The branch, master has been updated via 619caa1ba40 docs: update manpage for samba-tool via d5a0d7aa8be netcmd: tests for claims client tool via cf0a3a8c60b netcmd: add claim sub-commands to samba-tool domain via 5a4f4b39486 sd_utils: fix typo in get_sd_as_sddl docstring via 01c6bc55c7e netcmd: simplify boolean check via 44f881fd349 netcmd: domain: move trust command to domain/trust.py via 2a71bade849 netcmd: domain: move tombstones command to domain/tombstones.py via 75e7935b503 netcmd: domain: move schemaupgrade command to domain/schemaupgrade.py via dff87f051f1 netcmd: domain: move samba3upgrade command to domain/samba3upgrade.py via 5986937d12c netcmd: domain: move provision command to domain/provision.py via 49bc6a478b6 netcmd: domain: move paswordsettings command to domain/passwordsettings.py via 8d4f6761b26 netcmd: domain: move level command to domain/level.py via e7ad2364a5e netcmd: domain: move leave command to domain/leave.py via 12d5ea7f588 netcmd: domain: move keytab command to domain/keytab.py via 8001e07746d netcmd: domain: move join command to domain/join.py via fefa5e74d19 netcmd: domain: move info command to domain/info.py via 908f7ff5537 netcmd: domain: move functional_prep command to domain/functional_prep.py via c22b8dc1c58 netcmd: domain: move demote command to domain/demote.py via 72f6f7a79cf netcmd: domain: move dcpromo command to domain/dcpromo.py via d26054d7da7 netcmd: domain: move classicupgrade command to domain/classicupgrade.py via 6cecd7d08b1 netcmd: domain: move domain_backup.py to domain/backup.py via 4d6a2b01674 netcmd: domain: fix unused imports via 2534aba94d2 netcmd: domain: turn domain.py into a module from 360b7394644 s3: smbd: Fix dumb typos that meant smb1.SMB1-DFS-* tests were running against an SMB2-only fileserver.
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 619caa1ba40f28be77b4f068fc18fada9d4b3597 Author: Rob van der Linde <r...@catalyst.net.nz> Date: Thu Mar 23 16:13:55 2023 +1300 docs: update manpage for samba-tool Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Fri Mar 31 08:25:11 UTC 2023 on atb-devel-224 commit d5a0d7aa8be2ed953658faba21c1c53990b83e6c Author: Rob van der Linde <r...@catalyst.net.nz> Date: Thu Mar 23 13:51:51 2023 +1300 netcmd: tests for claims client tool Added delete protected test to known fail as Samba doesn't seem to enforce this yet. Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit cf0a3a8c60b24a0d311b116a24727d9b7293cb48 Author: Rob van der Linde <r...@catalyst.net.nz> Date: Mon Mar 20 13:48:56 2023 +1300 netcmd: add claim sub-commands to samba-tool domain Claim Type: * samba-tool domain claim claim-type list * samba-tool domain claim claim-type create * samba-tool domain claim claim-type delete * samba-tool domain claim claim-type modify * samba-tool domain claim claim-type view Claim Value Type: * samba-tool domain claim value-type list * samba-tool domain claim value-type view To add a claim type use the attribute name, it will look up the attribute in the attribute schema and use that data type and description. Claim types can be protected from accidental deletion just like Windows, use --protect To delete protected claim types use --force. Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 5a4f4b39486facd1323fd7d5c22ea90d5d32ad30 Author: Rob van der Linde <r...@catalyst.net.nz> Date: Mon Mar 20 13:35:24 2023 +1300 sd_utils: fix typo in get_sd_as_sddl docstring Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 01c6bc55c7ea285608a4056782afb415ed5a66ed Author: Rob van der Linde <r...@catalyst.net.nz> Date: Wed Mar 1 14:19:15 2023 +1300 netcmd: simplify boolean check Should use "is" for checking booleans rather than "==" in Python, however these can also be simplified. Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 44f881fd3493be93a7d956119d572a946fafd95b Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 13:41:49 2023 +1300 netcmd: domain: move trust command to domain/trust.py Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 2a71bade8492a9a6c39ab98662eae7e18897349a Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 13:37:01 2023 +1300 netcmd: domain: move tombstones command to domain/tombstones.py Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 75e7935b503308458442cf0ef46899b04cea40c5 Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 13:34:20 2023 +1300 netcmd: domain: move schemaupgrade command to domain/schemaupgrade.py Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit dff87f051f180a48fad9d12039622c6df9396f2c Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 13:30:17 2023 +1300 netcmd: domain: move samba3upgrade command to domain/samba3upgrade.py Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 5986937d12c237121d4e62fa6dfa0f5dadec263d Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 13:28:17 2023 +1300 netcmd: domain: move provision command to domain/provision.py Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 49bc6a478b6de213425f048b28e5af0644a46aed Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 13:18:50 2023 +1300 netcmd: domain: move paswordsettings command to domain/passwordsettings.py Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 8d4f6761b26142be62b4da59ea6c3d8bbc4de62f Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 13:09:14 2023 +1300 netcmd: domain: move level command to domain/level.py Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e7ad2364a5ec5cc709467430f7014bc5c5bd5d2d Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 13:05:07 2023 +1300 netcmd: domain: move leave command to domain/leave.py Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 12d5ea7f58892ee0ff93ebee7d02c592f1540746 Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 13:02:57 2023 +1300 netcmd: domain: move keytab command to domain/keytab.py Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 8001e07746dd1466c98564bfd3b1c9d723e5b948 Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 13:00:26 2023 +1300 netcmd: domain: move join command to domain/join.py Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit fefa5e74d1917847489a74630be645a7f85ae3ed Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 12:57:45 2023 +1300 netcmd: domain: move info command to domain/info.py Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 908f7ff55374407d6d8faec501666e9b135f9dcc Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 12:54:49 2023 +1300 netcmd: domain: move functional_prep command to domain/functional_prep.py Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit c22b8dc1c5876e78a6ff162e52a79923f5a5c372 Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 12:42:24 2023 +1300 netcmd: domain: move demote command to domain/demote.py Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 72f6f7a79cf47a6e45a2347d0cb01255bad3a209 Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 12:24:33 2023 +1300 netcmd: domain: move dcpromo command to domain/dcpromo.py Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d26054d7da7a04587350ff4dbf9c53bd8d462b79 Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 12:12:55 2023 +1300 netcmd: domain: move classicupgrade command to domain/classicupgrade.py Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 6cecd7d08b1362e95c0bbb17b5a3a1b4209a9bb5 Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 11:54:58 2023 +1300 netcmd: domain: move domain_backup.py to domain/backup.py Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 4d6a2b016740806b219bf0460bbca1befdf1e44c Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 12:32:07 2023 +1300 netcmd: domain: fix unused imports Fix existing unused imports first, before splitting the file. Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 2534aba94d2dc854fcf695924262fc3512b54b7a Author: Rob van der Linde <r...