From: Rob van der Linde Date: Tue, 21 Nov 2023 02:03:24 +0000 (+1300) Subject: netcmd: auth policy: rename "from silo" to "from device silo" X-Git-Tag: talloc-2.4.2~567 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dbeb424e6c2aeb4378ee2cbf7e37fa644ffd0208;p=thirdparty%2Fsamba.git netcmd: auth policy: rename "from silo" to "from device silo" Signed-off-by: Rob van der Linde Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- diff --git a/python/samba/netcmd/domain/auth/policy.py b/python/samba/netcmd/domain/auth/policy.py index 1eb3acf3273..ad6bfe14c9e 100644 --- a/python/samba/netcmd/domain/auth/policy.py +++ b/python/samba/netcmd/domain/auth/policy.py @@ -33,7 +33,7 @@ def check_similar_args(option, args): """Helper method for checking similar mutually exclusive args. Example: --user-allowed-to-authenticate-from and - --user-allowed-to-authenticate-from-silo + --user-allowed-to-authenticate-from-device-silo """ num = sum(arg is not None for arg in args) if num > 1: @@ -60,9 +60,9 @@ class UserOptions(options.OptionGroup): help="Conditions user is allowed to authenticate from.", type=str, dest="allowed_to_authenticate_from", action="callback", callback=self.set_option) - self.add_option("--user-allowed-to-authenticate-from-silo", - help="User is allowed to authenticate from silo.", - type=str, dest="allowed_to_authenticate_from_silo", + self.add_option("--user-allowed-to-authenticate-from-device-silo", + help="User is allowed to authenticate from a device in a silo.", + type=str, dest="allowed_to_authenticate_from_device_silo", action="callback", callback=self.set_option) self.add_option("--user-allowed-to-authenticate-to", help="Conditions user is allowed to authenticate to.", @@ -94,9 +94,9 @@ class ServiceOptions(options.OptionGroup): help="Conditions service is allowed to authenticate from.", type=str, dest="allowed_to_authenticate_from", action="callback", callback=self.set_option) - self.add_option("--service-allowed-to-authenticate-from-silo", - help="Service is allowed to authenticate from silo.", - type=str, dest="allowed_to_authenticate_from_silo", + self.add_option("--service-allowed-to-authenticate-from-device-silo", + help="Service is allowed to authenticate from a device in a silo.", + type=str, dest="allowed_to_authenticate_from_device_silo", action="callback", callback=self.set_option) self.add_option("--service-allowed-to-authenticate-to", help="Conditions service is allowed to authenticate to.", @@ -251,13 +251,13 @@ class cmd_domain_auth_policy_create(Command): # Check for repeated, similar arguments. check_similar_args("--user-allowed-to-authenticate-from", [useropts.allowed_to_authenticate_from, - useropts.allowed_to_authenticate_from_silo]) + useropts.allowed_to_authenticate_from_device_silo]) check_similar_args("--user-allowed-to-authenticate-to", [useropts.allowed_to_authenticate_to, useropts.allowed_to_authenticate_to_by_silo]) check_similar_args("--service-allowed-to-authenticate-from", [serviceopts.allowed_to_authenticate_from, - serviceopts.allowed_to_authenticate_from_silo]) + serviceopts.allowed_to_authenticate_from_device_silo]) check_similar_args("--service-allowed-to-authenticate-to", [serviceopts.allowed_to_authenticate_to, serviceopts.allowed_to_authenticate_to_by_silo]) @@ -267,10 +267,10 @@ class cmd_domain_auth_policy_create(Command): ldb = self.ldb_connect(hostopts, sambaopts, credopts) - # Generate SDDL for authenticating users from a silo - if useropts.allowed_to_authenticate_from_silo: + # Generate SDDL for authenticating users from a device in a silo + if useropts.allowed_to_authenticate_from_device_silo: silo = AuthenticationSilo.get( - ldb, cn=useropts.allowed_to_authenticate_from_silo) + ldb, cn=useropts.allowed_to_authenticate_from_device_silo) useropts.allowed_to_authenticate_from = silo.get_authentication_sddl() # Generate SDDL for