netcmd: models: move remove trustee code to the GMSA model

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: move add trustee code to the GMSA model

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: tests: add tests for service-account commands

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: gmsa: cli commands for managing group msa membership

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: gmsa: base cli commands for group managed service accounts

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

python: models: Computer constructor automatically adds "$" to account name

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

selftest: aces: fix mutable default args in assemble_ace

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

selftest: aces: use constant from samba.security

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

python: sd_utils: pep8 import sorting

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

python: sd_utils: remove redundant brackets around simple assert statements

Ideally these should be exceptions not asserts

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

python: sd_utils: pep8 fix spacing around

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: properly show command name in show help

This comes up if a user ends up typing something wrong, and it incorrectly showed only part of the command under Usage:

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: add newline before epilog so there is a space between

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: model __json__ method should call as_dict instead

The comment about RelatedField is not really relevant so removed that part, RelatedField isn't used at this point.

The idea with RelatedField is that it fetches the object (vs DnField which just returns a Dn).

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: setting kwarg to None should use field default

This comes up when trying to create a GroupManagedServiceAccount and setting the value of managed_password_interval to None.

We still want it to pick up the field default of 30 in this case.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Model.query adds optional polymorphic flag for returning specific class types

This defaults to False, query the User class returns only User instances.

    User.query(samdb)

When set to True, query the User class can return User, Computer, ManagedServiceAccount instances.

    User.query(samdb, polymorphic=True)

If polymorphic is False the same records are still returned but records will always be interpreted as the model that is being queried only, rather than a more specific model that matches that object class.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: ModelMeta needs to also set fields and meta if class is Model

This is needed for polymorphic query, if querying from the Base model, which was not previously a feature.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: move object_sid field from User to base Model

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: bring Model class forward into module

This is important for polymorphic query support

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: ModelMeta no longer needs to inherit from ABCMeta

There are no more abstract methods since the previous commit, so ABCMeta is no longer needed.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Model.get_object_class returns top instead of None

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Query.first and Query.last should use count from instance

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: set the default for managed password interval on the model

This is to avoid having to provide a default in multiple places

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: move group msa membership default to constants

This means the constant can be imported and used by the tests

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: shell: show Models subheading

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: make MODELS constant keyed by object class instead

This helps with polymorphic querying, mapping object class name to model class.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: move MODELS constant to constants.py to avoid import loop

query.py and models.py otherwise cause an import loop, query.py needs to import MODELS

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: update docstring of Computer.find method

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: gmsa move find method to Computer model

The find method is the same as the find method from the User model, with the exception of adding "$".

This means it is actually logic that belongs in the parent class of GroupManagedServiceAccount, which is Computer.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: gmsa GroupManagedServiceAccount inherits from Computer

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: gmsa move GroupManagedServiceAccount model to gmsa.py

It needs to inherit from the Computer model, the Computer model also inherits from User.

First, moving it to its own file from user.py to gmsa.py

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: gmsa trustees update docstring and incorrect return type

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: gmsa trustees property only looks at allowed aces

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: make GroupManagedServiceAccount.trustees a property

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: avoid fetching each user in trustees method

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Remove unused groups_sddl method from User model

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: add default SDDL to group_msa_membership

LA can be used for the administrator and Windows will expand that on save, making the group_sddl method redundant.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

WHATSNEW: Add information on LDB no longer available standalone

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar  1 03:45:21 UTC 2024 on atb-devel-224

build: Allow --with-ldbmodulesdir to override location of LDB modules

This will allow some packagers to set this to a directory that does
not mention Samba, or to put a version string in to avoid loading
old modules.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb: Unconditionally set LDB_PACKAGE_VERSION

This is only parsed once now and there is no confusion with the main build, so we can set it without checking.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb: Remove "private_library" variable with just one user

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb: Rename VERSION to LDB_VERSION to avoid confusion

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

lib/ldb: Remove duplicate aspects of build system

We no longer need aspects of our build that made sense for the standalone
operation of LDB now that ldb is only provided as part of Samba.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb: Remove remaining components of independent ldb build system

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

lib/ldb: Remove references to conf.env.standalone_ldb

This is not a simple replacement as we are merging the standalone build features with
the main Samba build features.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

lib/ldb: bld.CONFIG_SET(USING_SYSTEM_LDB) is now never set

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

lib/ldb: Adapt pkg-config files to being build from the main build.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

lib/ldb: Always build standalone

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

build: Move --with-ldap/--without-ldap from source3 build to top level

This code impacts on LDB, which is now built from the main build
so we need to combined this with the check that was in lib/ldb
or else we get conflicts.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb: Remove the ability for Samba to compile against a system LDB

Samba will either provide the LDB to the system, or use a
private ldb, we will not use any other LDB from the system.

This is essentially equilvilant to the patch Debian has used
for Samba 4.17 and later, named "Force-LDB-as-standalone.patch"

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

build: Remove duplicated check for -Wl,-no-undefined on OpenBSD

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

build: Call conf.CHECK_XSLTPROC_MANPAGES() directly in wscript

This avoids relying on the indirect call via wscript in lib/{talloc,tdb,ldb}

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

autobuild: Move autobuild to expecting ldb to build as part of Samba

We retain a test to confirm we can build ldb as a public lib in the samba-libs
target.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb: Honour --private-library=!ldb as meaning build as a public library

Likewise, let the SAMBA_LIBRARY code handle being a private library
rather than in the library declaration.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

build: Allow --private-libraries to include a default

This will in the future allow ldb to be declared public in the
build system, and so have all the attributes set for that, but
be actually built as a private Samba library by default.

