From: Rob van der Linde <rob@catalyst.net.nz>
Date: Fri, 23 Feb 2024 05:02:56 +0000 (+1300)
Subject: netcmd: models: move group msa membership default to constants
X-Git-Tag: tdb-1.4.11~1581
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=611403d4013a679e08e6fa24edbfea7aac9616ed;p=thirdparty%2Fsamba.git

netcmd: models: move group msa membership default to constants

This means the constant can be imported and used by the tests

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
---

diff --git a/python/samba/netcmd/domain/models/constants.py b/python/samba/netcmd/domain/models/constants.py
index d1b3cc133be..aa1b0307445 100644
--- a/python/samba/netcmd/domain/models/constants.py
+++ b/python/samba/netcmd/domain/models/constants.py
@@ -23,3 +23,6 @@
 # Keeps track of registered models.
 # This gets populated by the ModelMeta class.
 MODELS = {}
+
+# Default SDDL for GroupManagedServiceAccount msDS-GroupMSAMembership field.
+GROUP_MSA_MEMBERSHIP_DEFAULT = "O:BAD:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;LA)"
diff --git a/python/samba/netcmd/domain/models/gmsa.py b/python/samba/netcmd/domain/models/gmsa.py
index f742ae857ad..49f147e72aa 100644
--- a/python/samba/netcmd/domain/models/gmsa.py
+++ b/python/samba/netcmd/domain/models/gmsa.py
@@ -24,6 +24,7 @@ from samba.dcerpc import security
 from samba.dsdb import DS_GUID_MANAGED_SERVICE_ACCOUNTS_CONTAINER
 
 from .computer import Computer
+from .constants import GROUP_MSA_MEMBERSHIP_DEFAULT
 from .exceptions import FieldError
 from .fields import BinaryField, EnumField, IntegerField, SDDLField, StringField
 from .types import SupportedEncryptionTypes
@@ -34,7 +35,7 @@ class GroupManagedServiceAccount(Computer):
     managed_password_interval = IntegerField("msDS-ManagedPasswordInterval")
     dns_host_name = StringField("dNSHostName")
     group_msa_membership = SDDLField("msDS-GroupMSAMembership",
-                                     default="O:BAD:(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;LA)")
+                                     default=GROUP_MSA_MEMBERSHIP_DEFAULT)
     managed_password_id = BinaryField("msDS-ManagedPasswordId",
                                       readonly=True, hidden=True)
     managed_password_previous_id = BinaryField("msDS-ManagedPasswordPreviousId",