auth/credentials: Add hook to set credentials from msDS-ManagedPassword blob

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

s4-libnet: Pass the full struct smb_krb5_context to sdb_kt_copy()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

auth/credentials: Dynamically calculate the salt principal (unless speccified)

This helps pull the salt principal calculation into a single spot.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

auth/credentials: Use salt on credentials object for Creds.get_aes256_key()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

auth/credentials: Add bindings for getting and setting the salt principal

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

s4-libnet: Provide hint for "samba-tool domain exportkeytab" if used over LDAP without gMSA

Only gMSA accounts, and only for authoriszed users, can export be exported without
local sam.ldb access.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

Make "samba-tool domain exportkeytab" prune old keys

This slowly prepares this to be an update tool, not just a one-off export tool

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

s4-auth/kerberos: Rename create_keytab() to smb_krb5_fill_keytab()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

s4-auth/kerberos: Add define ENC_STRONG_SALTED_TYPES

This allows us to mask out RC4 and insist on the modern AES types
where that makes sense.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

s4-auth/kerberos: Remove unused paremters to create_keytab()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

samba-tool domain exportkeytab: Add support for -H to point to a different sam.ldb

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

libnet: Prepare to allow "samba-tool domain exportkeytab to support -H

We need to allow a samdb to be passed from the python to support
using a specific DB or remote server for gMSA passwords.

The gMSA passwords will not use this code, but we need to be
consistant.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

python: Explain strange enable_net_export_keytab() behaviour is no longer due Heimdal

This code is now common between Heimdal and MIT Kerberos, but can still be missing
for builds of "samba-tool" that do not include the whole AD DC.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

packaging: Provide a systemd service file for samba-bgqd

There might be scenarios where the background queue daemon should be
running all the time instead of being started on demand. This makes
especially sense for bigger printing servers with a lot of printers. It
takes ~1 sec to get a printer from cups, so a print server with 100
printers needs 100 seconds to update the printer_list.tdb. The service
will be killed because of idle in the meantime.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15600

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Mar 14 12:19:56 UTC 2024 on atb-devel-224

s3/smbd: If we fail to close file_handle ensure we should reset the fd

if fsp_flags.fstat_before_close == true then close_file_smb will call
vfs_stat which can fail. If it does fail then the fd associated
with the file handle will still be set (and we will hit an assert
is the file handle destructor) when calling file_free.
We need to set fd to -1 to avoid that. To achieve that we capture and
return the vfs_stat_fsp failure status while still processing the rest
of the fd_close logic.

[2024/02/20 09:23:48.454671,  0, pid=9744] ../../source3/smbd/smb2_close.c:226(smbd_smb2_close)
  smbd_smb2_close: close_file[]: NT_STATUS_ACCESS_DENIED
[2024/02/20 09:23:48.454757,  0, pid=9744] ../../source3/smbd/fd_handle.c:40(fd_handle_destructor)
  PANIC: assert failed at ../../source3/smbd/fd_handle.c(40): (fh->fd == -1) || (fh->fd == AT_FDCWD)
[2024/02/20 09:23:48.454781,  0, pid=9744] ../../lib/util/fault.c:178(smb_panic_log)
  ===============================================================
[2024/02/20 09:23:48.454804,  0, pid=9744] ../../lib/util/fault.c:185(smb_panic_log)
  INTERNAL ERROR: assert failed: (fh->fd == -1) || (fh->fd == AT_FDCWD) in smbd (smbd[192.168.10) (client [192.168.100.15]) pid 9744 (4.21.0pre1-DEVELOPERBUILD)
[2024/02/20 09:23:48.454844,  0, pid=9744] ../../lib/util/fault.c:190(smb_panic_log)
  If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
[2024/02/20 09:23:48.454869,  0, pid=9744] ../../lib/util/fault.c:191(smb_panic_log)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Mar 13 10:34:45 UTC 2024 on atb-devel-224

smbd: simplify handling of failing fstat() after unlinking file

close_remove_share_mode() already called vfs_stat_fsp(), so we can skip the
fstat() triggered in fd_close() by fsp->fsp_flags.fstat_before_close being true.

