"""Helper method for checking similar mutually exclusive args.
Example: --user-allowed-to-authenticate-from and
- --user-allowed-to-authenticate-from-silo
+ --user-allowed-to-authenticate-from-device-silo
"""
num = sum(arg is not None for arg in args)
if num > 1:
help="Conditions user is allowed to authenticate from.",
type=str, dest="allowed_to_authenticate_from",
action="callback", callback=self.set_option)
- self.add_option("--user-allowed-to-authenticate-from-silo",
- help="User is allowed to authenticate from silo.",
- type=str, dest="allowed_to_authenticate_from_silo",
+ self.add_option("--user-allowed-to-authenticate-from-device-silo",
+ help="User is allowed to authenticate from a device in a silo.",
+ type=str, dest="allowed_to_authenticate_from_device_silo",
action="callback", callback=self.set_option)
self.add_option("--user-allowed-to-authenticate-to",
help="Conditions user is allowed to authenticate to.",
help="Conditions service is allowed to authenticate from.",
type=str, dest="allowed_to_authenticate_from",
action="callback", callback=self.set_option)
- self.add_option("--service-allowed-to-authenticate-from-silo",
- help="Service is allowed to authenticate from silo.",
- type=str, dest="allowed_to_authenticate_from_silo",
+ self.add_option("--service-allowed-to-authenticate-from-device-silo",
+ help="Service is allowed to authenticate from a device in a silo.",
+ type=str, dest="allowed_to_authenticate_from_device_silo",
action="callback", callback=self.set_option)
self.add_option("--service-allowed-to-authenticate-to",
help="Conditions service is allowed to authenticate to.",
# Check for repeated, similar arguments.
check_similar_args("--user-allowed-to-authenticate-from",
[useropts.allowed_to_authenticate_from,
- useropts.allowed_to_authenticate_from_silo])
+ useropts.allowed_to_authenticate_from_device_silo])
check_similar_args("--user-allowed-to-authenticate-to",
[useropts.allowed_to_authenticate_to,
useropts.allowed_to_authenticate_to_by_silo])
check_similar_args("--service-allowed-to-authenticate-from",
[serviceopts.allowed_to_authenticate_from,
- serviceopts.allowed_to_authenticate_from_silo])
+ serviceopts.allowed_to_authenticate_from_device_silo])
check_similar_args("--service-allowed-to-authenticate-to",
[serviceopts.allowed_to_authenticate_to,
serviceopts.allowed_to_authenticate_to_by_silo])
ldb = self.ldb_connect(hostopts, sambaopts, credopts)
- # Generate SDDL for authenticating users from a silo
- if useropts.allowed_to_authenticate_from_silo:
+ # Generate SDDL for authenticating users from a device in a silo
+ if useropts.allowed_to_authenticate_from_device_silo:
silo = AuthenticationSilo.get(
- ldb, cn=useropts.allowed_to_authenticate_from_silo)
+ ldb, cn=useropts.allowed_to_authenticate_from_device_silo)
useropts.allowed_to_authenticate_from = silo.get_authentication_sddl()
# Generate SDDL for authenticating user accounts to a silo
ldb, cn=useropts.allowed_to_authenticate_to_by_silo)
useropts.allowed_to_authenticate_to = silo.get_authentication_sddl()
- # Generate SDDL for authenticating service accounts from a silo
- if serviceopts.allowed_to_authenticate_from_silo:
+ # Generate SDDL for authenticating service accounts from a device in a silo
+ if serviceopts.allowed_to_authenticate_from_device_silo:
silo = AuthenticationSilo.get(
- ldb, cn=serviceopts.allowed_to_authenticate_from_silo)
+ ldb, cn=serviceopts.allowed_to_authenticate_from_device_silo)
serviceopts.allowed_to_authenticate_from = silo.get_authentication_sddl()
# Generate SDDL for authenticating service accounts to a silo
# Check for repeated, similar arguments.
check_similar_args("--user-allowed-to-authenticate-from",
[useropts.allowed_to_authenticate_from,
- useropts.allowed_to_authenticate_from_silo])
+ useropts.allowed_to_authenticate_from_device_silo])
check_similar_args("--user-allowed-to-authenticate-to",
[useropts.allowed_to_authenticate_to,
useropts.allowed_to_authenticate_to_by_silo])
check_similar_args("--service-allowed-to-authenticate-from",
[serviceopts.allowed_to_authenticate_from,
- serviceopts.allowed_to_authenticate_from_silo])
+ serviceopts.allowed_to_authenticate_from_device_silo])
check_similar_args("--service-allowed-to-authenticate-to",
[serviceopts.allowed_to_authenticate_to,
serviceopts.allowed_to_authenticate_to_by_silo])
ldb = self.ldb_connect(hostopts, sambaopts, credopts)
- # Generate SDDL for authenticating users from a silo
- if useropts.allowed_to_authenticate_from_silo:
+ # Generate SDDL for authenticating users from a device in a silo
+ if useropts.allowed_to_authenticate_from_device_silo:
silo = AuthenticationSilo.get(
- ldb, cn=useropts.allowed_to_authenticate_from_silo)
+ ldb, cn=useropts.allowed_to_authenticate_from_device_silo)
useropts.allowed_to_authenticate_from = silo.get_authentication_sddl()
# Generate SDDL for authenticating user accounts to a silo
ldb, cn=useropts.allowed_to_authenticate_to_by_silo)
useropts.allowed_to_authenticate_to = silo.get_authentication_sddl()
- # Generate SDDL for authenticating service accounts from a silo
- if serviceopts.allowed_to_authenticate_from_silo:
+ # Generate SDDL for authenticating service accounts from a device in a silo
+ if serviceopts.allowed_to_authenticate_from_device_silo:
silo = AuthenticationSilo.get(
- ldb, cn=serviceopts.allowed_to_authenticate_from_silo)
+ ldb, cn=serviceopts.allowed_to_authenticate_from_device_silo)
serviceopts.allowed_to_authenticate_from = silo.get_authentication_sddl()
# Generate SDDL for authenticating service accounts to a silo
self.assertIn("--user-tgt-lifetime-mins must be between 45 and 2147483647",
err)
- def test_create__user_allowed_to_authenticate_from_silo(self):
- """Tests the --user-allowed-to-authenticate-from-silo shortcut."""