No change in behavour currently.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

build: Ensure that a forced-private library has no public headers

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb: Make pyldb-util always a private library

Only Samba has ever used these utility functions, other applications can
still use our ldb python bindings, they just can not provide ldb
C bindings.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

selftest: Bring ldb test defintions into one place in selftest/tests.py

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

selftest: Always and only run ldb test-tdb test in Samba selftest

This is the last test left in the independent ldb testsuite,
removing this from there allows the test target to be removed.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

selftest: Move LDB cmocka based unit tests to Samba testsuite

This allows skip and knownfail entries to be honoured, as well
as enabling the removal of the standalone LDB build system.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb: Prepare ldb tests for subunit output

These tests now print subunit rather than the default output
as this is what the Samba selftest system needs.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

sefltest: Remove duplicate run of ldb.python.crash and ldb.python.repack

These tests are not impacted by the dot-less i issue.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb: Move tests to selftest/tests.py and out of standlone build

Tests that are declared in the tests.py files in the main Samba build
are able to use the common knownfail, flapping and skip systems.

This will also allow the independent ldb build to be removed without
loss of the tests.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

pytests: samba-tool domain kds root_key

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar  1 01:27:30 UTC 2024 on atb-devel-224

samba-tool: add `samba-tool domain kds root_key delete`

For deleting root keys.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool: add `samba-tool domain kds root_key create`

For making new root keys.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool: add `samba-tool domain kds root_key view`

This is for looking at one root key. There isn't much to know.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool: add `samba-tool domain kds root_key list`

This lists root keys, in descending chronological order according to the
use_start_toime attribute. That's becuase you usually only care about
the newest one.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool: don't error if there are no sub-commands

This is useful when you commit samba-tool tests before you commit the
samba-tool code, and you want the tests to fail rather than error.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

provision: add a default root key

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest:dsdb: check that there is a gkdi root key

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest:gkdi: shift create_root_key into a function

This is so the samba-tool domain kds root_key tests can use it as a
function.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest:samba-tool: add a flag to print more in runcmd

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool user delete: use account type constant

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool domain: add LDB Result to json encoders

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb:pyldb exposes Result type

You perhaps never want to manually create results (as in `x = Result()`)
-- except maybe in tests -- and that would be why we never added it in
the first place (or rather, we never noticed that it ws missing).

But we do want to sometimes go `isinstance(x, ldb.Result)`, and that
is how we noticed it was missing now.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:samdb: wrapper for _dsdb_create_gkdi_root_key()

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:pydsdb: python bindings for gkdi_new_root_key()

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool domain kds root_key

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool domain kds: add root key sub-command

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool domain: add kds sub-branch

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Add functions for GKDI root key creation

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib:crypto: Check for overflow in GKDI rollover interval calculation

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib:crypto: Correct GKDI interval start time calculation

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib:crypto: Add error checking to GKDI key start time calculation

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: Ignore msKds-DomainID in ldapcmp_restoredc.sh and samba.tests.domain_backup_offline

Like serverReferenceBL etc, this will point to a DC that created the object, and
as part of the backup and restore, this DC will be deleted.  It is just for
tracking the object creation, so this is fine.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ctdb-tests: Limit red-black tree test to 5s of random inserts

rb_test_001.sh runs for 60s even though rb_tree.c is almost never
modified.  This generally extends test time by an unreasonable amount
of time.

Add an optional timeout (in seconds) argument to rb_test, defaulting
to 60, and pass 5 from rb_test_001.sh.  If anyone ever significantly
updates rb_tree.c then they can run rb_test directly with its default
60s timeout... or for as long as they like.

Reported-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Feb 29 13:20:40 UTC 2024 on atb-devel-224

samba-tool user getpassword: Clarify success wording

It may be the case that there was no password, or read access to the
password was not permitted.  The structure of the code and the pattern
in LDIF that missing information is simply returned as missing
attributes makes it hard to detect and communicate a clear
error here, particularly as an error may not be wanted if
(say) pwdLastSet is queried on a gMSA that we can not read.

So we just make the string to indicate, as I think it was meant,
that the tool ran to compleation.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 29 05:07:45 UTC 2024 on atb-devel-224

python/nt_time: have a go at using 1_000_000 number separators.

I noticed these are available in Python 3.6+, which is what we support,
and they're arguably nicer than using exponentiation.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:nt_time: add a nt_now() function

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:nt_time: add string_from_nt_time

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

py:nt_time: add nt_time_from_string()

This is for samba-tool, which could do with a common understanding of
time strings across various sub-tools.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: try to turn ldb_string_to_time() errors into exceptions

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb: ldb_string_to_time reports more errors

The underlying function should return -1 and set errno when given invalid
strings, but we were not looking and have decided on 0 for error.

It would be a pain to change this function to return -1. Apart from the
API fuss, it is sometimes used unchecked to set an unsigned number and
an unchecked 0 is better than UINT*_MAX in those contexts.

It is probably not easy to get an -1 from a timegm() -- most
implementations will happily convert overflows for you, so e.g. the
15th month would be March of the next year. But EOVERFLOW is mentioned
in the manpages.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:pydsdb: add not-implemented raising functions to when appropriate

It will be less confusing, I hope.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: catch some talloc failures

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: free some finished requests

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: free things more often on error

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: add a macro to free when raising exceptions

We often forget.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest:audit_log_base: use string_is_guid()

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>