From: Rob van der Linde Date: Thu, 27 Jul 2023 05:30:14 +0000 (+1200) Subject: netcmd: user: move user sensitive command X-Git-Tag: tevent-0.16.0~1256 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=10aa17a40394cca55941f0eada4967f01bbd7644;p=thirdparty%2Fsamba.git netcmd: user: move user sensitive command Signed-off-by: Rob van der Linde Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- diff --git a/python/samba/netcmd/user/__init__.py b/python/samba/netcmd/user/__init__.py index a4a07696e34..204dd45f0e6 100644 --- a/python/samba/netcmd/user/__init__.py +++ b/python/samba/netcmd/user/__init__.py @@ -17,20 +17,7 @@ # along with this program. If not, see . # -import samba.getopt as options -import ldb -from samba.auth import system_session -from samba.samdb import SamDB -from samba import ( - dsdb, -) - -from samba.netcmd import ( - Command, - CommandError, - SuperCommand, - Option, -) +from samba.netcmd import SuperCommand from .add import cmd_user_add from .add_unix_attrs import cmd_user_add_unix_attrs @@ -53,6 +40,7 @@ from .list import cmd_user_list from .move import cmd_user_move from .password import cmd_user_password from .rename import cmd_user_rename +from .sensitive import cmd_user_sensitive from .setexpiry import cmd_user_setexpiry from .setpassword import cmd_user_setpassword from .setprimarygroup import cmd_user_setprimarygroup @@ -60,63 +48,6 @@ from .show import cmd_user_show from .unlock import cmd_user_unlock -class cmd_user_sensitive(Command): - """Set/unset or show UF_NOT_DELEGATED for an account.""" - - synopsis = "%prog [(show|on|off)] [options]" - - takes_optiongroups = { - "sambaopts": options.SambaOptions, - "credopts": options.CredentialsOptions, - "versionopts": options.VersionOptions, - } - - takes_options = [ - Option("-H", "--URL", help="LDB URL for database or target server", type=str, - metavar="URL", dest="H"), - ] - - takes_args = ["accountname", "cmd"] - - def run(self, accountname, cmd, H=None, credopts=None, sambaopts=None, - versionopts=None): - - if cmd not in ("show", "on", "off"): - raise CommandError("invalid argument: '%s' (choose from 'show', 'on', 'off')" % cmd) - - lp = sambaopts.get_loadparm() - creds = credopts.get_credentials(lp, fallback_machine=True) - sam = SamDB(url=H, session_info=system_session(), - credentials=creds, lp=lp) - - search_filter = "sAMAccountName=%s" % ldb.binary_encode(accountname) - flag = dsdb.UF_NOT_DELEGATED; - - if cmd == "show": - res = sam.search(scope=ldb.SCOPE_SUBTREE, expression=search_filter, - attrs=["userAccountControl"]) - if len(res) == 0: - raise Exception("Unable to find account where '%s'" % search_filter) - - uac = int(res[0].get("userAccountControl")[0]) - - self.outf.write("Account-DN: %s\n" % str(res[0].dn)) - self.outf.write("UF_NOT_DELEGATED: %s\n" % bool(uac & flag)) - - return - - if cmd == "on": - on = True - elif cmd == "off": - on = False - - try: - sam.toggle_userAccountFlags(search_filter, flag, flags_str="Not-Delegated", - on=on, strict=True) - except Exception as err: - raise CommandError(err) - - class cmd_user(SuperCommand): """User management.""" diff --git a/python/samba/netcmd/user/sensitive.py b/python/samba/netcmd/user/sensitive.py new file mode 100644 index 00000000000..a0b50bdf6de --- /dev/null +++ b/python/samba/netcmd/user/sensitive.py @@ -0,0 +1,83 @@ +# user management +# +# user sensitive command +# +# Copyright Jelmer Vernooij 2010 +# Copyright Theresa Halloran 2011 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import samba.getopt as options +from samba import dsdb, ldb +from samba.auth import system_session +from samba.netcmd import Command, CommandError, Option +from samba.samdb import SamDB + + +class cmd_user_sensitive(Command): + """Set/unset or show UF_NOT_DELEGATED for an account.""" + + synopsis = "%prog [(show|on|off)] [options]" + + takes_optiongroups = { + "sambaopts": options.SambaOptions, + "credopts": options.CredentialsOptions, + "versionopts": options.VersionOptions, + } + + takes_options = [ + Option("-H", "--URL", help="LDB URL for database or target server", type=str, + metavar="URL", dest="H"), + ] + + takes_args = ["accountname", "cmd"] + + def run(self, accountname, cmd, H=None, credopts=None, sambaopts=None, + versionopts=None): + + if cmd not in ("show", "on", "off"): + raise CommandError("invalid argument: '%s' (choose from 'show', 'on', 'off')" % cmd) + + lp = sambaopts.get_loadparm() + creds = credopts.get_credentials(lp, fallback_machine=True) + sam = SamDB(url=H, session_info=system_session(), + credentials=creds, lp=lp) + + search_filter = "sAMAccountName=%s" % ldb.binary_encode(accountname) + flag = dsdb.UF_NOT_DELEGATED; + + if cmd == "show": + res = sam.search(scope=ldb.SCOPE_SUBTREE, expression=search_filter, + attrs=["userAccountControl"]) + if len(res) == 0: + raise Exception("Unable to find account where '%s'" % search_filter) + + uac = int(res[0].get("userAccountControl")[0]) + + self.outf.write("Account-DN: %s\n" % str(res[0].dn)) + self.outf.write("UF_NOT_DELEGATED: %s\n" % bool(uac & flag)) + + return + + if cmd == "on": + on = True + elif cmd == "off": + on = False + + try: + sam.toggle_userAccountFlags(search_filter, flag, flags_str="Not-Delegated", + on=on, strict=True) + except Exception as err: + raise CommandError(err)