import re
from samba.dcerpc import nbt
from samba.net import Net
+from samba.netcmd import CommandError
import ldb
NEVER_TIMESTAMP = int(-0x8000000000000000)
-def _get_user_realm_domain(user):
+def _get_user_realm_domain(user, sam=None):
r""" get the realm or the domain and the base user
from user like:
* username
* DOMAIN\username
* username@REALM
+
+ A SamDB object can also be passed in to check
+ our domain or realm against the obtained ones.
"""
baseuser = user
- realm = ""
- domain = ""
m = re.match(r"(\w+)\\(\w+$)", user)
if m:
domain = m.group(1)
baseuser = m.group(2)
- return (baseuser.lower(), realm, domain.upper())
+
+ if sam is not None:
+ our_domain = sam.domain_netbios_name()
+ if domain.lower() != our_domain.lower():
+ raise CommandError(f"Given domain '{domain}' does not match "
+ f"our domain '{our_domain}'!")
+
+ return (baseuser.lower(), "", domain.upper())
+
+ realm = ""
m = re.match(r"(\w+)@(\w+)", user)
if m:
baseuser = m.group(1)
realm = m.group(2)
- return (baseuser.lower(), realm.upper(), domain)
+
+ if sam is not None:
+ our_realm = sam.domain_dns_name()
+ our_realm_initial = our_realm.split('.', 1)[0]
+ if realm.lower() != our_realm_initial.lower():
+ raise CommandError(f"Given realm '{realm}' does not match our "
+ f"realm '{our_realm}'!")
+
+ return (baseuser.lower(), realm.upper(), "")
def netcmd_dnsname(lp):
credentials=creds, lp=lp)
# TODO once I understand how, use the domain info to naildown
# to the correct domain
- (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
+ (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname,
+ sam)
res = sam.search(expression="sAMAccountName=%s" %
ldb.binary_encode(cleanedaccount),
credentials=creds, lp=lp)
# TODO once I understand how, use the domain info to naildown
# to the correct domain
- (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
+ (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname,
+ sam)
search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
flag = dsdb.UF_TRUSTED_FOR_DELEGATION
credentials=creds, lp=lp)
# TODO once I understand how, use the domain info to naildown
# to the correct domain
- (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
+ (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname,
+ sam)
search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount)
flag = dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
credentials=creds, lp=lp)
# TODO once I understand how, use the domain info to naildown
# to the correct domain
- (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
+ (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname,
+ sam)
res = sam.search(expression="sAMAccountName=%s" %
ldb.binary_encode(cleanedaccount),
credentials=creds, lp=lp)
# TODO once I understand how, use the domain info to naildown
# to the correct domain
- (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname)
+ (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname,
+ sam)
res = sam.search(expression="sAMAccountName=%s" %
ldb.binary_encode(cleanedaccount),
credentials=creds, lp=lp)
# TODO once I understand how, use the domain info to naildown
# to the correct domain
- cleanedaccount, _, _ = _get_user_realm_domain(accountname)
+ cleanedaccount, _, _ = _get_user_realm_domain(accountname, sam)
account_res = sam.search(
expression="sAMAccountName=%s" %
# TODO once I understand how, use the domain info to naildown
# to the correct domain
- cleanedprinc, _, _ = _get_user_realm_domain(principal)
+ cleanedprinc, _, _ = _get_user_realm_domain(principal, sam)
princ_res = sam.search(expression="sAMAccountName=%s" %
ldb.binary_encode(cleanedprinc),
credentials=creds, lp=lp)
# TODO once I understand how, use the domain info to naildown
# to the correct domain
- cleanedaccount, _, _ = _get_user_realm_domain(accountname)
+ cleanedaccount, _, _ = _get_user_realm_domain(accountname, sam)
account_res = sam.search(
expression="sAMAccountName=%s" %
# TODO once I understand how, use the domain info to naildown
# to the correct domain
- cleanedprinc, _, _ = _get_user_realm_domain(
- principal)
+ cleanedprinc, _, _ = _get_user_realm_domain(principal, sam)
princ_res = sam.search(expression="sAMAccountName=%s" %
ldb.binary_encode(cleanedprinc),
credentials=creds, lp=lp)
# TODO once I understand how, use the domain info to naildown
# to the correct domain
- (cleaneduser, realm, domain) = _get_user_realm_domain(user)
+ (cleaneduser, realm, domain) = _get_user_realm_domain(user, sam)
self.outf.write(cleaneduser + "\n")
res = sam.search(
expression="samaccountname=%s" % ldb.binary_encode(cleaneduser),
raise CommandError("Service principal %s already"
" affected to another user" % name)
- (cleaneduser, realm, domain) = _get_user_realm_domain(user)
+ (cleaneduser, realm, domain) = _get_user_realm_domain(user, sam)
res = sam.search(
expression="samaccountname=%s" % ldb.binary_encode(cleaneduser),
scope=ldb.SCOPE_SUBTREE, attrs=["servicePrincipalName"])
projects / thirdparty / samba.git / commitdiff