@catalyst.net.nz> Date: Fri Mar 31 11:50:13 2023 +1300 netcmd: domain: turn domain.py into a module The domain.py file has become quite large at over 5000 lines, splitting it now before adding more sub commands. Signed-off-by: Rob van der Linde <r...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: docs-xml/manpages/samba-tool.8.xml | 267 +++ python/samba/netcmd/domain/__init__.py | 71 + .../netcmd/{domain_backup.py => domain/backup.py} | 2 +- .../domain/claim/__init__.py} | 31 +- python/samba/netcmd/domain/claim/base.py | 181 ++ python/samba/netcmd/domain/claim/claim_type.py | 439 ++++ python/samba/netcmd/domain/claim/value_type.py | 115 + python/samba/netcmd/domain/classicupgrade.py | 189 ++ python/samba/netcmd/domain/common.py | 125 ++ python/samba/netcmd/domain/dcpromo.py | 91 + python/samba/netcmd/domain/demote.py | 339 +++ python/samba/netcmd/domain/functional_prep.py | 140 ++ python/samba/netcmd/domain/info.py | 58 + python/samba/netcmd/domain/join.py | 146 ++ python/samba/netcmd/domain/keytab.py | 55 + python/samba/netcmd/domain/leave.py | 59 + python/samba/netcmd/domain/level.py | 206 ++ python/samba/netcmd/domain/passwordsettings.py | 316 +++ python/samba/netcmd/domain/provision.py | 408 ++++ .../policy.py => netcmd/domain/samba3upgrade.py} | 30 +- python/samba/netcmd/domain/schemaupgrade.py | 350 +++ python/samba/netcmd/domain/tombstones.py | 116 + python/samba/netcmd/{domain.py => domain/trust.py} | 2224 +------------------- python/samba/sd_utils.py | 2 +- python/samba/tests/samba_tool/claim.py | 570 +++++ selftest/knownfail.d/claims-client-tool | 1 + source4/selftest/tests.py | 1 + 27 files changed, 4285 insertions(+), 2247 deletions(-) create mode 100644 python/samba/netcmd/domain/__init__.py rename python/samba/netcmd/{domain_backup.py => domain/backup.py} (99%) copy python/samba/{auth_util.py => netcmd/domain/claim/__init__.py} (58%) create mode 100644 python/samba/netcmd/domain/claim/base.py create mode 100644 python/samba/netcmd/domain/claim/claim_type.py create mode 100644 python/samba/netcmd/domain/claim/value_type.py create mode 100644 python/samba/netcmd/domain/classicupgrade.py create mode 100644 python/samba/netcmd/domain/common.py create mode 100644 python/samba/netcmd/domain/dcpromo.py create mode 100644 python/samba/netcmd/domain/demote.py create mode 100644 python/samba/netcmd/domain/functional_prep.py create mode 100644 python/samba/netcmd/domain/info.py create mode 100644 python/samba/netcmd/domain/join.py create mode 100644 python/samba/netcmd/domain/keytab.py create mode 100644 python/samba/netcmd/domain/leave.py create mode 100644 python/samba/netcmd/domain/level.py create mode 100644 python/samba/netcmd/domain/passwordsettings.py create mode 100644 python/samba/netcmd/domain/provision.py copy python/samba/{tests/policy.py => netcmd/domain/samba3upgrade.py} (52%) create mode 100644 python/samba/netcmd/domain/schemaupgrade.py create mode 100644 python/samba/netcmd/domain/tombstones.py rename python/samba/netcmd/{domain.py => domain/trust.py} (53%) create mode 100644 python/samba/tests/samba_tool/claim.py create mode 100644 selftest/knownfail.d/claims-client-tool Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml index 6dd25a11c59..0834f606659 100644 --- a/docs-xml/manpages/samba-tool.8.xml +++ b/docs-xml/manpages/samba-tool.8.xml @@ -599,6 +599,273 @@ <para>Restore the domain's DB from a backup-file.</para> </refsect3> +<refsect3> + <title>domain claim claim-type list</title> + <para>List claim types on the domain.</para> + <variablelist> + <varlistentry> + <term>-H, --URL</term> + <listitem><para> + LDB URL for database or target server. + </para></listitem> + </varlistentry> + <varlistentry> + <term>--json</term> + <listitem><para> + View claim types as JSON instead of a list. + </para></listitem> + </varlistentry> + </variablelist> +</refsect3> + +<refsect3> + <title>domain claim claim-type view</title> + <para>View a single claim type on the domain.