</para></listitem>
</varlistentry>
<varlistentry>
- <term>--user-policy</term>
+ <term>--user-authentication-policy</term>
<listitem><para>
- User account policy.
+ User account authentication policy.
</para></listitem>
</varlistentry>
<varlistentry>
- <term>--service-policy</term>
+ <term>--service-authentication-policy</term>
<listitem><para>
- Managed Service Account policy.
+ Managed service account authentication policy.
</para></listitem>
</varlistentry>
<varlistentry>
- <term>--computer-policy</term>
+ <term>--computer-authentication-policy</term>
<listitem><para>
- Computer Account policy.
+ Computer authentication policy.
</para></listitem>
</varlistentry>
<varlistentry>
</para></listitem>
</varlistentry>
<varlistentry>
- <term>--user-policy</term>
+ <term>--user-authentication-policy</term>
<listitem><para>
- User account policy.
+ User account authentication policy.
</para></listitem>
</varlistentry>
<varlistentry>
- <term>--service-policy</term>
+ <term>--service-authentication-policy</term>
<listitem><para>
- Managed Service Account policy.
+ Managed service account authentication policy.
</para></listitem>
</varlistentry>
<varlistentry>
- <term>--computer-policy</term>
+ <term>--computer-authentication-policy</term>
<listitem><para>
- Computer Account policy.
+ Computer authentication policy.
</para></listitem>
</varlistentry>
<varlistentry>
Option("--description",
help="Optional description for authentication silo.",
dest="description", action="store", type=str),
- Option("--user-policy",
- help="User account policy.",
- dest="user_policy", action="store", type=str),
- Option("--service-policy",
- help="Managed Service Account policy.",
- dest="service_policy", action="store", type=str),
- Option("--computer-policy",
- help="Computer account policy.",
- dest="computer_policy", action="store", type=str),
+ Option("--user-authentication-policy",
+ help="User account authentication policy.",
+ dest="user_authentication_policy", action="store", type=str),
+ Option("--service-authentication-policy",
+ help="Managed service account authentication policy.",
+ dest="service_authentication_policy", action="store", type=str),
+ Option("--computer-authentication-policy",
+ help="Computer authentication policy.",
+ dest="computer_authentication_policy", action="store", type=str),
Option("--protect",
help="Protect authentication silo from accidental deletion.",
dest="protect", action="store_true"),
except (LookupError, ValueError) as e:
raise CommandError(e)
- def run(self, hostopts=None, sambaopts=None, credopts=None, name=None,
- description=None, user_policy=None, service_policy=None,
- computer_policy=None, protect=None, unprotect=None, audit=None,
- enforce=None):
+ def run(self, hostopts=None, sambaopts=None, credopts=None,
+ name=None, description=None,
+ user_authentication_policy=None,
+ service_authentication_policy=None,
+ computer_authentication_policy=None,
+ protect=None, unprotect=None,
+ audit=None, enforce=None):
if protect and unprotect:
raise CommandError("--protect and --unprotect cannot be used together.")
silo = AuthenticationSilo(cn=name, description=description)
# Set user policy
- if user_policy:
- silo.user_policy = self.get_policy(ldb, user_policy).dn
+ if user_authentication_policy:
+ silo.user_authentication_policy = \
+ self.get_policy(ldb, user_authentication_policy).dn
# Set service policy
- if service_policy:
- silo.service_policy = self.get_policy(ldb, service_policy).dn
+ if service_authentication_policy:
+ silo.service_authentication_policy = \
+ self.get_policy(ldb, service_authentication_policy).dn
# Set computer policy
- if computer_policy:
- silo.computer_policy = self.get_policy(ldb, computer_policy).dn
+ if computer_authentication_policy:
+ silo.computer_authentication_policy = \
+ self.get_policy(ldb, computer_authentication_policy).dn
# Either --enforce will be set or --audit but never both.
# The default if both are missing is enforce=True.
Option("--description",
help="Optional description for authentication silo.",
dest="description", action="store", type=str),
- Option("--user-policy",
- help="Set User account policy.",
- dest="user_policy", action="store", type=str),
- Option("--service-policy",
- help="Set Managed Service Account policy.",
- dest="service_policy", action="store", type=str),
- Option("--computer-policy",
- help="Set Computer Account policy.",
- dest="computer_policy", action="store", type=str),
+ Option("--user-authentication-policy",
+ help="User account authentication policy.",
+ dest="user_authentication_policy", action="store", type=str),
+ Option("--service-authentication-policy",
+ help="Managed service account authentication policy.",
+ dest="service_authentication_policy", action="store", type=str),
+ Option("--computer-authentication-policy",
+ help="Computer authentication policy.",
+ dest="computer_authentication_policy", action="store", type=str),
Option("--protect",
help="Protect authentication silo from accidental deletion.",
dest="protect", action="store_true"),
except (LookupError, ModelError, ValueError) as e:
raise CommandError(e)
- def run(self, hostopts=None, sambaopts=None, credopts=None, name=None,
- description=None, user_policy=None, service_policy=None,
- computer_policy=None, protect=None, unprotect=None, audit=None,
- enforce=None):
+ def run(self, hostopts=None, sambaopts=None, credopts=None,
+ name=None, description=None,
+ user_authentication_policy=None,
+ service_authentication_policy=None,
+ computer_authentication_policy=None,
+ protect=None, unprotect=None,
+ audit=None, enforce=None):
if audit and enforce:
raise CommandError("--audit and --enforce cannot be used together.")
