selftest: add tests for "samba-tool user list --locked-only"

Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool: add "samba-tool user list --locked-only"

Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libgpo: Do not segfault if we don't have a valid security descriptor

Program received signal SIGSEGV, Segmentation fault.
ndr_push_security_descriptor (ndr=ndr@entry=0x555555bf41b0, ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at librpc/gen_ndr/ndr_security.c:713
713 NDR_CHECK(ndr_push_security_descriptor_revision(ndr, NDR_SCALARS, r->revision));

Thread 1 (Thread 0x7ffff7ece740 (LWP 21460) "python3"):
 #0  ndr_push_security_descriptor (ndr=ndr@entry=0x555555bf41b0, ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at librpc/gen_ndr/ndr_security.c:713
        _flags_save_STRUCT = 0
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        _status = <optimized out>
        __FUNCTION__ = "ndr_push_security_descriptor"
 #1  0x00007ffff617237f in ndr_push_struct_blob (blob=blob@entry=0x7fffffffdb20, mem_ctx=0x555555aa3bd0, p=0x0, fn=0x7ffff6074ad0 <ndr_push_security_descriptor>, fn@entry=0x7ffff60706c8 <ndr_push_security_descriptor@plt>) at ../../librpc/ndr/ndr.c:1438
        _status = <optimized out>
        ndr = 0x555555bf41b0
 #2  0x00007ffff607cccf in marshall_sec_desc (mem_ctx=<optimized out>, secdesc=<optimized out>, data=data@entry=0x7fffffffdb80, len=len@entry=0x7fffffffdb78) at ../../libcli/security/secdesc.c:241
        blob = {data = 0x7fffffffdb40 "`\333\377\377\377\177", length = 140737352374299}
        ndr_err = <optimized out>
        __FUNCTION__ = "marshall_sec_desc"
 #3  0x00007ffff29edd94 in GPO_marshall_get_sec_desc_buf (self=<optimized out>, args=<optimized out>, kwds=<optimized out>) at ../../libgpo/pygpo.c:119
        gpo_ptr = <optimized out>
        status = <optimized out>
        data = 0x0
        len = 0

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15599

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar  6 15:44:19 UTC 2024 on atb-devel-224

libgpo: Fix trailing spaces in pygpo.c

Reviewed-by: David Mulder <dmulder@samba.org>

ctdb-scripts: Remove usage of releaseip-pre, takeip-pre pseudo-events

These were generated by 06.nfs.script.

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Mar  6 07:09:06 UTC 2024 on atb-devel-224

ctdb-scripts: Remove unnecessary 06.nfs.script

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-doc: Put NFS in grace on startipreallocate

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-doc: Factor out grace period function

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-client: Remove unused function

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-scripts: Add handling for startipreallocate

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb: send a CTDB_SRVID_START_IPREALLOCATE message after CTDB_EVENT_START_IPREALLOCATE

Event scripts run the "start_ipreallocate" hook in order to notice
that some ip addresses in the cluster potentially changed.

CTDB_SRVID_START_IPREALLOCATE gives C code a chance to get notified as well
once the event scripts are finished.

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-takeover: Use CTDB_CONTROL_START_IPREALLOCATE

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-server: Implement CTDB_CONTROL_START_IPREALLOCATE

Trigger a "startipreallocate" event, but only if in RUNNING runstate.
"startipreallocate" is intended to allow an NFS server to be put into
grace on all nodes before any locks are released as part of releaseip
during failover.  If node A is leader and initiates a takeover run
then node B may be connected/active but may not have completed
startup.  In this case, the attempt to put NFS-Ganesha into grace on
node B will fail, startipreallocate will fail, and the node will be
banned.

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-protocol: Add new control CTDB_CONTROL_START_IPREALLOCATE

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-daemon: Implement startipreallocate event

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-protocol: Add new event startipreallocate

A new event is needed for NFS lock reclaim to ensure all nodes are in
grace before any locks are released. This event must take place before
releaseip.

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-common: Remove old runstate/string translation functions

The canonical versions are in protocol utils.