+ def test_create__user_allowed_to_authenticate_from_device_silo(self):
+ """Tests the --user-allowed-to-authenticate-from-device-silo shortcut."""
name = self.unique_name()
self.addCleanup(self.delete_authentication_policy, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
"--name", name,
- "--user-allowed-to-authenticate-from-silo",
+ "--user-allowed-to-authenticate-from-device-silo",
"Developers")
self.assertIsNone(result, msg=err)
self.assertIn("--service-tgt-lifetime-mins must be between 45 and 2147483647",
err)
- def test_create__service_allowed_to_authenticate_from_silo(self):
- """Tests the --service-allowed-to-authenticate-from-silo shortcut."""
+ def test_create__service_allowed_to_authenticate_from_device_silo(self):
+ """Tests the --service-allowed-to-authenticate-from-device-silo shortcut."""
name = self.unique_name()
self.addCleanup(self.delete_authentication_policy, name=name, force=True)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
"--name", name,
- "--service-allowed-to-authenticate-from-silo",
+ "--service-allowed-to-authenticate-from-device-silo",
"Managers")
self.assertIsNone(result, msg=err)
"""Test repeating similar arguments doesn't make sense to use together.
--user-allowed-to-authenticate-from
- --user-allowed-to-authenticate-from-silo
+ --user-allowed-to-authenticate-from-device-silo
"""
sddl = 'O:SYG:SYD:(XA;OICI;CR;;;WD;(@USER.ad://ext/AuthenticationSilo == "Developers"))'
name = self.unique_name()
"--name", name,
"--user-allowed-to-authenticate-from",
sddl,
- "--user-allowed-to-authenticate-from-silo",
+ "--user-allowed-to-authenticate-from-device-silo",
"Managers")
self.assertEqual(result, -1)
"""Test repeating similar arguments doesn't make sense to use together.
--service-allowed-to-authenticate-from
- --service-allowed-to-authenticate-from-silo
+ --service-allowed-to-authenticate-from-device-silo
"""
sddl = 'O:SYG:SYD:(XA;OICI;CR;;;WD;(@USER.ad://ext/AuthenticationSilo == "Managers"))'
name = self.unique_name()
"--name", name,
"--service-allowed-to-authenticate-from",
sddl,
- "--service-allowed-to-authenticate-from-silo",
+ "--service-allowed-to-authenticate-from-device-silo",
"QA")
self.assertEqual(result, -1)
sddl = ndr_unpack(security.descriptor, desc).as_sddl()
self.assertEqual(sddl, expected)
- def test_modify__user_allowed_to_authenticate_from_silo(self):
- """Test the --user-allowed-to-authenticate-from-silo shortcut."""
+ def test_modify__user_allowed_to_authenticate_from_device_silo(self):
+ """Test the --user-allowed-to-authenticate-from-device-silo shortcut."""
name = self.unique_name()
# Create a policy to modify for this test.
# Modify user allowed to authenticate from silo field
result, out, err = self.runcmd("domain", "auth", "policy", "modify",
"--name", name,
- "--user-allowed-to-authenticate-from-silo",
+ "--user-allowed-to-authenticate-from-device-silo",
"QA")
self.assertIsNone(result, msg=err)
sddl = ndr_unpack(security.descriptor, desc).as_sddl()
self.assertEqual(sddl, expected)
- def test_modify__service_allowed_to_authenticate_from_silo(self):
- """Test the --service-allowed-to-authenticate-from-silo shortcut."""
+ def test_modify__service_allowed_to_authenticate_from_device_silo(self):
+ """Test the --service-allowed-to-authenticate-from-device-silo shortcut."""
name = self.unique_name()
# Create a policy to modify for this test.
# Modify user allowed to authenticate from silo field
result, out, err = self.runcmd("domain", "auth", "policy", "modify",
"--name", name,
- "--service-allowed-to-authenticate-from-silo",
+ "--service-allowed-to-authenticate-from-device-silo",
"Developers")
self.assertIsNone(result, msg=err)
projects / thirdparty / samba.git / commitdiff
