From 156887c6d0b09795bae98564204e560919d0efa5 Mon Sep 17 00:00:00 2001 From: Rob van der Linde Date: Thu, 26 Oct 2023 15:12:39 +1300 Subject: [PATCH] netcmd: silo command uses more consistent naming for tgt args The args --user-tgt-lifetime-mins, --service-tgt-lifetime-mins and --computer-tgt-lifetime-mins suffixed with -mins to be consistent with Windows tooling. For these, the internal names don't need to change and neither do the model fields, only the external cli interface has this. Signed-off-by: Rob van der Linde Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- docs-xml/manpages/samba-tool.8.xml | 12 ++-- python/samba/netcmd/domain/auth/policy.py | 6 +- .../tests/samba_tool/domain_auth_policy.py | 72 +++++++++---------- 3 files changed, 45 insertions(+), 45 deletions(-) diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml index 852152c00f2..6dfe07ea813 100644 --- a/docs-xml/manpages/samba-tool.8.xml +++ b/docs-xml/manpages/samba-tool.8.xml @@ -712,7 +712,7 @@ - --user-tgt-lifetime + --user-tgt-lifetime-mins Ticket-Granting-Ticket lifetime for user accounts. @@ -757,7 +757,7 @@ - --service-tgt-lifetime + --service-tgt-lifetime-mins Ticket-Granting-Ticket lifetime for service accounts. @@ -802,7 +802,7 @@ - --computer-tgt-lifetime + --computer-tgt-lifetime-mins Ticket-Granting-Ticket lifetime for computer accounts. @@ -901,7 +901,7 @@ - --user-tgt-lifetime + --user-tgt-lifetime-mins Ticket-Granting-Ticket lifetime for user accounts. @@ -946,7 +946,7 @@ - --service-tgt-lifetime + --service-tgt-lifetime-mins Ticket-Granting-Ticket lifetime for service accounts. @@ -991,7 +991,7 @@ - --computer-tgt-lifetime + --computer-tgt-lifetime-mins Ticket-Granting-Ticket lifetime for computer accounts. diff --git a/python/samba/netcmd/domain/auth/policy.py b/python/samba/netcmd/domain/auth/policy.py index 6ee85602907..00f5dc87aed 100644 --- a/python/samba/netcmd/domain/auth/policy.py +++ b/python/samba/netcmd/domain/auth/policy.py @@ -35,7 +35,7 @@ class UserOptions(options.OptionGroup): def __init__(self, parser): super().__init__(parser, "User Options") - self.add_option("--user-tgt-lifetime", + self.add_option("--user-tgt-lifetime-mins", help="Ticket-Granting-Ticket lifetime for user accounts.", dest="tgt_lifetime", type=int, action="callback", callback=self.set_option, @@ -61,7 +61,7 @@ class ServiceOptions(options.OptionGroup): def __init__(self, parser): super().__init__(parser, "Service Options") - self.add_option("--service-tgt-lifetime", + self.add_option("--service-tgt-lifetime-mins", help="Ticket-Granting-Ticket lifetime for service accounts.", dest="tgt_lifetime", type=int, action="callback", callback=self.set_option, @@ -87,7 +87,7 @@ class ComputerOptions(options.OptionGroup): def __init__(self, parser): super().__init__(parser, "Computer Options") - self.add_option("--computer-tgt-lifetime", + self.add_option("--computer-tgt-lifetime-mins", help="Ticket-Granting-Ticket lifetime for computer accounts.", dest="tgt_lifetime", type=int, action="callback", callback=self.set_option, diff --git a/python/samba/tests/samba_tool/domain_auth_policy.py b/python/samba/tests/samba_tool/domain_auth_policy.py index 9aa94becfd3..a558d83ecbb 100644 --- a/python/samba/tests/samba_tool/domain_auth_policy.py +++ b/python/samba/tests/samba_tool/domain_auth_policy.py @@ -120,7 +120,7 @@ class AuthPolicyCmdTestCase(BaseAuthCmdTest): self.assertEqual(str(policy["description"]), "Custom Description") def test_authentication_policy_create_user_tgt_lifetime(self): - """Test create a new authentication policy with --user-tgt-lifetime. + """Test create a new authentication policy with --user-tgt-lifetime-mins. Also checks the upper and lower bounds are handled. """ @@ -129,7 +129,7 @@ class AuthPolicyCmdTestCase(BaseAuthCmdTest): result, out, err = self.runcmd("domain", "auth", "policy", "create", "--name", "userTGTLifetime", - "--user-tgt-lifetime", "60") + "--user-tgt-lifetime-mins", "60") self.assertIsNone(result, msg=err) # Check policy fields. @@ -140,21 +140,21 @@ class