This avoids getting an EACCESS error when doing an fstat() on the removed file
which seems to happen with some FUSE filesystems.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

ctdb: Remove an unnecessary cast

nl->srvid is uint64_t, as is the srvid parameter of ctdb_daemon_send_message()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Mar 13 08:43:16 UTC 2024 on atb-devel-224

smbd: Fix a DBG message

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

smbd: Avoid a ZERO_STRUCT() with direct struct initialization

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Mar 12 14:33:14 UTC 2024 on atb-devel-224

tools: Fix whitespace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: Fix and modernize a few DBG statements

There were still a few function names in DBGs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: Give smbXsrv_session.c its own header file

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

vfs: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth: Simplify smb_krb5_send_to_kdc_state_destructor()

Replace a call to dbwrap_fetch_locked() with the higherlevel
dbwrap_delete().

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: Fix a comment

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbXsrv_version: Use a struct assignment

Make sure everything is initialized

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbXsrv_version: Remove unused smbXsrv_version_global0->db_rec

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbXsrv_version: Use a struct assignment instead of ZERO_STRUCT

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbXsrv_version: Modernize DEBUG statements

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib: Simplify _hexcharval

Saves a few bytes and conditional jumps

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: Add parentheses for easier readability

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

torture: Fix an error message

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib: Simplify copy_unix_token()

Avoid an else with implicit NULL initialization

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libsmb: Simplify an if-condition

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib: Make GUID_to_ndr_buf() return void

The whole point of struct GUID_ndr_buf is that this never fails.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: Remove get_Protocol()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: Remove the last use of get_Protocol()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: Add conn_protocol()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: Modernize a DEBUG statement

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: Simplify fsp_fullbasepath()

snprintf deals well with NULL/0 buffers. Basically this undoes
6555fa9d8fbc and 193df617. 6555fa9d8fbc gave cppcheck as a reason for
this patch, but if I look into susv4's snprintf definition I find:

If n is zero, nothing shall be written and s may be a null pointer.

This removes the checks and makes sure we fulfill the requirement of
susv4 that states that buf can only be NULL if buflen is 0.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: Remove unused declarations in smbXsrv.idl

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: add tests for "samba-tool user list --locked-only"

Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Tue Mar 12 10:54:49 UTC 2024 on atb-devel-224

samba-tool: add "samba-tool user list --locked-only"

Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libgpo: Do not segfault if we don't have a valid security descriptor

Program received signal SIGSEGV, Segmentation fault.
ndr_push_security_descriptor (ndr=ndr@entry=0x555555bf41b0, ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at librpc/gen_ndr/ndr_security.c:713
713 NDR_CHECK(ndr_push_security_descriptor_revision(ndr, NDR_SCALARS, r->revision));

Thread 1 (Thread 0x7ffff7ece740 (LWP 21460) "python3"):
 #0  ndr_push_security_descriptor (ndr=ndr@entry=0x555555bf41b0, ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at librpc/gen_ndr/ndr_security.c:713
        _flags_save_STRUCT = 0
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        __FUNCTION__ = "ndr_push_security_descriptor"
 #1  0x00007ffff617237f in ndr_push_struct_blob (blob=blob@entry=0x7fffffffdb20, mem_ctx=0x555555aa3bd0, p=0x0, fn=0x7ffff6074ad0 <ndr_push_security_descriptor>, fn@entry=0x7ffff60706c8 <ndr_push_security_descriptor@plt>) at ../../librpc/ndr/ndr.c:1438
        _status = <optimized out>
        ndr = 0x555555bf41b0
 #2  0x00007ffff607cccf in marshall_sec_desc (mem_ctx=<optimized out>, secdesc=<optimized out>, data=data@entry=0x7fffffffdb80, len=len@entry=0x7fffffffdb78) at ../../libcli/security/secdesc.c:241
        blob = {data = 0x7fffffffdb40 "`\333\377\377\377\177", length = 140737352374299}
        ndr_err = <optimized out>
        __FUNCTION__ = "marshall_sec_desc"
 #3  0x00007ffff29edd94 in GPO_marshall_get_sec_desc_buf (self=<optimized out>, args=<optimized out>, kwds=<optimized out>) at ../../libgpo/pygpo.c:119
        gpo_ptr = <optimized out>
        status = <optimized out>
        data = 0x0
        len = 0