</para> + <variablelist> + <varlistentry> + <term>-H, --URL</term> + <listitem><para> + LDB URL for database or target server. + </para></listitem> + </varlistentry> + <varlistentry> + <term>--name</term> + <listitem><para> + Display name of claim type to view (required). + </para></listitem> + </varlistentry> + </variablelist> +</refsect3> + +<refsect3> + <title>domain claim claim-type create</title> + <para>Create claim types on the domain.</para> + <variablelist> + <varlistentry> + <term>-H, --URL</term> + <listitem><para> + LDB URL for database or target server. + </para></listitem> + </varlistentry> + <varlistentry> + <term>--attribute</term> + <listitem><para> + Attribute of claim type to create (required). + </para></listitem> + </varlistentry> + <varlistentry> + <term>--class</term> + <listitem> + <para> + Object classes to set claim type to. + </para> + <para> + Example: --class=user --class=computer + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>--name</term> + <listitem><para> + Optional display name or use attribute name. + </para></listitem> + </varlistentry> + <varlistentry> + <term>--description</term> + <listitem><para> + Optional description or use from attribute. + </para></listitem> + </varlistentry> + <varlistentry> + <term>--enable</term> + <listitem> + <para> + Enable claim type. + </para> + <para> + Cannot be used together with --disable. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>--disable</term> + <listitem> + <para> + Disable claim type. + </para> + <para> + Cannot be used together with --enable. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>--protect</term> + <listitem> + <para> + Protect claim type from accidental deletion. + </para> + <para> + Cannot be used together with --unprotect. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>--unprotect</term> + <listitem> + <para> + Unprotect claim type from accidental deletion. + </para> + <para> + Cannot be used together with --protect. + </para> + </listitem> + </varlistentry> + </variablelist> +</refsect3> + +<refsect3> + <title>domain claim claim-type modify</title> + <para>Modify claim types on the domain.</para> + <variablelist> + <varlistentry> + <term>-H, --URL</term> + <listitem><para> + LDB URL for database or target server. + </para></listitem> + </varlistentry> + <varlistentry> + <term>--name</term> + <listitem><para> + Display name of claim type to modify (required). + </para></listitem> + </varlistentry> + <varlistentry> + <term>--class</term> + <listitem> + <para> + Object classes to set claim type to. + </para> + <para> + Example: --class=user --class=computer + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>--description</term> + <listitem><para> + Set the claim type description. + </para></listitem> + </varlistentry> + <varlistentry> + <term>--enable</term> + <listitem> + <para> + Enable claim type. + </para> + <para> + Cannot be used together with --disable. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>--disable</term> + <listitem> + <para> + Disable claim type. + </para> + <para> + Cannot be used together with --enable. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>--protect</term> + <listitem> + <para> + Protect claim type from accidental deletion. + </para> + <para> + Cannot be used together with --unprotect. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>--unprotect</term> + <listitem> + <para> + Unprotect claim type from accidental deletion. + </para> + <para> + Cannot be used together with --protect. + </para> + </listitem> + </varlistentry> + </variablelist> +</refsect3> + +<refsect3> + <title>domain claim claim-type delete</title> + <para>Delete claim types on the domain.</para> + <variablelist> + <varlistentry> + <term>-H, --URL</term> + <listitem><para> + LDB URL for database or target server. + </para></listitem> + </varlistentry> + <varlistentry> + <term>--name</term> + <listitem><para> + Display name of claim type to delete (required). + </para></listitem> + </varlistentry> + <varlistentry> + <term>--force</term> + <listitem><para> + Force claim type delete even if it is protected. + </para></listitem> + </varlistentry> + </variablelist> +</refsect3> + +<refsect3> + <title>domain claim value-type list</title> + <para>List claim value types on the domain.