netcmd: models: move remove trustee code to the GMSA model

author Rob van der Linde <rob@catalyst.net.nz>

Mon, 26 Feb 2024 03:24:29 +0000 (16:24 +1300)

committer Andrew Bartlett <abartlet@samba.org>

Fri, 1 Mar 2024 04:45:36 +0000 (04:45 +0000)
author Rob van der Linde <rob@catalyst.net.nz>
Mon, 26 Feb 2024 03:24:29 +0000 (16:24 +1300)
committer Andrew Bartlett <abartlet@samba.org>
Fri, 1 Mar 2024 04:45:36 +0000 (04:45 +0000)
diff --git a/python/samba/netcmd/domain/models/gmsa.py b/python/samba/netcmd/domain/models/gmsa.py

index ee412ce79efc1b8b1b3fd37eaddfefd4aef127e3..c5c27e3cf5141801e1aa64e80085ccbe44e6d16f 100644 (file)
--- a/python/samba/netcmd/domain/models/gmsa.py
+++ b/python/samba/netcmd/domain/models/gmsa.py
@@ -96,3 +96,15 @@ class GroupManagedServiceAccount(Computer):
          # Because aces is a copy this is necessary, also setting num_aces.
          self.group_msa_membership.dacl.aces = aces
          self.group_msa_membership.dacl.num_aces = len(aces)
+
+    def remove_trustee(self, trustee: User):
+        """Removes the User 'trustee' from group_msa_membership.
+
+        If the trustee doesn't have access already then do nothing.
+        """
+        aces = self.group_msa_membership.dacl.aces
+
+        for ace in aces:
+            if trustee.object_sid == str(ace.trustee):
+                self.group_msa_membership.dacl_del_ace(ace)
+                break
diff --git a/python/samba/netcmd/service_account/group_msa_membership.py b/python/samba/netcmd/service_account/group_msa_membership.py

index 9b737d347a8299e4318e28eb01647a4bfa811c12..da3f950f4e836ace58d00d73890b4635ff16d9dd 100644 (file)
--- a/python/samba/netcmd/service_account/group_msa_membership.py
+++ b/python/samba/netcmd/service_account/group_msa_membership.py
@@ -193,12 +193,7 @@ class cmd_service_account_group_msa_membership_remove(Command):
              print(f"Trustee '{trustee}' cannot currently show managed passwords for: {gmsa}",
                    file=self.outf)
          else:
-            aces = gmsa.group_msa_membership.dacl.aces
-
-            for ace in aces:
-                if trustee.object_sid == str(ace.trustee):
-                    gmsa.group_msa_membership.dacl_del_ace(ace)
-                    break
+            gmsa.remove_trustee(trustee)
  
              try:
                  gmsa.save(ldb)
author	Rob van der Linde <rob@catalyst.net.nz>
	Mon, 26 Feb 2024 03:24:29 +0000 (16:24 +1300)
committer	Andrew Bartlett <abartlet@samba.org>
	Fri, 1 Mar 2024 04:45:36 +0000 (04:45 +0000)
python/samba/netcmd/domain/models/gmsa.py		patch \| blob \| blame \| history
python/samba/netcmd/service_account/group_msa_membership.py		patch \| blob \| blame \| history