# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-from samba.netcmd import Command, CommandError
-from samba.netcmd.domain.models import AuthenticationPolicy
+from samba.netcmd import Command
class SiloCommand(Command):
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.ldb = None
-
- def get_policy(self, name):
- """Helper function to return auth policy or raise CommandError.
-
- :raises CommandError: if the policy was not found.
- """
- policy = AuthenticationPolicy.get(self.ldb, cn=name)
- if policy is None:
- raise CommandError(f"Authentication policy {name} not found.")
- return policy
import samba.getopt as options
from ldb import LdbError
from samba.netcmd import CommandError, Option, SuperCommand
-from samba.netcmd.domain.models import AuthenticationSilo
+from samba.netcmd.domain.models import AuthenticationPolicy, AuthenticationSilo
from .base import SiloCommand
from .silo_member import cmd_domain_auth_silo_member
dest="enforce", action="store_true")
]
+ @staticmethod
+ def get_policy(ldb, name):
+ """Helper function to fetch auth policy or raise CommandError.
+
+ :param ldb: Ldb connection
+ :param name: Either the DN or name of authentication policy
+ """
+ try:
+ return AuthenticationPolicy.lookup(ldb, name)
+ except (LookupError, ValueError) as e:
+ raise CommandError(e)
+
def run(self, ldap_url=None, sambaopts=None, credopts=None, name=None,
description=None, policy=None, user_policy=None,
service_policy=None, computer_policy=None, protect=None,
# Set user policy
if user_policy:
- silo.user_policy = self.get_policy(user_policy).dn
+ silo.user_policy = self.get_policy(self.ldb, user_policy).dn
# Set service policy
if service_policy:
- silo.service_policy = self.get_policy(service_policy).dn
+ silo.service_policy = self.get_policy(self.ldb, service_policy).dn
# Set computer policy
if computer_policy:
- silo.computer_policy = self.get_policy(computer_policy).dn
+ silo.computer_policy = self.get_policy(self.ldb, computer_policy).dn
# Either --enforce will be set or --audit but never both.
# The default if both are missing is enforce=True.
dest="enforce", action="store_true")
]
+ @staticmethod
+ def get_policy(ldb, name):
+ """Helper function to fetch auth policy or raise CommandError.
+
+ :param ldb: Ldb connection
+ :param name: Either the DN or name of authentication policy
+ """
+ try:
+ return AuthenticationPolicy.lookup(ldb, name)
+ except (LookupError, ValueError) as e:
+ raise CommandError(e)
+
def run(self, ldap_url=None, sambaopts=None, credopts=None, name=None,
description=None, policy=None, user_policy=None,
service_policy=None, computer_policy=None, protect=None,
if description is not None:
silo.description = description
- # Silo policies.
- if user_policy is not None:
- silo.user_policy = self.get_policy(user_policy).dn
- if service_policy is not None:
- silo.service_policy = self.get_policy(service_policy).dn
- if computer_policy is not None:
- silo.computer_policy = self.get_policy(computer_policy).dn
+ # Set or unset user policy.
+ if user_policy == "":
+ silo.user_policy = None
+ elif user_policy:
+ silo.user_policy = self.get_policy(self.ldb, user_policy).dn
+
+ # Set or unset service policy.
+ if service_policy == "":
+ silo.service_policy = None
+ elif service_policy:
+ silo.service_policy = self.get_policy(self.ldb, service_policy).dn
+
+ # Set or unset computer policy.
+ if computer_policy == "":
+ silo.computer_policy = None
+ elif computer_policy:
+ silo.computer_policy = self.get_policy(self.ldb, computer_policy).dn
# Update silo
try:
#
from enum import IntEnum
+from ldb import Dn
from .fields import BooleanField, EnumField, IntegerField, StringField
from .model import Model
@staticmethod
def get_object_class():
return "msDS-AuthNPolicy"
+
+ @staticmethod
+ def lookup(ldb, name):
+ """Helper function to return auth policy or raise LookupError.
+
+ :param ldb: Ldb connection
+ :param name: Either DN or name of Authentication Policy
+ :raises: LookupError if not found
+ :raises: ValueError if name is not set
+ """
+ if not name:
+ raise ValueError("Attribute 'name' is required.")
+
+ try:
+ # It's possible name is already a Dn.
+ dn = name if isinstance(name, Dn) else Dn(ldb, name)
+ policy = AuthenticationPolicy.get(ldb, dn=dn)
+ except ValueError:
+ policy = AuthenticationPolicy.get(ldb, cn=name)
+
+ if policy is None:
+ raise LookupError(f"Authentication policy {name} not found.")
+
+ return policy
projects / thirdparty / samba.git / commitdiff