</para> + <variablelist> + <varlistentry> + <term>-H, --URL</term> + <listitem><para> + LDB URL for database or target server. + </para></listitem> + </varlistentry> + <varlistentry> + <term>--json</term> + <listitem><para> + View claim value types as JSON instead of a list. + </para></listitem> + </varlistentry> + </variablelist> +</refsect3> + +<refsect3> + <title>domain claim value-type view</title> + <para>View a single claim value type on the domain.</para> + <variablelist> + <varlistentry> + <term>-H, --URL</term> + <listitem><para> + LDB URL for database or target server. + </para></listitem> + </varlistentry> + <varlistentry> + <term>--name</term> + <listitem><para> + Display name of claim value type to view (required). + </para></listitem> + </varlistentry> + </variablelist> +</refsect3> + <refsect3> <title>domain classicupgrade [options] <replaceable>classic_smb_conf</replaceable></title> <para>Upgrade from Samba classic (NT4-like) database to Samba AD DC diff --git a/python/samba/netcmd/domain/__init__.py b/python/samba/netcmd/domain/__init__.py new file mode 100644 index 00000000000..552784e180d --- /dev/null +++ b/python/samba/netcmd/domain/__init__.py @@ -0,0 +1,71 @@ +# domain management +# +# Copyright Matthias Dieter Wallnoefer 2009 +# Copyright Andrew Kroeger 2009 +# Copyright Jelmer Vernooij 2007-2012 +# Copyright Giampaolo Lauria 2011 +# Copyright Matthieu Patou <m...@matws.net> 2011 +# Copyright Andrew Bartlett 2008-2015 +# Copyright Stefan Metzmacher 2012 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +from samba import is_ad_dc_built +from samba.netcmd import SuperCommand + +from .backup import cmd_domain_backup +from .claim import cmd_domain_claim +from .classicupgrade import cmd_domain_classicupgrade +from .common import (common_join_options, common_ntvfs_options, + common_provision_join_options, string_to_level) +from .dcpromo import cmd_domain_dcpromo +from .demote import cmd_domain_demote +from .functional_prep import cmd_domain_functional_prep +from .info import cmd_domain_info +from .join import cmd_domain_join +from .keytab import cmd_domain_export_keytab +from .leave import cmd_domain_leave +from .level import cmd_domain_level +from .passwordsettings import cmd_domain_passwordsettings +from .provision import cmd_domain_provision +from .samba3upgrade import cmd_domain_samba3upgrade +from .schemaupgrade import cmd_domain_schema_upgrade +from .tombstones import cmd_domain_tombstones +from .trust import cmd_domain_trust + + +class cmd_domain(SuperCommand): + """Domain management.""" + + subcommands = {} + if cmd_domain_export_keytab is not None: + subcommands["exportkeytab"] = cmd_domain_export_keytab() + subcommands["info"] = cmd_domain_info() + subcommands["join"] = cmd_domain_join() + subcommands["leave"] = cmd_domain_leave() + subcommands["claim"] = cmd_domain_claim() + if is_ad_dc_built(): + subcommands["demote"] = cmd_domain_demote() + subcommands["provision"] = cmd_domain_provision() + subcommands["dcpromo"] = cmd_domain_dcpromo() + subcommands["level"] = cmd_domain_level() + subcommands["passwordsettings"] = cmd_domain_passwordsettings() + subcommands["classicupgrade"] = cmd_domain_classicupgrade() + subcommands["samba3upgrade"] = cmd_domain_samba3upgrade() + subcommands["trust"] = cmd_domain_trust() + subcommands["tombstones"] = cmd_domain_tombstones() + subcommands["schemaupgrade"] = cmd_domain_schema_upgrade() + subcommands["functionalprep"] = cmd_domain_functional_prep() + subcommands["backup"] = cmd_domain_backup() diff --git a/python/samba/netcmd/domain_backup.py b/python/samba/netcmd/domain/backup.py similarity index 99% rename from python/samba/netcmd/domain_backup.py