sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-08 05:57:51 +03:00
Code
136,913 Commits 62 Branches 1,150 Tags
Commit Graph

4730 Commits

Author SHA1 Message Date
Rob van der Linde
ca973caa28 netcmd: models: Model.query adds optional polymorphic flag for returning specific class types 
This defaults to False, query the User class returns only User instances.

    User.query(samdb)

When set to True, query the User class can return User, Computer, ManagedServiceAccount instances.

    User.query(samdb, polymorphic=True)

If polymorphic is False the same records are still returned but records will always be interpreted as the model that is being queried only, rather than a more specific model that matches that object class.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
ccce7e7c03 netcmd: models: ModelMeta needs to also set fields and meta if class is Model 
This is needed for polymorphic query, if querying from the Base model, which was not previously a feature.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
5870035486 netcmd: models: move object_sid field from User to base Model 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
f54cfbea90 netcmd: models: bring Model class forward into module 
This is important for polymorphic query support

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
f8b5f7f592 netcmd: models: ModelMeta no longer needs to inherit from ABCMeta 
There are no more abstract methods since the previous commit, so ABCMeta is no longer needed.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
f90e09a285 netcmd: models: Model.get_object_class returns top instead of None 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
b3cc3ade43 netcmd: models: Query.first and Query.last should use count from instance 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
e41114ad5b netcmd: models: set the default for managed password interval on the model 
This is to avoid having to provide a default in multiple places

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
611403d401 netcmd: models: move group msa membership default to constants 
This means the constant can be imported and used by the tests

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
dccafff1b3 netcmd: shell: show Models subheading 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
14285db482 netcmd: models: make MODELS constant keyed by object class instead 
This helps with polymorphic querying, mapping object class name to model class.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
1d0084673e netcmd: models: move MODELS constant to constants.py to avoid import loop 
query.py and models.py otherwise cause an import loop, query.py needs to import MODELS

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
a547062352 netcmd: models: update docstring of Computer.find method 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
6834a1bdc9 netcmd: models: gmsa move find method to Computer model 
The find method is the same as the find method from the User model, with the exception of adding "$".

This means it is actually logic that belongs in the parent class of GroupManagedServiceAccount, which is Computer.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
e1d61746c3 netcmd: models: gmsa GroupManagedServiceAccount inherits from Computer 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
1cd7cf6680 netcmd: models: gmsa move GroupManagedServiceAccount model to gmsa.py 
It needs to inherit from the Computer model, the Computer model also inherits from User.