These were unused apart from some stray forward declarations in
tools/ctdb.c and a single call in ctdb_set_runstate(), where
ctdb_runstate_to_string() can be used instead.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-common: Remove unused variable ctdb_eventscript_call_names.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-daemon: Use ctdb_event_to_string()

ctdb_eventscript_call_names() will be dropped so the mapping between
events and strings is only maintained in one place.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Volker Lendecke <vl@samba.org>

lib/ldb-samba: Remove unused ldb.set_opaque_integer()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar  5 03:55:33 UTC 2024 on atb-devel-224

dsdb: Remove calls to ldb.set_opaque_integer()

This routine will shortly be removed, it is now replaced by an
improved ldb.set_opaque()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

lib/ldb-samba: Align py_ldb_set_opaque_integer() with pyldb_set_opaque() and use "unsigned long long"

We need to change the internal types assumed in Samba for the opaque
integers to "unsigned long long" as this is what ldb.set_opaque() will
create, and we want to move to this interface rather than have a
duplicate.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

lib/ldb: Allocate opaque on ldb_ctx

Just in case this LDB is given away into the C code, that opaque must live
as long as the LDB itself, not the python wrapper object.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

python/samba/provision: Ensure KDS root key is usable as soon as provision is complete

We do this by setting the start time to being 10 hours 5min earlier
than now.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

selftest: Assert that the provision KDS root key is already valid for use

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

pytest:samba-tool domain kds root-key: test with normal user

It would be bad if samba-tool let ordinary users read root-key secrets.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar  4 03:20:46 UTC 2024 on atb-devel-224

samba-tool: tidy up uncaught insufficient rights LdbError

It is likely that many sub-commands will produce a traceback when people
go `-H ldap://server -Ubob` when they needed to go `-UAdministrator`.

We can catch these and show only the core message.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb: Update ldb.get_opaque() to return talloc‐managed opaque values

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Mar  3 23:33:44 UTC 2024 on atb-devel-224

ldb: Update ldb.set_opaque() to accept only supported types

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb: Remove trailing whitespace

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb: Pass a supported opaque type to ldb.set_opaque()

We are about to modify ldb.set_opaque() to accept only certain types,
and ldb.Ldb is not one of those types.

Pass in a value that is supported and whose lifetime is guaranteed to
outlive the Ldb object.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb: Add tests for Python set_opaque() and get_opaque()

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: Remove unused and broken Python access to LDB module API

These exposed the private LDB modules API to python, and was
untested and broken since LDB was made async internally as
it never called ldb_wait() on the result.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

pyldb: Improve docstric for whoami(), which takes no arguments.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

pyldb: Remove last caller to and definition of PyLdb_Check()

This is now checked by PyArg_ParseTupleAndKeywords().

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

pyldb: Use "O!" to specify the type of py_ldb

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

pyldb: Move PyErr_LDB_OR_RAISE() and PyErr_LDB_DN_OR_RAISE() into pyldb.h

While these style of macros are against our coding style, it is still better
to have them in a single place, and while pyldb.h is technically public
Samba is the only user of the C bindings.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

dns: Use pyldb_check_type() in PyErr_LDB_DN_OR_RAISE()

This prepares to move this macro into pyldb.h

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

dns: Use pyldb_Ldb_AsLdbContext() in PyErr_LDB_OR_RAISE()

This prepares to move this macro into pyldb.h

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

dsdb: Use pyldb_check_type() in PyErr_LDB_DN_OR_RAISE()

This prepares to move this macro into pyldb.h

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

dsdb: Use pyldb_Ldb_AsLdbContext() in PyErr_LDB_OR_RAISE()

This macro already checks the type, so we do not need to call
py_check_dcerpc_type() and prepares to move this macro into pyldb.h

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb/pyldb: Call Py_DECREF(list) on failure in PyLdbResult_FromResult()

We need to drop the reference to the list we created if we
are going to fail.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb/pyldb: Check errors from PyLdbMessage_FromMessage

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Create ClaimType in the model layer instead

Having it inside a command isn't very re-usable.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar  1 05:52:53 UTC 2024 on atb-devel-224

netcmd: models: ClaimType: move all dunder methods to the top for consistency

It's nice to consistently list the __str__ method first and all the dunder methods, then the static methods, then the rest.

At least for the models.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: claims: tidy up, avoid setting enabled twice

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: rename lookup methods to find for consistency

There are a mixture of methods called either 'lookup' or 'find'.

This dates back to when they raised LookupError, but these now raise NotFound.

They should be all called 'find' for consistency.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Rename username to account_name for consistency

When creating the User model initially, "username" was the only field that was inconsistently named, it maps to "sAMAccountName".

It should really have been account "account_name".

There is also a field "account_type" and should be similarly named to "account_name".

Basically the naming of fields should always be consistent, breaking the rule for one field only was a mistake.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Add optional base_dn argument to Model.query method

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Add Person and OrganizationalPerson

Move only those fields over that we already had on User that actually belong on Person and OrganizationalPerson

There are more fields to add later.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Add a repr method to Query for help in the shell

This means in the shell you can just do User.query(samdb) without having to wrap it in list() all the time.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Rename method to Query._from_message for consistency

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Model.from_message should be internal

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: silos: silo and auth policy commands use Query class better

Since the introduction of the Query class these can be written to be a lot clearer using models.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: silos: silo and auth policy commands use print

This adds more consistency with newer code added after these commands.

