"is restricted to selected devices.",
dest="user_allow_ntlm_auth", action="store_true",
default=False),
+ Option("--user-allowed-to-authenticate-from",
+ help="Conditions user is allowed to authenticate from.",
+ dest="user_allowed_to_authenticate_from", type=str, action="store"),
+ Option("--user-allowed-to-authenticate-to",
+ help="Conditions user is allowed to authenticate to.",
+ dest="user_allowed_to_authenticate_to", type=str, action="store"),
Option("--service-tgt-lifetime",
help="Ticket-Granting-Ticket lifetime for service accounts.",
dest="service_tgt_lifetime", type=int, action="store",
"is restricted to selected devices.",
dest="service_allow_ntlm_auth", action="store_true",
default=False),
+ Option("--service-allowed-to-authenticate-from",
+ help="Conditions service is allowed to authenticate from.",
+ dest="service_allowed_to_authenticate_from", type=str, action="store"),
+ Option("--service-allowed-to-authenticate-to",
+ help="Conditions service is allowed to authenticate to.",
+ dest="service_allowed_to_authenticate_to", type=str, action="store"),
Option("--computer-tgt-lifetime",
help="Ticket-Granting-Ticket lifetime for computer accounts.",
dest="computer_tgt_lifetime", type=int, action="store",
validators=[Range(min=MIN_TGT_LIFETIME, max=MAX_TGT_LIFETIME)]),
+ Option("--computer-allowed-to-authenticate-to",
+ help="Conditions computer is allowed to authenticate to.",
+ dest="computer_allowed_to_authenticate_to", type=str, action="store"),
]
def run(self, ldap_url=None, sambaopts=None, credopts=None, name=None,
description=None, protect=None, unprotect=None, audit=None,
enforce=None, strong_ntlm_policy=None, user_tgt_lifetime=None,
- user_allow_ntlm_auth=None, service_tgt_lifetime=None,
- service_allow_ntlm_auth=None, computer_tgt_lifetime=None):
+ user_allow_ntlm_auth=None, user_allowed_to_authenticate_from=None,
+ user_allowed_to_authenticate_to=None, service_tgt_lifetime=None,
+ service_allow_ntlm_auth=None, service_allowed_to_authenticate_from=None,
+ service_allowed_to_authenticate_to=None, computer_tgt_lifetime=None,
+ computer_allowed_to_authenticate_to=None):
if not name:
raise CommandError("Argument --name is required.")
strong_ntlm_policy=StrongNTLMPolicy[strong_ntlm_policy.upper()],
user_allow_ntlm_auth=user_allow_ntlm_auth,
user_tgt_lifetime=user_tgt_lifetime,
+ user_allowed_to_authenticate_from=user_allowed_to_authenticate_from,
+ user_allowed_to_authenticate_to=user_allowed_to_authenticate_to,
service_allow_ntlm_auth=service_allow_ntlm_auth,
service_tgt_lifetime=service_tgt_lifetime,
+ service_allowed_to_authenticate_from=service_allowed_to_authenticate_from,
+ service_allowed_to_authenticate_to=service_allowed_to_authenticate_to,
computer_tgt_lifetime=computer_tgt_lifetime,
+ computer_allowed_to_authenticate_to=computer_allowed_to_authenticate_to,
)
# Either --enforce will be set or --audit but never both.
"is restricted to selected devices.",
dest="user_allow_ntlm_auth", action="store_true",
default=False),
+ Option("--user-allowed-to-authenticate-from",
+ help="Conditions user is allowed to authenticate from.",
+ dest="user_allowed_to_authenticate_from", type=str, action="store"),
+ Option("--user-allowed-to-authenticate-to",
+ help="Conditions user is allowed to authenticate to.",
+ dest="user_allowed_to_authenticate_to", type=str, action="store"),
Option("--service-tgt-lifetime",
help="Ticket-Granting-Ticket lifetime for service accounts.",
dest="service_tgt_lifetime", type=int, action="store",
"is restricted to selected devices.",
dest="service_allow_ntlm_auth", action="store_true",
default=False),
+ Option("--service-allowed-to-authenticate-from",
+ help="Conditions service is allowed to authenticate from.",
+ dest="service_allowed_to_authenticate_from", type=str, action="store"),
+ Option("--service-allowed-to-authenticate-to",
+ help="Conditions service is allowed to authenticate to.",
+ dest="service_allowed_to_authenticate_to", type=str, action="store"),
Option("--computer-tgt-lifetime",
help="Ticket-Granting-Ticket lifetime for computer accounts.",
dest="computer_tgt_lifetime", type=int, action="store",
validators=[Range(min=MIN_TGT_LIFETIME, max=MAX_TGT_LIFETIME)]),
+ Option("--computer-allowed-to-authenticate-to",
+ help="Conditions computer is allowed to authenticate to.",
+ dest="computer_allowed_to_authenticate_to", type=str, action="store"),
]
def run(self, ldap_url=None, sambaopts=None, credopts=None, name=None,
description=None, protect=None, unprotect=None, audit=None,
enforce=None, strong_ntlm_policy=None, user_tgt_lifetime=None,
- user_allow_ntlm_auth=None, service_tgt_lifetime=None,
- service_allow_ntlm_auth=None, computer_tgt_lifetime=None):
+ user_allow_ntlm_auth=None, user_allowed_to_authenticate_from=None,
+ user_allowed_to_authenticate_to=None, service_tgt_lifetime=None,
+ service_allow_ntlm_auth=None, service_allowed_to_authenticate_from=None,
+ service_allowed_to_authenticate_to=None, computer_tgt_lifetime=None,
+ computer_allowed_to_authenticate_to=None):
if not name:
raise CommandError("Argument --name is required.")
if user_tgt_lifetime is not None:
policy.user_tgt_lifetime = user_tgt_lifetime
+ if user_allowed_to_authenticate_from is not None:
+ policy.user_allowed_to_authenticate_from = \
+ user_allowed_to_authenticate_from
+
+ if user_allowed_to_authenticate_to is not None:
+ policy.user_allowed_to_authenticate_to = \
+ user_allowed_to_authenticate_to
+
# Service sign on
##################
if service_tgt_lifetime is not None:
policy.service_tgt_lifetime = service_tgt_lifetime
+ if service_allowed_to_authenticate_from is not None:
+ policy.service_allowed_to_authenticate_from = \
+ service_allowed_to_authenticate_from
+
+ if service_allowed_to_authenticate_to is not None:
+ policy.service_allowed_to_authenticate_to = \
+ service_allowed_to_authenticate_to
+
# Computer
###########
if computer_tgt_lifetime is not None:
policy.computer_tgt_lifetime = computer_tgt_lifetime
+ if computer_allowed_to_authenticate_to is not None:
+ policy.computer_allowed_to_authenticate_to = \
+ computer_allowed_to_authenticate_to
+
# Update policy.
try:
policy.save(ldb)
projects / thirdparty / samba.git / commitdiff