AuthPolicyCmdTestCase(BaseAuthCmdTest): # check lower bounds (45) result, out, err = self.runcmd("domain", "auth", "policy", "create", "--name", "userTGTLifetimeLower", - "--user-tgt-lifetime", "44") + "--user-tgt-lifetime-mins", "44") self.assertEqual(result, -1) - self.assertIn("--user-tgt-lifetime must be between 45 and 2147483647", + self.assertIn("--user-tgt-lifetime-mins must be between 45 and 2147483647", err) # check upper bounds (2147483647) result, out, err = self.runcmd("domain", "auth", "policy", "create", "--name", "userTGTLifetimeUpper", - "--user-tgt-lifetime", "2147483648") + "--user-tgt-lifetime-mins", "2147483648") self.assertEqual(result, -1) - self.assertIn("--user-tgt-lifetime must be between 45 and 2147483647", + self.assertIn("--user-tgt-lifetime-mins must be between 45 and 2147483647", err) def test_authentication_policy_create_service_tgt_lifetime(self): - """Test create a new authentication policy with --service-tgt-lifetime. + """Test create a new authentication policy with --service-tgt-lifetime-mins. Also checks the upper and lower bounds are handled. """ @@ -163,7 +163,7 @@ class AuthPolicyCmdTestCase(BaseAuthCmdTest): result, out, err = self.runcmd("domain", "auth", "policy", "create", "--name", "serviceTGTLifetime", - "--service-tgt-lifetime", "60") + "--service-tgt-lifetime-mins", "60") self.assertIsNone(result, msg=err) # Check policy fields. @@ -174,21 +174,21 @@ class AuthPolicyCmdTestCase(BaseAuthCmdTest): # check lower bounds (45) result, out, err = self.runcmd("domain", "auth", "policy", "create", "--name", "serviceTGTLifetimeLower", - "--service-tgt-lifetime", "44") + "--service-tgt-lifetime-mins", "44") self.assertEqual(result, -1) - self.assertIn("--service-tgt-lifetime must be between 45 and 2147483647", + self.assertIn("--service-tgt-lifetime-mins must be between 45 and 2147483647", err) # check upper bounds (2147483647) result, out, err = self.runcmd("domain", "auth", "policy", "create", "--name", "serviceTGTLifetimeUpper", - "--service-tgt-lifetime", "2147483648") + "--service-tgt-lifetime-mins", "2147483648") self.assertEqual(result, -1) - self.assertIn("--service-tgt-lifetime must be between 45 and 2147483647", + self.assertIn("--service-tgt-lifetime-mins must be between 45 and 2147483647", err) def test_authentication_policy_create_computer_tgt_lifetime(self): - """Test create a new authentication policy with --computer-tgt-lifetime. + """Test create a new authentication policy with --computer-tgt-lifetime-mins. Also checks the upper and lower bounds are handled. """ @@ -197,7 +197,7 @@ class AuthPolicyCmdTestCase(BaseAuthCmdTest): result, out, err = self.runcmd("domain", "auth", "policy", "create", "--name", "computerTGTLifetime", - "--computer-tgt-lifetime", "60") + "--computer-tgt-lifetime-mins", "60") self.assertIsNone(result, msg=err) # Check policy fields. @@ -208,17 +208,17 @@ class AuthPolicyCmdTestCase(BaseAuthCmdTest): # check lower bounds (45) result, out, err = self.runcmd("domain", "auth", "policy", "create", "--name", "computerTGTLifetimeLower", - "--computer-tgt-lifetime", "44") + "--computer-tgt-lifetime-mins", "44") self.assertEqual(result, -1) - self.assertIn("--computer-tgt-lifetime must be between 45 and 2147483647", + self.assertIn("--computer-tgt-lifetime-mins must be between 45 and 2147483647", err) # check upper bounds (2147483647) result, out, err = self.runcmd("domain", "auth", "policy", "create", "--name", "computerTGTLifetimeUpper", - "--computer-tgt-lifetime", "2147483648") + "--computer-tgt-lifetime-mins", "2147483648") self.assertEqual(result, -1) - self.assertIn("--computer-tgt-lifetime must be between 45 and 2147483647", + self.assertIn("--computer-tgt-lifetime-mins must be between 45 and 2147483647", err) def test_authentication_policy_create_valid_sddl(self): @@ -358,7 +358,7 @@ class AuthPolicyCmdTestCase(BaseAuthCmdTest): # followed by raising SystemExit(2). def test_authentication_policy_modify_user_tgt_lifetime(self): - """Test modifying an authentication policy --user-tgt-lifetime. + """Test modifying an authentication