mirror of
https://github.com/samba-team/samba.git
synced 2025-12-23 00:23:53 +03:00
7fafb268bf
Only touch files where samba.domain.models import was moved Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
171 lines
5.2 KiB
Python
171 lines
5.2 KiB
Python
# Unix SMB/CIFS implementation.
|
|
#
|
|
# manage assigned authentication policies on a user
|
|
#
|
|
# Copyright (C) Catalyst.Net Ltd. 2023
|
|
#
|
|
# Written by Rob van der Linde <rob@catalyst.net.nz>
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
import samba.getopt as options
|
|
from samba.domain.models import AuthenticationPolicy, User
|
|
from samba.domain.models.exceptions import ModelError
|
|
from samba.netcmd import Command, CommandError, Option, SuperCommand
|
|
|
|
|
|
class cmd_user_auth_policy_assign(Command):
|
|
"""Set the assigned authentication policy on a user."""
|
|
|
|
synopsis = "%prog <username> [options]"
|
|
|
|
takes_args = ["username"]
|
|
|
|
takes_optiongroups = {
|
|
"sambaopts": options.SambaOptions,
|
|
"credopts": options.CredentialsOptions,
|
|
"hostopts": options.HostOptions,
|
|
}
|
|
|
|
takes_options = [
|
|
Option("--policy", help="Authentication policy name.",
|
|
action="store", dest="policy_name", type=str, required=True),
|
|
]
|
|
|
|
def run(self, username, hostopts=None, sambaopts=None, credopts=None,
|
|
policy_name=None):
|
|
|
|
ldb = self.ldb_connect(hostopts, sambaopts, credopts)
|
|
|
|
try:
|
|
user = User.find(ldb, username)
|
|
policy = AuthenticationPolicy.get(ldb, name=policy_name)
|
|
except ModelError as e:
|
|
raise CommandError(e)
|
|
|
|
# User and policy exist.
|
|
if user is None:
|
|
raise CommandError(f"User {username} not found.")
|
|
if policy is None:
|
|
raise CommandError(f"Authentication policy {policy_name} not found.")
|
|
|
|
# Set assigned policy.
|
|
user.assigned_policy = policy.dn
|
|
|
|
try:
|
|
user.save(ldb)
|
|
except ModelError as e:
|
|
raise CommandError(f"Set assigned authentication policy failed: {e}")
|
|
|
|
print(f"User {username} assigned to authentication policy {policy}",
|
|
file=self.outf)
|
|
|
|
|
|
class cmd_user_auth_policy_remove(Command):
|
|
"""Remove the assigned authentication policy on a user."""
|
|
|
|
synopsis = "%prog <username> [options]"
|
|
|
|
takes_args = ["username"]
|
|
|
|
takes_optiongroups = {
|
|
"sambaopts": options.SambaOptions,
|
|
"credopts": options.CredentialsOptions,
|
|
"hostopts": options.HostOptions,
|
|
}
|
|
|
|
def run(self, username, hostopts=None, sambaopts=None, credopts=None):
|
|
|
|
ldb = self.ldb_connect(hostopts, sambaopts, credopts)
|
|
|
|
try:
|
|
user = User.find(ldb, username)
|
|
except ModelError as e:
|
|
raise CommandError(e)
|
|
|
|
# User exists
|
|
if user is None:
|
|
raise CommandError(f"User {username} not found.")
|
|
|
|
# Get previous policy for display.
|
|
if user.assigned_policy:
|
|
try:
|
|
policy = AuthenticationPolicy.get(ldb, dn=user.assigned_policy)
|
|
except ModelError as e:
|
|
raise CommandError(e)
|
|
else:
|
|
policy = None
|
|
|
|
# Unset assigned authentication policy
|
|
user.assigned_policy = None
|
|
|
|
try:
|
|
user.save(ldb)
|
|
except ModelError as e:
|
|
raise CommandError(f"Remove assigned authentication policy failed: {e}")
|
|
|
|
print(f"User {username} removed from authentication policy {policy}",
|
|
file=self.outf)
|
|
|
|
|
|
class cmd_user_auth_policy_view(Command):
|
|
"""View the current assigned authentication policy on a user."""
|
|
|
|
synopsis = "%prog <username> [options]"
|
|
|
|
takes_args = ["username"]
|
|
|
|
takes_optiongroups = {
|
|
"sambaopts": options.SambaOptions,
|
|
"credopts": options.CredentialsOptions,
|
|
"hostopts": options.HostOptions,
|
|
}
|
|
|
|
def run(self, username, hostopts=None, sambaopts=None, credopts=None):
|
|
|
|
ldb = self.ldb_connect(hostopts, sambaopts, credopts)
|
|
|
|
try:
|
|
user = User.find(ldb, username)
|
|
|
|
# Check user exists before fetching policy.
|
|
if user is None:
|
|
raise CommandError(f"User {username} not found.")
|
|
|
|
if user.assigned_policy:
|
|
policy = AuthenticationPolicy.get(ldb, dn=user.assigned_policy)
|
|
else:
|
|
policy = None
|
|
|
|
except ModelError as e:
|
|
raise CommandError(e)
|
|
|
|
if policy:
|
|
print(f"User {username} assigned to authentication policy {policy}",
|
|
file=self.outf)
|
|
else:
|
|
print(f"User {username} has no assigned authentication policy.",
|
|
file=self.outf)
|
|
|
|
|
|
class cmd_user_auth_policy(SuperCommand):
|
|
"""Manage authentication policies on a user."""
|
|
|
|
subcommands = {
|
|
"assign": cmd_user_auth_policy_assign(),
|
|
"remove": cmd_user_auth_policy_remove(),
|
|
"view": cmd_user_auth_policy_view(),
|
|
}
|