authenticating user accounts to a silo @@ -279,10 +279,10 @@ class cmd_domain_auth_policy_create(Command): ldb, cn=useropts.allowed_to_authenticate_to_by_silo) useropts.allowed_to_authenticate_to = silo.get_authentication_sddl() - # Generate SDDL for authenticating service accounts from a silo - if serviceopts.allowed_to_authenticate_from_silo: + # Generate SDDL for authenticating service accounts from a device in a silo + if serviceopts.allowed_to_authenticate_from_device_silo: silo = AuthenticationSilo.get( - ldb, cn=serviceopts.allowed_to_authenticate_from_silo) + ldb, cn=serviceopts.allowed_to_authenticate_from_device_silo) serviceopts.allowed_to_authenticate_from = silo.get_authentication_sddl() # Generate SDDL for authenticating service accounts to a silo @@ -394,13 +394,13 @@ class cmd_domain_auth_policy_modify(Command): # Check for repeated, similar arguments. check_similar_args("--user-allowed-to-authenticate-from", [useropts.allowed_to_authenticate_from, - useropts.allowed_to_authenticate_from_silo]) + useropts.allowed_to_authenticate_from_device_silo]) check_similar_args("--user-allowed-to-authenticate-to", [useropts.allowed_to_authenticate_to, useropts.allowed_to_authenticate_to_by_silo]) check_similar_args("--service-allowed-to-authenticate-from", [serviceopts.allowed_to_authenticate_from, - serviceopts.allowed_to_authenticate_from_silo]) + serviceopts.allowed_to_authenticate_from_device_silo]) check_similar_args("--service-allowed-to-authenticate-to", [serviceopts.allowed_to_authenticate_to, serviceopts.allowed_to_authenticate_to_by_silo]) @@ -410,10 +410,10 @@ class cmd_domain_auth_policy_modify(Command): ldb = self.ldb_connect(hostopts, sambaopts, credopts) - # Generate SDDL for authenticating users from a silo - if useropts.allowed_to_authenticate_from_silo: + # Generate SDDL for authenticating users from a device in a silo + if useropts.allowed_to_authenticate_from_device_silo: silo = AuthenticationSilo.get( - ldb, cn=useropts.allowed_to_authenticate_from_silo) + ldb, cn=useropts.allowed_to_authenticate_from_device_silo) useropts.allowed_to_authenticate_from = silo.get_authentication_sddl() # Generate SDDL for authenticating user accounts to a silo @@ -422,10 +422,10 @@ class cmd_domain_auth_policy_modify(Command): ldb, cn=useropts.allowed_to_authenticate_to_by_silo) useropts.allowed_to_authenticate_to = silo.get_authentication_sddl() - # Generate SDDL for authenticating service accounts from a silo - if serviceopts.allowed_to_authenticate_from_silo: + # Generate SDDL for authenticating service accounts from a device in a silo + if serviceopts.allowed_to_authenticate_from_device_silo: silo = AuthenticationSilo.get( - ldb, cn=serviceopts.allowed_to_authenticate_from_silo) + ldb, cn=serviceopts.allowed_to_authenticate_from_device_silo) serviceopts.allowed_to_authenticate_from = silo.get_authentication_sddl() # Generate SDDL for authenticating service accounts to a silo diff --git a/python/samba/tests/samba_tool/domain_auth_policy.py b/python/samba/tests/samba_tool/domain_auth_policy.py index f6062f1b46c..84de6bd9cf4 100644 --- a/python/samba/tests/samba_tool/domain_auth_policy.py +++ b/python/samba/tests/samba_tool/domain_auth_policy.py @@ -153,14 +153,14 @@ class AuthPolicyCmdTestCase(SiloTest): self.assertIn("--user-tgt-lifetime-mins must be between 45 and 2147483647", err) - def test_create__user_allowed_to_authenticate_from_silo(self): - """Tests the --user-allowed-to-authenticate-from-silo shortcut.""" + def test_create__user_allowed_to_authenticate_from_device_silo(self): + """Tests the --user-allowed-to-authenticate-from-device-silo shortcut.""" name = self.unique_name() self.addCleanup(self.delete_authentication_policy, name=name, force=True) result, out, err = self.runcmd("domain", "auth", "policy", "create", "--name", name, - "--user-allowed-to-authenticate-from-silo", + "--user-allowed-to-authenticate-from-device-silo", "Developers") self.assertIsNone(result, msg=err) @@ -229,14 +229,14 @@ class AuthPolicyCmdTestCase(SiloTest): self.assertIn("--service-tgt-lifetime-mins must be between 45 and 2147483647", err) - def test_create__service_allowed_to_authenticate_from_silo(self): - """Tests the --service-allowed-to-authenticate-from-silo shortcut.""" + def test_create__service_allowed_to_authenticate_from_device_silo(self): + """Tests the --service-allowed-to-authenticate-from-device-silo shortcut.""" name = self.unique_name() self.addCleanup(self.delete_authentication_policy, name=name, force=True) result, out, err = self.runcmd("domain", "auth", "policy", "create", "--name", name, - "--service-allowed-to-authenticate-from-silo", + "--service-allowed-to-authenticate-from-device-silo", "Managers") self.assertIsNone(result, msg=err) @@ -567,7 +567,7 @@ class AuthPolicyCmdTestCase(SiloTest): """Test repeating similar arguments doesn't make sense to use together. --user-allowed-to-authenticate-from - --user-allowed-to-authenticate-from-silo + --user-allowed-to-authenticate-from-device-silo """ sddl = 'O:SYG:SYD:(XA;OICI;CR;;;WD;(@USER.ad://ext/AuthenticationSilo == "Developers"))' name = self.unique_name() @@ -576,7 +576,7 @@ class AuthPolicyCmdTestCase(SiloTest): "--name", name, "--user-allowed-to-authenticate-from", sddl, - "--user-allowed-to-authenticate-from-silo", + "--user-allowed-to-authenticate-from-device-silo", "Managers") self.assertEqual(result, -1) @@ -605,7 +605,7 @@ class AuthPolicyCmdTestCase(SiloTest): """Test repeating similar arguments doesn't make sense to use together. --service-allowed-to-authenticate-from - --service-allowed-to-authenticate-from-silo + --service-allowed-to-authenticate-from-device-silo """ sddl = 'O:SYG:SYD:(XA;OICI;CR;;;WD;(@USER.ad://ext/AuthenticationSilo == "Managers"))' name = self.unique_name() @@ -614,7 +614,7 @@ class AuthPolicyCmdTestCase(SiloTest): "--name", name, "--service-allowed-to-authenticate-from", sddl, - "--service-allowed-to-authenticate-from-silo", + "--service-allowed-to-authenticate-from-device-silo", "QA") self.assertEqual(result, -1) @@ -846,8 +846,8 @@ class AuthPolicyCmdTestCase(SiloTest): sddl = ndr_unpack(security.descriptor, desc).as_sddl() self.assertEqual(sddl, expected) - def test_modify__user_allowed_to_authenticate_from_silo(self): - """Test the --user-allowed-to-authenticate-from-silo shortcut.""" + def test_modify__user_allowed_to_authenticate_from_device_silo(self): + """Test the --user-allowed-to-authenticate-from-device-silo shortcut.""" name = self.unique_name() # Create a policy to modify for this test. @@ -857,7 +857,7 @@ class AuthPolicyCmdTestCase(SiloTest): # Modify user allowed to authenticate from silo field result, out, err = self.runcmd("domain", "auth", "policy", "modify", "--name", name, - "--user-allowed-to-authenticate-from-silo", + "--user-allowed-to-authenticate-from-device-silo", "QA") self.assertIsNone(result, msg=err) @@ -939,8 +939,8 @@ class AuthPolicyCmdTestCase(SiloTest): sddl = ndr_unpack(security.descriptor, desc).as_sddl() self.assertEqual(sddl, expected) - def test_modify__service_allowed_to_authenticate_from_silo(self): - """Test the --service-allowed-to-authenticate-from-silo shortcut.""" + def test_modify__service_allowed_to_authenticate_from_device_silo(self): + """Test the --service-allowed-to-authenticate-from-device-silo shortcut.""" name = self.unique_name() # Create a policy to modify for this test. @@ -950,7 +950,7 @@ class AuthPolicyCmdTestCase(SiloTest): # Modify user allowed to authenticate from silo field result, out, err = self.runcmd("domain", "auth", "policy", "modify", "--name", name, - "--service-allowed-to-authenticate-from-silo", + "--service-allowed-to-authenticate-from-device-silo", "Developers") self.assertIsNone(result, msg=err)