policy --user-tgt-lifetime-mins. This includes checking the upper and lower bounds. """ @@ -370,7 +370,7 @@ class AuthPolicyCmdTestCase(BaseAuthCmdTest): result, out, err = self.runcmd("domain", "auth", "policy", "modify", "--name", name, - "--user-tgt-lifetime", "120") + "--user-tgt-lifetime-mins", "120") self.assertIsNone(result, msg=err) # Verify field was changed. @@ -380,21 +380,21 @@ class AuthPolicyCmdTestCase(BaseAuthCmdTest): # check lower bounds (45) result, out, err = self.runcmd("domain", "auth", "policy", "modify", "--name", name, - "--user-tgt-lifetime", "44") + "--user-tgt-lifetime-mins", "44") self.assertEqual(result, -1) - self.assertIn("--user-tgt-lifetime must be between 45 and 2147483647", + self.assertIn("--user-tgt-lifetime-mins must be between 45 and 2147483647", err) # check upper bounds (2147483647) result, out, err = self.runcmd("domain", "auth", "policy", "modify", "--name", name, - "--user-tgt-lifetime", "2147483648") + "--user-tgt-lifetime-mins", "2147483648") self.assertEqual(result, -1) - self.assertIn("-user-tgt-lifetime must be between 45 and 2147483647", + self.assertIn("--user-tgt-lifetime-mins must be between 45 and 2147483647", err) def test_authentication_policy_modify_service_tgt_lifetime(self): - """Test modifying an authentication policy --service-tgt-lifetime. + """Test modifying an authentication policy --service-tgt-lifetime-mins. This includes checking the upper and lower bounds. """ @@ -406,7 +406,7 @@ class AuthPolicyCmdTestCase(BaseAuthCmdTest): result, out, err = self.runcmd("domain", "auth", "policy", "modify", "--name", name, - "--service-tgt-lifetime", "120") + "--service-tgt-lifetime-mins", "120") self.assertIsNone(result, msg=err) # Verify field was changed. @@ -416,21 +416,21 @@ class AuthPolicyCmdTestCase(BaseAuthCmdTest): # check lower bounds (45) result, out, err = self.runcmd("domain", "auth", "policy", "modify", "--name", name, - "--service-tgt-lifetime", "44") + "--service-tgt-lifetime-mins", "44") self.assertEqual(result, -1) - self.assertIn("--service-tgt-lifetime must be between 45 and 2147483647", + self.assertIn("--service-tgt-lifetime-mins must be between 45 and 2147483647", err) # check upper bounds (2147483647) result, out, err = self.runcmd("domain", "auth", "policy", "modify", "--name", name, - "--service-tgt-lifetime", "2147483648") + "--service-tgt-lifetime-mins", "2147483648") self.assertEqual(result, -1) - self.assertIn("--service-tgt-lifetime must be between 45 and 2147483647", + self.assertIn("--service-tgt-lifetime-mins must be between 45 and 2147483647", err) def test_authentication_policy_modify_computer_tgt_lifetime(self): - """Test modifying an authentication policy --computer-tgt-lifetime. + """Test modifying an authentication policy --computer-tgt-lifetime-mins. This includes checking the upper and lower bounds. """ @@ -442,7 +442,7 @@ class AuthPolicyCmdTestCase(BaseAuthCmdTest): result, out, err = self.runcmd("domain", "auth", "policy", "modify", "--name", name, - "--computer-tgt-lifetime", "120") + "--computer-tgt-lifetime-mins", "120") self.assertIsNone(result, msg=err) # Verify field was changed. @@ -452,17 +452,17 @@ class AuthPolicyCmdTestCase(BaseAuthCmdTest): # check lower bounds (45) result, out, err = self.runcmd("domain", "auth", "policy", "modify", "--name", name, - "--computer-tgt-lifetime", "44") + "--computer-tgt-lifetime-mins", "44") self.assertEqual(result, -1) - self.assertIn("--computer-tgt-lifetime must be between 45 and 2147483647", + self.assertIn("--computer-tgt-lifetime-mins must be between 45 and 2147483647", err) # check upper bounds (2147483647) result, out, err = self.runcmd("domain", "auth", "policy", "modify", "--name", name, - "--computer-tgt-lifetime", "2147483648") + "--computer-tgt-lifetime-mins", "2147483648") self.assertEqual(result, -1) - self.assertIn("--computer-tgt-lifetime must be between 45 and 2147483647", + self.assertIn("--computer-tgt-lifetime-mins must be between 45 and 2147483647", err) def test_authentication_policy_modify_name_missing(self): -- 2.47.3