * Model.get_or_create

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
d01cd64da2 netcmd: add custom json encoder for object type fields
The custom JSONEncoder class is also capable of encoding Dn objects to
str, and any object that has a __json__ method.

The __json__ method is not an official dunder method, but this has
been used by other frameworks too (like Pyramid).

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Rob van der Linde
1a5184e404 netcmd: add optparse validators and Range validator
Add the ability to the add validators to optparse Option fields.

The Option class was already subclassed in `netcmd/__init__.py` so
adding some functionality to this was relatively easy.

Added the ability to add Validator classes to a field so that this can
be used for anything else in the future, but for now there is a Range
validator required by upcoming auto silo commands.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-06-25 23:29:32 +00:00
Andreas Schneider
e046986d04 python:samba:netcmd: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-23 13:44:31 +00:00
Stefan Metzmacher
16b9b508af samba-tool/ntacl: implement set --recursive
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 23:24:37 +00:00
Stefan Metzmacher
27b29cfa76 samba-tool/ntacl: add set --verbose and print out the file/directory name
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 23:24:37 +00:00
Stefan Metzmacher
6327fd9cdb samba-tool/ntacl: don't announce -q,--quiet in --help as it's not used at all
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 23:24:37 +00:00
Stefan Metzmacher
4ca5b78f5b samba-tool/ntacl: let changedomsid ignore symlinks
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 23:24:37 +00:00
Björn Baumbach
0e9f1eec5a samba-tool: print default (domain) for --dns-directory-partition option in help message
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 23:24:37 +00:00
Stefan Metzmacher
205ee77c2f samba-tool: let 'domain level raise' call check_and_update_fl() in a transaction
This makes it possible to raise the levels without starting
'samba' first, which is very useful for blackbox tests.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 19:08:37 +00:00
Stefan Metzmacher
3724ae3e10 samba-tool: move some parts of 'domain level [show|raise]' in to subfunctions
This will make it easier to use transactions in the following changes...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 19:08:37 +00:00
Stefan Metzmacher
e92988ec94 samba-tool: move some parts of 'domain level [show|raise]' in to try/except
This just adds indentation for now, the following changes will
add transactions...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 19:08:37 +00:00
Stefan Metzmacher
ea2712336b samba-tool: let 'domain level raise --domain-level' use the correct crossRef dn
We should not rely on lp.get('workgroup')...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 19:08:37 +00:00
Stefan Metzmacher
f9f9771a55 samba-tool: check for invalid 'domain level' subcommands first
This will simplify further changes...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 19:08:37 +00:00
Andrew Bartlett
1b1895a0d8 samba-tool: Fix missing import for "domain level raise --forest-level=2016"
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-06-21 19:08:37 +00:00
Björn Baumbach
6640cf5e32 samba-tool: add new --dns-directory-partition option to dns zonecreate command
The new --dns-directory-partition chooses the directory partition for
the new zone - "domain" or "forest". Defaults to the current default
"domain".

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 16 21:23:28 UTC 2023 on atb-devel-224
2023-06-16 21:23:28 +00:00
Joseph Sutton
234be6b0dd samba-tool ou: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-14 22:57:35 +00:00
Joseph Sutton
d93e340b80 samba-tool ou: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-14 22:57:35 +00:00
Joseph Sutton
0743e11d46 samba-tool: Fix typo
Found by Rob van der Linde <rob@catalyst.net.nz>.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-14 22:57:35 +00:00
Joseph Sutton
2641b4a20e samba-tool domain: Handle new NBT_SERVER_* flags
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-29 22:32:28 +00:00
Joseph Sutton
0d609ee5ed samba-tool domain: Clean up code
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-18 01:03:37 +00:00
Joseph Sutton
56d98e974c samba-tool domain: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-18 01:03:37 +00:00
Joseph Sutton
f1281b80c1 samba-tool domain: Run in interactive mode if no args are supplied
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15363

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-16 23:29:32 +00:00