First, moving it to its own file from user.py to gmsa.py

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
84c721ec4a netcmd: models: gmsa trustees update docstring and incorrect return type 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
c8857abb74 netcmd: models: gmsa trustees property only looks at allowed aces 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
f5c6a42d97 netcmd: models: make GroupManagedServiceAccount.trustees a property 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
cd395558b0 netcmd: models: avoid fetching each user in trustees method 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
cf110742af netcmd: models: Remove unused groups_sddl method from User model 
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Rob van der Linde
4e31942d1f netcmd: models: add default SDDL to group_msa_membership 
LA can be used for the administrator and Windows will expand that on save, making the group_sddl method redundant.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 04:45:36 +00:00
Douglas Bagnall
d6bfd26049 pytests: samba-tool domain kds root_key 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar  1 01:27:30 UTC 2024 on atb-devel-224
 2024-03-01 01:27:30 +00:00
Douglas Bagnall
d0234391a8 samba-tool: add samba-tool domain kds root_key delete 
For deleting root keys.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-03-01 00:19:45 +00:00
Douglas Bagnall
710093dc27 samba-tool: add samba-tool domain kds root_key create 
For making new root keys.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-03-01 00:19:45 +00:00
Douglas Bagnall
ee1e9f1fb2 samba-tool: add samba-tool domain kds root_key view 
This is for looking at one root key. There isn't much to know.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-03-01 00:19:45 +00:00
Douglas Bagnall
a92699cda0 samba-tool: add samba-tool domain kds root_key list 
This lists root keys, in descending chronological order according to the
use_start_toime attribute. That's becuase you usually only care about
the newest one.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-03-01 00:19:45 +00:00
Douglas Bagnall
884d40ca16 samba-tool: don't error if there are no sub-commands 
This is useful when you commit samba-tool tests before you commit the
samba-tool code, and you want the tests to fail rather than error.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-03-01 00:19:45 +00:00
Douglas Bagnall
79342a8411 provision: add a default root key 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-03-01 00:19:45 +00:00
Douglas Bagnall
53bf56c62b pytest:dsdb: check that there is a gkdi root key 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-03-01 00:19:45 +00:00
Douglas Bagnall
c6208a3b0e pytest:gkdi: shift create_root_key into a function 
This is so the samba-tool domain kds root_key tests can use it as a
function.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-03-01 00:19:45 +00:00
Douglas Bagnall
e1ab10b1fc pytest:samba-tool: add a flag to print more in runcmd 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-03-01 00:19:45 +00:00
Douglas Bagnall
ae0f38c319 samba-tool user delete: use account type constant 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-03-01 00:19:45 +00:00
Douglas Bagnall
e5efa21746 samba-tool domain: add LDB Result to json encoders 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-03-01 00:19:45 +00:00
Douglas Bagnall
17dbaf4d33 python:samdb: wrapper for _dsdb_create_gkdi_root_key() 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-03-01 00:19:45 +00:00
Douglas Bagnall
214ac139d8 samba-tool domain kds root_key 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-03-01 00:19:45 +00:00
Douglas Bagnall
327f5dc4e5 samba-tool domain kds: add root key sub-command 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-03-01 00:19:45 +00:00
Douglas Bagnall
fbd9740272 samba-tool domain: add kds sub-branch 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-03-01 00:19:45 +00:00
Andrew Bartlett
02f18a88da selftest: Ignore msKds-DomainID in ldapcmp_restoredc.sh and samba.tests.domain_backup_offline 
Like serverReferenceBL etc, this will point to a DC that created the object, and
as part of the backup and restore, this DC will be deleted.  It is just for
tracking the object creation, so this is fine.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2024-03-01 00:19:45 +00:00
Andrew Bartlett
0c1ac19776 samba-tool user getpassword: Clarify success wording 
It may be the case that there was no password, or read access to the
password was not permitted.  The structure of the code and the pattern
in LDIF that missing information is simply returned as missing
attributes makes it hard to detect and communicate a clear
error here, particularly as an error may not be wanted if
(say) pwdLastSet is queried on a gMSA that we can not read.

So we just make the string to indicate, as I think it was meant,
that the tool ran to compleation.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 29 05:07:45 UTC 2024 on atb-devel-224
 2024-02-29 05:07:45 +00:00
Douglas Bagnall
00daa520ce python/nt_time: have a go at using 1_000_000 number separators. 
I noticed these are available in Python 3.6+, which is what we support,
and they're arguably nicer than using exponentiation.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-02-29 04:01:40 +00:00
Douglas Bagnall
d3d87aee2a python:nt_time: add a nt_now() function 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-02-29 04:01:40 +00:00
Douglas Bagnall
33a8ae1748 python:nt_time: add string_from_nt_time 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-02-29 04:01:40 +00:00
Douglas Bagnall
60022ed55f py:nt_time: add nt_time_from_string() 
This is for samba-tool, which could do with a common understanding of
time strings across various sub-tools.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-02-29 04:01:40 +00:00
Douglas Bagnall
8cf9d4cae1 pytest:audit_log_base: use string_is_guid() 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-02-29 04:01:40 +00:00
Douglas Bagnall
6d087d1d29 pytest:auth_log_base: use string_is_guid() 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-02-29 04:01:40 +00:00
Douglas Bagnall
0fe263a56d pylibs: add string_is_guid() helper. 
In various places we use regular expressions to check for GUID-ness,
though typically we don't match GUIDs with uppercase hex digits when
we really should.

If we centralise the check, we have more chance of getting it right.

Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 29 02:38:07 UTC 2024 on atb-devel-224
 2024-02-29 02:38:06 +00:00
Douglas Bagnall
7b089e1206 samba-tool: with --json, error messages are in JSON 
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-02-29 01:31:31 +00:00
Douglas Bagnall
1f128fee27 samba-tool: instances remember whether --json was requested 
All our subcommands are going to learn --json eventually, and they
shouldn't all have to do this individually.

The next commit uses this to automatically format CommandErrors as JSON.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-02-29 01:31:31 +00:00
Douglas Bagnall
542ba5cbd5 samba-tool: add self.print_json_status() helper 
This is a helper to return JSON for simple messages.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2024-02-29 01:31:31 +00:00