rename to python/samba/netcmd/domain/backup.py index 9eaba7dea1d..fe667c85632 100644 --- a/python/samba/netcmd/domain_backup.py +++ b/python/samba/netcmd/domain/backup.py @@ -36,7 +36,7 @@ from samba.dcerpc.security import dom_sid from samba.netcmd import Option, CommandError from samba.dcerpc import misc, security, drsblobs from samba import Ldb -from . fsmo import cmd_fsmo_seize +from samba.netcmd.fsmo import cmd_fsmo_seize from samba.provision import make_smbconf, DEFAULTSITE from samba.upgradehelpers import update_krbtgt_account_password from samba.remove_dc import remove_dc diff --git a/python/samba/auth_util.py b/python/samba/netcmd/domain/claim/__init__.py similarity index 58% copy from python/samba/auth_util.py copy to python/samba/netcmd/domain/claim/__init__.py index f616bb48c10..de7c4bb5d08 100644 --- a/python/samba/auth_util.py +++ b/python/samba/netcmd/domain/claim/__init__.py @@ -1,7 +1,10 @@ # Unix SMB/CIFS implementation. -# auth util helpers # -# Copyright (C) Ralph Boehme <s...@samba.org> 2019 +# claim management +# +# Copyright (C) Catalyst.Net Ltd. 2023 +# +# Written by Rob van der Linde <r...@catalyst.net.nz> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -15,20 +18,18 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +from samba.netcmd import SuperCommand -from samba.auth import ( - system_session, - session_info_fill_unix, - copy_session_info, -) +from .claim_type import cmd_domain_claim_claim_type +from .value_type import cmd_domain_claim_value_type -def system_session_unix(): - """ - Return a copy of the system session_info with a valid UNIX token - """ - session_info = system_session() - session_info_unix = copy_session_info(session_info) - session_info_fill_unix(session_info_unix, None) +class cmd_domain_claim(SuperCommand): + """Manage claims on the domain.""" - return session_info_unix + subcommands = { + "claim-type": cmd_domain_claim_claim_type(), + "value-type": cmd_domain_claim_value_type(), + } diff --git a/python/samba/netcmd/domain/claim/base.py b/python/samba/netcmd/domain/claim/base.py new file mode 100644 index 00000000000..1db4174042a --- /dev/null +++ b/python/samba/netcmd/domain/claim/base.py @@ -0,0 +1,181 @@ +# Unix SMB/CIFS implementation. +# +# claim management - base class and common code +# +# Copyright (C) Catalyst.Net Ltd. 2023 +# +# Written by Rob van der Linde <r...@catalyst.net.nz> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +from xml.etree import ElementTree + +from ldb import Dn, SCOPE_ONELEVEL +from samba.netcmd import Command +from samba.netcmd.domain.common import parse_guid, parse_text + + +# Namespaces for PossibleValues xml parsing. +NS_POSSIBLE_VALUES = { + "xsd": "http://www.w3.org/2001/XMLSchema", + "xsi": "http://www.w3.org/2001/XMLSchema-instance", + "": "http://schemas.microsoft.com/2010/08/ActiveDirectory/PossibleValues" +} + + +class ClaimCommand(Command): + """Base class for all claim commands.""" + + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + self.ldb = None + + def get_services_dn(self): + """Returns Services DN.""" + services_dn = self.ldb.get_config_basedn() + services_dn.add_child("CN=Services") + return services_dn + + def get_claim_types_dn(self): + """Returns the Claim Types DN.""" + claim_types_dn = self.get_services_dn() + claim_types_dn.add_child("CN=Claim Types,CN=Claims Configuration") + return claim_types_dn + + def get_value_types_dn(self): + """Returns the Value Types DN.""" + value_types_dn = self.get_services_dn() + value_types_dn.add_child("CN=Value Types,CN=Claims Configuration") + return value_types_dn + + def parse_possible_values(self, value): + """Parse PossibleValues XML and return as list of dicts.""" + if value is not None: + root = ElementTree.fromstring(str(value)) + string_list = root.find("StringList", NS_POSSIBLE_VALUES) + + values = [] + for item in string_list.findall("Item", NS_POSSIBLE_VALUES): + values.append({ -- Samba Shared Repository