From b14ead30da3fa6a12412ce97724daebb3cc3ebfa Mon Sep 17 00:00:00 2001
From: Rob van der Linde <rob@catalyst.net.nz>
Date: Tue, 28 Nov 2023 15:13:21 +1300
Subject: [PATCH] python: move HRES_SEC_* constants to samba module

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 python/samba/__init__.py                         | 3 +++
 python/samba/tests/krb5/authn_policy_tests.py    | 4 +---
 python/samba/tests/krb5/protected_users_tests.py | 4 +---
 source4/dsdb/tests/python/passwords.py           | 3 +--
 source4/dsdb/tests/python/sam.py                 | 4 +---
 5 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/python/samba/__init__.py b/python/samba/__init__.py
index 3e6ea7d18e1..f11164a29ba 100644
--- a/python/samba/__init__.py
+++ b/python/samba/__init__.py
@@ -398,3 +398,6 @@ NTSTATUSError = _glue.NTSTATUSError
 HRESULTError = _glue.HRESULTError
 WERRORError = _glue.WERRORError
 DsExtendedError = _glue.DsExtendedError
+
+HRES_SEC_E_LOGON_DENIED = 0x8009030C
+HRES_SEC_E_INVALID_TOKEN = 0x80090308
diff --git a/python/samba/tests/krb5/authn_policy_tests.py b/python/samba/tests/krb5/authn_policy_tests.py
index 43a975fac8e..6ce2e41d1c7 100755
--- a/python/samba/tests/krb5/authn_policy_tests.py
+++ b/python/samba/tests/krb5/authn_policy_tests.py
@@ -38,6 +38,7 @@ from samba.netcmd.domain.models import AuthenticationPolicy, AuthenticationSilo
 
 import samba.tests
 import samba.tests.krb5.kcrypto as kcrypto
+from samba import HRES_SEC_E_INVALID_TOKEN, HRES_SEC_E_LOGON_DENIED
 from samba.tests.krb5.kdc_base_test import GroupType
 from samba.tests.krb5.kdc_tgs_tests import KdcTgsBaseTests
 from samba.tests.auth_log_base import AuthLogTestBase, NoMessageException
@@ -59,9 +60,6 @@ SidType = RawKerberosTest.SidType
 global_asn1_print = False
 global_hexdump = False
 
-HRES_SEC_E_INVALID_TOKEN = 0x80090308
-HRES_SEC_E_LOGON_DENIED = 0x8009030C
-
 
 AUTHN_VERSION = {'major': 1, 'minor': 3}
 AUTHZ_VERSION = {'major': 1, 'minor': 2}
diff --git a/python/samba/tests/krb5/protected_users_tests.py b/python/samba/tests/krb5/protected_users_tests.py
index b592b4a893f..b2955a874e1 100755
--- a/python/samba/tests/krb5/protected_users_tests.py
+++ b/python/samba/tests/krb5/protected_users_tests.py
@@ -26,7 +26,7 @@ from functools import partial
 
 import ldb
 
-from samba import generate_random_password, ntstatus
+from samba import generate_random_password, ntstatus, HRES_SEC_E_LOGON_DENIED
 from samba.dcerpc import netlogon, security
 
 import samba.tests.krb5.kcrypto as kcrypto
@@ -51,8 +51,6 @@ import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1
 global_asn1_print = False
 global_hexdump = False
 
-HRES_SEC_E_LOGON_DENIED = 0x8009030C
-
 
 class ProtectedUsersTests(KDCBaseTest):
     def setUp(self):
diff --git a/source4/dsdb/tests/python/passwords.py b/source4/dsdb/tests/python/passwords.py
index 2f513df83ae..73fd0275a6d 100755
--- a/source4/dsdb/tests/python/passwords.py
+++ b/source4/dsdb/tests/python/passwords.py
@@ -21,6 +21,7 @@ from samba.tests.password_test import PasswordTestCase
 
 import samba.getopt as options
 
+from samba import HRES_SEC_E_INVALID_TOKEN
 from samba.auth import system_session
 from samba.credentials import Credentials
 from samba.dcerpc import security
@@ -267,8 +268,6 @@ unicodePwd:: """ + base64.b64encode("\"thatsAcomplPASS2\"".encode('utf-16-le')).
             SamDB(url=host_ldaps,
                   credentials=self.creds, lp=lp)
         except LdbError as err:
-            HRES_SEC_E_INVALID_TOKEN = 0x80090308
-
             num, estr = err.args
             self.assertEqual(ERR_INVALID_CREDENTIALS, num)
             self.assertIn(f"{HRES_SEC_E_INVALID_TOKEN:08X}", estr)
diff --git a/source4/dsdb/tests/python/sam.py b/source4/dsdb/tests/python/sam.py
index c413b0813e0..bbc6ba8a58f 100755
--- a/source4/dsdb/tests/python/sam.py
+++ b/source4/dsdb/tests/python/sam.py
@@ -9,6 +9,7 @@ import time
 
 sys.path.insert(0, "bin/python")
 import samba
+from samba import HRES_SEC_E_INVALID_TOKEN, HRES_SEC_E_LOGON_DENIED
 from samba.tests.subunitrun import SubunitOptions, TestProgram
 
 import samba.getopt as options
@@ -1723,9 +1724,6 @@ class SamTests(samba.tests.TestCase):
             return "%08X: LdapErr: DSID-%08X, comment: AcceptSecurityContext error, data %x, v" % (
                     hresult_v, dsid_v, werror_v)
 
-        HRES_SEC_E_LOGON_DENIED = 0x8009030C
-        HRES_SEC_E_INVALID_TOKEN = 0x80090308
-
         sasl_bind_dsid = 0x0C0904DC
         simple_bind_dsid = 0x0C0903A9
 
-- 
2.47.3