silo.description = description
# Set or unset user policy.
- if user_policy == "":
- silo.user_policy = None
- elif user_policy:
- silo.user_policy = self.get_policy(ldb, user_policy).dn
+ if user_authentication_policy == "":
+ silo.user_authentication_policy = None
+ elif user_authentication_policy:
+ silo.user_authentication_policy = \
+ self.get_policy(ldb, user_authentication_policy).dn
# Set or unset service policy.
- if service_policy == "":
- silo.service_policy = None
- elif service_policy:
- silo.service_policy = self.get_policy(ldb, service_policy).dn
+ if service_authentication_policy == "":
+ silo.service_authentication_policy = None
+ elif service_authentication_policy:
+ silo.service_authentication_policy = \
+ self.get_policy(ldb, service_authentication_policy).dn
# Set or unset computer policy.
- if computer_policy == "":
- silo.computer_policy = None
- elif computer_policy:
- silo.computer_policy = self.get_policy(ldb, computer_policy).dn
+ if computer_authentication_policy == "":
+ silo.computer_authentication_policy = None
+ elif computer_authentication_policy:
+ silo.computer_authentication_policy = \
+ self.get_policy(ldb, computer_authentication_policy).dn
# Update silo
try:
class AuthenticationSilo(Model):
description = StringField("description")
enforced = BooleanField("msDS-AuthNPolicySiloEnforced")
- user_policy = DnField("msDS-UserAuthNPolicy")
- service_policy = DnField("msDS-ServiceAuthNPolicy")
- computer_policy = DnField("msDS-ComputerAuthNPolicy")
+ user_authentication_policy = DnField("msDS-UserAuthNPolicy")
+ service_authentication_policy = DnField("msDS-ServiceAuthNPolicy")
+ computer_authentication_policy = DnField("msDS-ComputerAuthNPolicy")
members = DnField("msDS-AuthNPolicySiloMembers", many=True)
@staticmethod
cls.create_authentication_policy(name="Service Policy")
cls.create_authentication_policy(name="Computer Policy")
- cls.create_authentication_silo(name="Developers",
- description="Developers, Developers",
- user_policy="User Policy")
- cls.create_authentication_silo(name="Managers",
- description="Managers",
- user_policy="User Policy")
- cls.create_authentication_silo(name="QA",
- description="Quality Assurance",
- user_policy="User Policy",
- service_policy="Service Policy",
- computer_policy="Computer Policy")
+ cls.create_authentication_silo(
+ name="Developers",
+ description="Developers, Developers",
+ user_authentication_policy="User Policy")
+ cls.create_authentication_silo(
+ name="Managers",
+ description="Managers",
+ user_authentication_policy="User Policy")
+ cls.create_authentication_silo(
+ name="QA",
+ description="Quality Assurance",
+ user_authentication_policy="User Policy",
+ service_authentication_policy="Service Policy",
+ computer_authentication_policy="Computer Policy")
def get_services_dn(self):
"""Returns Services DN."""
@classmethod
def create_authentication_silo(cls, name, description=None,
- user_policy=None, service_policy=None,
- computer_policy=None, audit=False,
- protect=False):
+ user_authentication_policy=None,
+ service_authentication_policy=None,
+ computer_authentication_policy=None,
+ audit=False, protect=False):
"""Create an authentication silo using the samba-tool command."""
# Base command for create authentication policy.
cmd = ["domain", "auth", "silo", "create", "--name", name]
# Authentication policies.
- if user_policy:
- cmd += ["--user-policy", user_policy]
- if service_policy:
- cmd += ["--service-policy", service_policy]
- if computer_policy:
- cmd += ["--computer-policy", computer_policy]
+ if user_authentication_policy:
+ cmd += ["--user-authentication-policy",
+ user_authentication_policy]
+ if service_authentication_policy:
+ cmd += ["--service-authentication-policy",
+ service_authentication_policy]
+ if computer_authentication_policy:
+ cmd += ["--computer-authentication-policy",
+ computer_authentication_policy]
# Other optional attributes.
if description is not None:
result, out, err = self.runcmd("domain", "auth", "silo", "create",
"--name", "singlePolicy",
- "--user-policy", "User Policy")
+ "--user-authentication-policy", "User Policy")
self.assertIsNone(result, msg=err)
# Check silo that was created
result, out, err = self.runcmd("domain", "auth", "silo", "create",
"--name", "multiplePolicies",
- "--user-policy", "User Policy",
- "--service-policy", "Service Policy",
- "--computer-policy", "Computer Policy")
+ "--user-authentication-policy",
+ "User Policy",
+ "--service-authentication-policy",
+ "Service Policy",
+ "--computer-authentication-policy",
+ "Computer Policy")
self.assertIsNone(result, msg=err)
# Check silo that was created.
result, out, err = self.runcmd("domain", "auth", "silo", "create",
"--name", "singlePolicyDN",
- "--user-policy", policy["dn"])
+ "--user-authentication-policy", policy["dn"])
self.assertIsNone(result, msg=err)
# Check silo that was created
"""Test creating a new authentication silo that already exists."""
