From: Rob van der Linde <rob@catalyst.net.nz>
Date: Mon, 11 Mar 2024 23:23:36 +0000 (+1300)
Subject: netcmd: models: add User.get_sid_for_principal helper
X-Git-Tag: tdb-1.4.11~1437
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e22f8f303458efca9bed9a3223d62d2e55aa0a4;p=thirdparty%2Fsamba.git

netcmd: models: add User.get_sid_for_principal helper

Unlike User.find, this will not fetch the User if an SID is provided.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/python/samba/netcmd/domain/models/user.py b/python/samba/netcmd/domain/models/user.py
index 0e05bfc3358..48fcd80a7e1 100644
--- a/python/samba/netcmd/domain/models/user.py
+++ b/python/samba/netcmd/domain/models/user.py
@@ -25,6 +25,7 @@ from ldb import Dn
 from samba.dcerpc.security import dom_sid
 from samba.dsdb import DS_GUID_USERS_CONTAINER
 
+from .exceptions import NotFound
 from .fields import DnField, EnumField, IntegerField, NtTimeField, StringField
 from .person import OrganizationalPerson
 from .types import AccountType, UserAccountControl
@@ -89,3 +90,19 @@ class User(OrganizationalPerson):
                 query = {"account_name": name}
 
         return cls.get(ldb, **query)
+
+    @classmethod
+    def get_sid_for_principal(cls, ldb, principal) -> str:
+        """Return object_sid for the provided principal.
+
+        If principal is already an object sid then return without fetching,
+        this is different to `User.find` which must fetch the User.
+        """
+        try:
+            return str(dom_sid(principal))
+        except ValueError:
+            user = cls.find(ldb, principal)
+            if user:
+                return user.object_sid
+            else:
+                raise NotFound(f"Principal {principal} not found.")