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15599

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar  6 15:44:19 UTC 2024 on atb-devel-224

libgpo: Fix trailing spaces in pygpo.c

Reviewed-by: David Mulder <dmulder@samba.org>

ctdb-scripts: Remove usage of releaseip-pre, takeip-pre pseudo-events

These were generated by 06.nfs.script.

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Mar  6 07:09:06 UTC 2024 on atb-devel-224

ctdb-scripts: Remove unnecessary 06.nfs.script

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-doc: Put NFS in grace on startipreallocate

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-doc: Factor out grace period function

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-client: Remove unused function

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-scripts: Add handling for startipreallocate

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb: send a CTDB_SRVID_START_IPREALLOCATE message after CTDB_EVENT_START_IPREALLOCATE

Event scripts run the "start_ipreallocate" hook in order to notice
that some ip addresses in the cluster potentially changed.

CTDB_SRVID_START_IPREALLOCATE gives C code a chance to get notified as well
once the event scripts are finished.

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-takeover: Use CTDB_CONTROL_START_IPREALLOCATE

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-server: Implement CTDB_CONTROL_START_IPREALLOCATE

Trigger a "startipreallocate" event, but only if in RUNNING runstate.
"startipreallocate" is intended to allow an NFS server to be put into
grace on all nodes before any locks are released as part of releaseip
during failover.  If node A is leader and initiates a takeover run
then node B may be connected/active but may not have completed
startup.  In this case, the attempt to put NFS-Ganesha into grace on
node B will fail, startipreallocate will fail, and the node will be
banned.

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-protocol: Add new control CTDB_CONTROL_START_IPREALLOCATE

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-daemon: Implement startipreallocate event

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-protocol: Add new event startipreallocate

A new event is needed for NFS lock reclaim to ensure all nodes are in
grace before any locks are released. This event must take place before
releaseip.

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-common: Remove old runstate/string translation functions

The canonical versions are in protocol utils.

These were unused apart from some stray forward declarations in
tools/ctdb.c and a single call in ctdb_set_runstate(), where
ctdb_runstate_to_string() can be used instead.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-common: Remove unused variable ctdb_eventscript_call_names.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-daemon: Use ctdb_event_to_string()

ctdb_eventscript_call_names() will be dropped so the mapping between
events and strings is only maintained in one place.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

lib/ldb-samba: Remove unused ldb.set_opaque_integer()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar  5 03:55:33 UTC 2024 on atb-devel-224

dsdb: Remove calls to ldb.set_opaque_integer()

This routine will shortly be removed, it is now replaced by an
improved ldb.set_opaque()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

lib/ldb-samba: Align py_ldb_set_opaque_integer() with pyldb_set_opaque() and use "unsigned long long"

We need to change the internal types assumed in Samba for the opaque
integers to "unsigned long long" as this is what ldb.set_opaque() will
create, and we want to move to this interface rather than have a
duplicate.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

lib/ldb: Allocate opaque on ldb_ctx

Just in case this LDB is given away into the C code, that opaque must live
as long as the LDB itself, not the python wrapper object.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

python/samba/provision: Ensure KDS root key is usable as soon as provision is complete

We do this by setting the start time to being 10 hours 5min earlier
than now.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

selftest: Assert that the provision KDS root key is already valid for use

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

pytest:samba-tool domain kds root-key: test with normal user

It would be bad if samba-tool let ordinary users read root-key secrets.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar  4 03:20:46 UTC 2024 on atb-devel-224

samba-tool: tidy up uncaught insufficient rights LdbError

It is likely that many sub-commands will produce a traceback when people
go `-H ldap://server -Ubob` when they needed to go `-UAdministrator`.