result, out, err = self.runcmd("domain", "auth", "silo", "create",
"--name", "Developers",
- "--user-policy", "User Policy")
+ "--user-authentication-policy", "User Policy")
self.assertEqual(result, -1)
self.assertIn("Authentication silo Developers already exists.", err)
def test_authentication_silo_create_name_missing(self):
"""Test create authentication silo without --name argument."""
result, out, err = self.runcmd("domain", "auth", "silo", "create",
- "--user-policy", "User Policy")
+ "--user-authentication-policy", "User Policy")
self.assertEqual(result, -1)
self.assertIn("Argument --name is required.", err)
result, out, err = self.runcmd("domain", "auth", "silo", "create",
"--name", "auditPolicies",
- "--user-policy", "User Policy",
+ "--user-authentication-policy", "User Policy",
"--audit")
self.assertIsNone(result, msg=err)
result, out, err = self.runcmd("domain", "auth", "silo", "create",
"--name", "enforcePolicies",
- "--user-policy", "User Policy",
+ "--user-authentication-policy", "User Policy",
"--enforce")
self.assertIsNone(result, msg=err)
"""Test create authentication silo using both --audit and --enforce."""
result, out, err = self.runcmd("domain", "auth", "silo", "create",
"--name", "enforceTogether",
- "--user-policy", "User Policy",
+ "--user-authentication-policy", "User Policy",
"--audit", "--enforce")
self.assertEqual(result, -1)
self.assertIn("--audit and --enforce cannot be used together.", err)
"""Test create authentication silo using --protect and --unprotect."""
result, out, err = self.runcmd("domain", "auth", "silo",
"create", "--name", "protectTogether",
- "--user-policy", "User Policy",
+ "--user-authentication-policy", "User Policy",
"--protect", "--unprotect")
self.assertEqual(result, -1)
self.assertIn("--protect and --unprotect cannot be used together.", err)
"""Test create authentication silo with a policy that doesn't exist."""
result, out, err = self.runcmd("domain", "auth", "silo", "create",
"--name", "policyNotFound",
- "--user-policy", "Invalid Policy")
+ "--user-authentication-policy", "Invalid Policy")
self.assertEqual(result, -1)
self.assertIn("Authentication policy Invalid Policy not found.", err)
add_mock.side_effect = ModelError("Custom error message")
result, out, err = self.runcmd("domain", "auth", "silo", "create",
"--name", "createFails",
- "--user-policy", "User Policy")
+ "--user-authentication-policy", "User Policy")
self.assertEqual(result, -1)
self.assertIn("Custom error message", err)
# Create non-protected authentication silo.
result, out, err = self.runcmd("domain", "auth", "silo", "create",
"--name=deleteTest",
- "--user-policy", "User Policy")
+ "--user-authentication-policy", "User Policy")
self.assertIsNone(result, msg=err)
silo = self.get_authentication_silo("deleteTest")
self.assertIsNotNone(silo)
# Create protected authentication silo.
result, out, err = self.runcmd("domain", "auth", "silo", "create",
"--name=deleteProtected",
- "--user-policy", "User Policy",
+ "--user-authentication-policy", "User Policy",
"--protect")
self.assertIsNone(result, msg=err)
silo = self.get_authentication_silo("deleteProtected")
# Create protected authentication silo.
result, out, err = self.runcmd("domain", "auth", "silo", "create",
"--name=deleteForceFail",
- "--user-policy", "User Policy",
+ "--user-authentication-policy", "User Policy",
"--protect")
self.assertIsNone(result, msg=err)
silo = self.get_authentication_silo("deleteForceFail")
# Create regular authentication silo.
result, out, err = self.runcmd("domain", "auth", "silo", "create",
"--name=regularSilo",
- "--user-policy", "User Policy")
+ "--user-authentication-policy", "User Policy")
self.assertIsNone(result, msg=err)
silo = self.get_authentication_silo("regularSilo")
self.assertIsNotNone(silo)
# Create protected authentication silo.
result, out, err = self.runcmd("domain", "auth", "silo", "create",
"--name=protectedSilo",
- "--user-policy", "User Policy",
+ "--user-authentication-policy", "User Policy",
"--protect")
self.assertIsNone(result, msg=err)
silo = self.get_authentication_silo("protectedSilo")
projects / thirdparty / samba.git / commitdiff
