netcmd: models: add User.get_sid_for_principal helper

Unlike User.find, this will not fetch the User if an SID is provided.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/python/samba/netcmd/domain/models/user.py b/python/samba/netcmd/domain/models/user.py
index 0e05bfc3358c05bf5a92180e36ff530fcef53c71..48fcd80a7e1ec7bd229da47ef0b81b1cccfb6bfb 100644 (file)
--- a/python/samba/netcmd/domain/models/user.py
+++ b/python/samba/netcmd/domain/models/user.py
@@ -25,6 +25,7 @@ from ldb import Dn
 from samba.dcerpc.security import dom_sid
 from samba.dsdb import DS_GUID_USERS_CONTAINER
 
+from .exceptions import NotFound
 from .fields import DnField, EnumField, IntegerField, NtTimeField, StringField
 from .person import OrganizationalPerson
 from .types import AccountType, UserAccountControl
@@ -89,3 +90,19 @@ class User(OrganizationalPerson):
                 query = {"account_name": name}
 
         return cls.get(ldb, **query)
+
+    @classmethod
+    def get_sid_for_principal(cls, ldb, principal) -> str:
+        """Return object_sid for the provided principal.
+
+        If principal is already an object sid then return without fetching,
+        this is different to `User.find` which must fetch the User.
+        """
+        try:
+            return str(dom_sid(principal))
+        except ValueError:
+            user = cls.find(ldb, principal)
+            if user:
+                return user.object_sid
+            else:
+                raise NotFound(f"Principal {principal} not found.")