We can catch these and show only the core message.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb: Update ldb.get_opaque() to return talloc‐managed opaque values

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Mar  3 23:33:44 UTC 2024 on atb-devel-224

ldb: Update ldb.set_opaque() to accept only supported types

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb: Remove trailing whitespace

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb: Pass a supported opaque type to ldb.set_opaque()

We are about to modify ldb.set_opaque() to accept only certain types,
and ldb.Ldb is not one of those types.

Pass in a value that is supported and whose lifetime is guaranteed to
outlive the Ldb object.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb: Add tests for Python set_opaque() and get_opaque()

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: Remove unused and broken Python access to LDB module API

These exposed the private LDB modules API to python, and was
untested and broken since LDB was made async internally as
it never called ldb_wait() on the result.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

pyldb: Improve docstric for whoami(), which takes no arguments.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

pyldb: Remove last caller to and definition of PyLdb_Check()

This is now checked by PyArg_ParseTupleAndKeywords().

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

pyldb: Use "O!" to specify the type of py_ldb

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

pyldb: Move PyErr_LDB_OR_RAISE() and PyErr_LDB_DN_OR_RAISE() into pyldb.h

While these style of macros are against our coding style, it is still better
to have them in a single place, and while pyldb.h is technically public
Samba is the only user of the C bindings.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

dns: Use pyldb_check_type() in PyErr_LDB_DN_OR_RAISE()

This prepares to move this macro into pyldb.h

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

dns: Use pyldb_Ldb_AsLdbContext() in PyErr_LDB_OR_RAISE()

This prepares to move this macro into pyldb.h

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

dsdb: Use pyldb_check_type() in PyErr_LDB_DN_OR_RAISE()

This prepares to move this macro into pyldb.h

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

dsdb: Use pyldb_Ldb_AsLdbContext() in PyErr_LDB_OR_RAISE()

This macro already checks the type, so we do not need to call
py_check_dcerpc_type() and prepares to move this macro into pyldb.h

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb/pyldb: Call Py_DECREF(list) on failure in PyLdbResult_FromResult()

We need to drop the reference to the list we created if we
are going to fail.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb/pyldb: Check errors from PyLdbMessage_FromMessage

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Create ClaimType in the model layer instead

Having it inside a command isn't very re-usable.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar  1 05:52:53 UTC 2024 on atb-devel-224

netcmd: models: ClaimType: move all dunder methods to the top for consistency

It's nice to consistently list the __str__ method first and all the dunder methods, then the static methods, then the rest.

At least for the models.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: claims: tidy up, avoid setting enabled twice

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: rename lookup methods to find for consistency

There are a mixture of methods called either 'lookup' or 'find'.

This dates back to when they raised LookupError, but these now raise NotFound.

They should be all called 'find' for consistency.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Rename username to account_name for consistency

When creating the User model initially, "username" was the only field that was inconsistently named, it maps to "sAMAccountName".

It should really have been account "account_name".

There is also a field "account_type" and should be similarly named to "account_name".

Basically the naming of fields should always be consistent, breaking the rule for one field only was a mistake.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Add optional base_dn argument to Model.query method

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Add Person and OrganizationalPerson

Move only those fields over that we already had on User that actually belong on Person and OrganizationalPerson

There are more fields to add later.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Add a repr method to Query for help in the shell

This means in the shell you can just do User.query(samdb) without having to wrap it in list() all the time.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Rename method to Query._from_message for consistency

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Model.from_message should be internal

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: silos: silo and auth policy commands use Query class better

Since the introduction of the Query class these can be written to be a lot clearer using models.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: silos: silo and auth policy commands use print

This adds more consistency with newer code added after these commands.

But also print seems more flexible and requires no newline characters added constantly which ends up being a bit cleaner.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: move remove trustee code to the GMSA model

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: move add trustee code to the GMSA model

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: tests: add tests for service-account commands

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>