1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

netcmd: models: add SDDL model field

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Rob van der Linde 2023-09-20 12:52:31 +12:00 committed by Andrew Bartlett
parent 83d321e764
commit 1325e01303
2 changed files with 72 additions and 1 deletions

View File

@ -28,6 +28,7 @@ from datetime import datetime
from xml.etree import ElementTree
from ldb import Dn, MessageElement, string_to_time, timestring
from samba.dcerpc import security
from samba.dcerpc.misc import GUID
from samba.ndr import ndr_pack, ndr_unpack
@ -311,6 +312,36 @@ class GUIDField(Field):
return MessageElement(ndr_pack(GUID(value)), flags, self.name)
class SDDLField(Field):
"""A SDDL field encodes and decodes SDDL data."""
def from_db_value(self, ldb, value):
if value is None:
return
elif len(value) > 1 or self.many:
return [ndr_unpack(security.descriptor, item).as_sddl()
for item in value]
else:
return ndr_unpack(security.descriptor, value[0]).as_sddl()
def to_db_value(self, ldb, value, flags):
domain_sid = security.dom_sid(ldb.get_domain_sid())
if value is None:
return
elif isinstance(value, list):
return MessageElement([ndr_pack(security.descriptor.from_sddl(
item, domain_sid)) for item in value],
flags,
self.name)
else:
return MessageElement(
ndr_pack(security.descriptor.from_sddl(value,
domain_sid)),
flags,
self.name
)
class BooleanField(Field):
"""A simple boolean field, can be a bool or list of bool."""

View File

@ -25,10 +25,11 @@ from datetime import datetime
from xml.etree import ElementTree
from ldb import FLAG_MOD_ADD, MessageElement, SCOPE_ONELEVEL
from samba.dcerpc import security
from samba.dcerpc.misc import GUID
from samba.netcmd.domain.models import User, fields
from samba.netcmd.domain.models.auth_policy import StrongNTLMPolicy
from samba.ndr import ndr_unpack
from samba.ndr import ndr_pack, ndr_unpack
from .base import SambaToolCmdTest
@ -276,6 +277,45 @@ class GUIDFieldTest(FieldTestMixin, SambaToolCmdTest):
]
class SDDLFieldTest(FieldTestMixin, SambaToolCmdTest):
field = fields.SDDLField("FieldName")
def setUp(self):
super().setUp()
self.domain_sid = security.dom_sid(self.samdb.get_domain_sid())
def encode(self, value):
return ndr_pack(security.descriptor.from_sddl(value, self.domain_sid))
@property
def to_db_value(self):
values = [
"O:SYG:SYD:(XA;OICI;CR;;;WD;(Member_of {SID(AU)}))",
"O:SYG:SYD:(XA;OICI;CR;;;WD;(Member_of {SID(AO)}))",
"O:SYG:SYD:(XA;OICI;CR;;;WD;((Member_of {SID(AO)}) || (Member_of {SID(BO)})))",
"O:SYG:SYD:(XA;OICI;CR;;;WD;(Member_of {SID(%s)}))" % self.domain_sid,
]
expected = [
(value, MessageElement(self.encode(value))) for value in values
]
expected.append((None, None))
return expected
@property
def from_db_value(self):
values = [
"O:SYG:SYD:(XA;OICI;CR;;;WD;(Member_of {SID(AU)}))",
"O:SYG:SYD:(XA;OICI;CR;;;WD;(Member_of {SID(AO)}))",
"O:SYG:SYD:(XA;OICI;CR;;;WD;((Member_of {SID(AO)}) || (Member_of {SID(BO)})))",
"O:SYG:SYD:(XA;OICI;CR;;;WD;(Member_of {SID(%s)}))" % self.domain_sid,
]
expected = [
(MessageElement(self.encode(value)), value) for value in values
]
expected.append((None, None))
return expected
class PossibleClaimValuesFieldTest(FieldTestMixin, SambaToolCmdTest):
field = fields.PossibleClaimValuesField("FieldName")