But also print seems more flexible and requires no newline characters added constantly which ends up being a bit cleaner.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: move remove trustee code to the GMSA model

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: move add trustee code to the GMSA model

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: tests: add tests for service-account commands

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: gmsa: cli commands for managing group msa membership

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: gmsa: base cli commands for group managed service accounts

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

python: models: Computer constructor automatically adds "$" to account name

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

selftest: aces: fix mutable default args in assemble_ace

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

selftest: aces: use constant from samba.security

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

python: sd_utils: pep8 import sorting

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

python: sd_utils: remove redundant brackets around simple assert statements

Ideally these should be exceptions not asserts

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

python: sd_utils: pep8 fix spacing around

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: properly show command name in show help

This comes up if a user ends up typing something wrong, and it incorrectly showed only part of the command under Usage:

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: add newline before epilog so there is a space between

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: model __json__ method should call as_dict instead

The comment about RelatedField is not really relevant so removed that part, RelatedField isn't used at this point.

The idea with RelatedField is that it fetches the object (vs DnField which just returns a Dn).

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: setting kwarg to None should use field default

This comes up when trying to create a GroupManagedServiceAccount and setting the value of managed_password_interval to None.

We still want it to pick up the field default of 30 in this case.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Model.query adds optional polymorphic flag for returning specific class types

This defaults to False, query the User class returns only User instances.

    User.query(samdb)

When set to True, query the User class can return User, Computer, ManagedServiceAccount instances.

    User.query(samdb, polymorphic=True)

If polymorphic is False the same records are still returned but records will always be interpreted as the model that is being queried only, rather than a more specific model that matches that object class.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: ModelMeta needs to also set fields and meta if class is Model

This is needed for polymorphic query, if querying from the Base model, which was not previously a feature.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: move object_sid field from User to base Model

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: bring Model class forward into module

This is important for polymorphic query support

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: ModelMeta no longer needs to inherit from ABCMeta

There are no more abstract methods since the previous commit, so ABCMeta is no longer needed.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Model.get_object_class returns top instead of None

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Query.first and Query.last should use count from instance

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: set the default for managed password interval on the model

This is to avoid having to provide a default in multiple places

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: move group msa membership default to constants

This means the constant can be imported and used by the tests

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: shell: show Models subheading

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: make MODELS constant keyed by object class instead

This helps with polymorphic querying, mapping object class name to model class.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: move MODELS constant to constants.py to avoid import loop

query.py and models.py otherwise cause an import loop, query.py needs to import MODELS

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: update docstring of Computer.find method

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: gmsa move find method to Computer model

The find method is the same as the find method from the User model, with the exception of adding "$".

This means it is actually logic that belongs in the parent class of GroupManagedServiceAccount, which is Computer.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: gmsa GroupManagedServiceAccount inherits from Computer

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: gmsa move GroupManagedServiceAccount model to gmsa.py

It needs to inherit from the Computer model, the Computer model also inherits from User.

First, moving it to its own file from user.py to gmsa.py

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: gmsa trustees update docstring and incorrect return type

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: gmsa trustees property only looks at allowed aces

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: make GroupManagedServiceAccount.trustees a property

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: avoid fetching each user in trustees method

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: Remove unused groups_sddl method from User model

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

netcmd: models: add default SDDL to group_msa_membership

LA can be used for the administrator and Windows will expand that on save, making the group_sddl method redundant.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

WHATSNEW: Add information on LDB no longer available standalone

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar  1 03:45:21 UTC 2024 on atb-devel-224

build: Allow --with-ldbmodulesdir to override location of LDB modules

This will allow some packagers to set this to a directory that does
not mention Samba, or to put a version string in to avoid loading
old modules.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb: Unconditionally set LDB_PACKAGE_VERSION

This is only parsed once now and there is no confusion with the main build, so we can set it without checking.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb: Remove "private_library" variable with just one user

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb: Rename VERSION to LDB_VERSION to avoid confusion

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

lib/ldb: Remove duplicate aspects of build system

We no longer need aspects of our build that made sense for the standalone
operation of LDB now that ldb is only provided as part of Samba.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ldb: Remove remaining components of independent ldb build system

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

lib/ldb: Remove references to conf.env.standalone_ldb

This is not a simple replacement as we are merging the standalone build features with
the main Samba build features.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>