From 385029fbc672cd6e3a37ff6a7ad09dc6ad1eb542 Mon Sep 17 00:00:00 2001
From: Rob van der Linde <rob@catalyst.net.nz>
Date: Wed, 20 Sep 2023 13:02:21 +1200
Subject: [PATCH] netcmd: models: add SDDL fields to AuthenticationPolicy model

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 python/samba/netcmd/domain/models/auth_policy.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/python/samba/netcmd/domain/models/auth_policy.py b/python/samba/netcmd/domain/models/auth_policy.py
index dec8bb26190..df9f936ffa8 100644
--- a/python/samba/netcmd/domain/models/auth_policy.py
+++ b/python/samba/netcmd/domain/models/auth_policy.py
@@ -23,7 +23,8 @@
 from enum import IntEnum
 from ldb import Dn
 
-from .fields import BooleanField, EnumField, IntegerField, StringField
+from .fields import (BooleanField, EnumField, IntegerField, SDDLField,
+                     StringField)
 from .model import Model
 
 # Ticket-Granting-Ticket lifetimes.
@@ -56,6 +57,16 @@ class AuthenticationPolicy(Model):
         "msDS-ServiceAllowedNTLMNetworkAuthentication")
     service_tgt_lifetime = IntegerField("msDS-ServiceTGTLifetime")
     computer_tgt_lifetime = IntegerField("msDS-ComputerTGTLifetime")
+    user_allowed_to_authenticate_from = SDDLField(
+        "msDS-UserAllowedToAuthenticateFrom")
+    user_allowed_to_authenticate_to = SDDLField(
+        "msDS-UserAllowedToAuthenticateTo")
+    service_allowed_to_authenticate_from = SDDLField(
+        "msDS-ServiceAllowedToAuthenticateFrom")
+    service_allowed_to_authenticate_to = SDDLField(
+        "msDS-ServiceAllowedToAuthenticateTo")
+    computer_allowed_to_authenticate_to = SDDLField(
+        "msDS-ComputerAllowedToAuthenticateTo")
 
     @staticmethod
     def get_base_dn(ldb):
-- 
2.47.3