diff options
| author | Jelmer Vernooij <jelmer@samba.org> | 2012-12-28 15:37:14 +0100 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2013-03-02 03:57:34 +0100 |
| commit | 87afc3aee1ea593069322a49355dd8780d99e123 (patch) | |
| tree | 8e1ea6678d93b53f21b34c4940b7d5a64e0f5020 /source4/scripting/python/samba/netcmd/delegation.py | |
| parent | 80fce353e740c793619005ac102ab07fb5e7d280 (diff) | |
| download | samba-87afc3aee1ea593069322a49355dd8780d99e123.tar.gz samba-87afc3aee1ea593069322a49355dd8780d99e123.tar.xz samba-87afc3aee1ea593069322a49355dd8780d99e123.zip | |
Move python modules from source4/scripting/python/ to python/.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar 2 03:57:34 CET 2013 on sn-devel-104
Diffstat (limited to 'source4/scripting/python/samba/netcmd/delegation.py')
| -rw-r--r-- | source4/scripting/python/samba/netcmd/delegation.py | 263 |
1 files changed, 0 insertions, 263 deletions
diff --git a/source4/scripting/python/samba/netcmd/delegation.py b/source4/scripting/python/samba/netcmd/delegation.py deleted file mode 100644 index 47dffb07d51..00000000000 --- a/source4/scripting/python/samba/netcmd/delegation.py +++ /dev/null @@ -1,263 +0,0 @@ -# delegation management -# -# Copyright Matthieu Patou mat@samba.org 2010 -# Copyright Stefan Metzmacher metze@samba.org 2011 -# Copyright Bjoern Baumbach bb@sernet.de 2011 -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. -# - -import samba.getopt as options -import ldb -from samba import provision -from samba import dsdb -from samba.samdb import SamDB -from samba.auth import system_session -from samba.netcmd.common import _get_user_realm_domain -from samba.netcmd import ( - Command, - CommandError, - SuperCommand, - Option - ) - - -class cmd_delegation_show(Command): - """Show the delegation setting of an account.""" - - synopsis = "%prog <accountname> [options]" - - takes_optiongroups = { - "sambaopts": options.SambaOptions, - "credopts": options.CredentialsOptions, - "versionopts": options.VersionOptions, - } - - takes_args = ["accountname"] - - def run(self, accountname, credopts=None, sambaopts=None, versionopts=None): - lp = sambaopts.get_loadparm() - creds = credopts.get_credentials(lp) - paths = provision.provision_paths_from_lp(lp, lp.get("realm")) - sam = SamDB(paths.samdb, session_info=system_session(), - credentials=creds, lp=lp) - # TODO once I understand how, use the domain info to naildown - # to the correct domain - (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) - - res = sam.search(expression="sAMAccountName=%s" % - ldb.binary_encode(cleanedaccount), - scope=ldb.SCOPE_SUBTREE, - attrs=["userAccountControl", "msDS-AllowedToDelegateTo"]) - if len(res) == 0: - raise CommandError("Unable to find account name '%s'" % accountname) - assert(len(res) == 1) - - uac = int(res[0].get("userAccountControl")[0]) - allowed = res[0].get("msDS-AllowedToDelegateTo") - - self.outf.write("Account-DN: %s\n" % str(res[0].dn)) - self.outf.write("UF_TRUSTED_FOR_DELEGATION: %s\n" - % bool(uac & dsdb.UF_TRUSTED_FOR_DELEGATION)) - self.outf.write("UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION: %s\n" % - bool(uac & dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION)) - - if allowed is not None: - for a in allowed: - self.outf.write("msDS-AllowedToDelegateTo: %s\n" % a) - - -class cmd_delegation_for_any_service(Command): - """Set/unset UF_TRUSTED_FOR_DELEGATION for an account.""" - - synopsis = "%prog <accountname> [(on|off)] [options]" - - takes_optiongroups = { - "sambaopts": options.SambaOptions, - "credopts": options.CredentialsOptions, - "versionopts": options.VersionOptions, - } - - takes_args = ["accountname", "onoff"] - - def run(self, accountname, onoff, credopts=None, sambaopts=None, - versionopts=None): - - on = False - if onoff == "on": - on = True - elif onoff == "off": - on = False - else: - raise CommandError("invalid argument: '%s' (choose from 'on', 'off')" % onoff) - - lp = sambaopts.get_loadparm() - creds = credopts.get_credentials(lp) - paths = provision.provision_paths_from_lp(lp, lp.get("realm")) - sam = SamDB(paths.samdb, session_info=system_session(), - credentials=creds, lp=lp) - # TODO once I understand how, use the domain info to naildown - # to the correct domain - (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) - - search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount) - flag = dsdb.UF_TRUSTED_FOR_DELEGATION - try: - sam.toggle_userAccountFlags(search_filter, flag, - flags_str="Trusted-for-Delegation", - on=on, strict=True) - except Exception, err: - raise CommandError(err) - - -class cmd_delegation_for_any_protocol(Command): - """Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy) for an account.""" - - synopsis = "%prog <accountname> [(on|off)] [options]" - - takes_optiongroups = { - "sambaopts": options.SambaOptions, - "credopts": options.CredentialsOptions, - "versionopts": options.VersionOptions, - } - - takes_args = ["accountname", "onoff"] - - def run(self, accountname, onoff, credopts=None, sambaopts=None, - versionopts=None): - - on = False - if onoff == "on": - on = True - elif onoff == "off": - on = False - else: - raise CommandError("invalid argument: '%s' (choose from 'on', 'off')" % onoff) - - lp = sambaopts.get_loadparm() - creds = credopts.get_credentials(lp) - paths = provision.provision_paths_from_lp(lp, lp.get("realm")) - sam = SamDB(paths.samdb, session_info=system_session(), - credentials=creds, lp=lp) - # TODO once I understand how, use the domain info to naildown - # to the correct domain - (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) - - search_filter = "sAMAccountName=%s" % ldb.binary_encode(cleanedaccount) - flag = dsdb.UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION - try: - sam.toggle_userAccountFlags(search_filter, flag, - flags_str="Trusted-to-Authenticate-for-Delegation", - on=on, strict=True) - except Exception, err: - raise CommandError(err) - - -class cmd_delegation_add_service(Command): - """Add a service principal as msDS-AllowedToDelegateTo.""" - - synopsis = "%prog <accountname> <principal> [options]" - - takes_optiongroups = { - "sambaopts": options.SambaOptions, - "credopts": options.CredentialsOptions, - "versionopts": options.VersionOptions, - } - - takes_args = ["accountname", "principal"] - - def run(self, accountname, principal, credopts=None, sambaopts=None, - versionopts=None): - - lp = sambaopts.get_loadparm() - creds = credopts.get_credentials(lp) - paths = provision.provision_paths_from_lp(lp, lp.get("realm")) - sam = SamDB(paths.samdb, session_info=system_session(), - credentials=creds, lp=lp) - # TODO once I understand how, use the domain info to naildown - # to the correct domain - (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) - - res = sam.search(expression="sAMAccountName=%s" % - ldb.binary_encode(cleanedaccount), - scope=ldb.SCOPE_SUBTREE, - attrs=["msDS-AllowedToDelegateTo"]) - if len(res) == 0: - raise CommandError("Unable to find account name '%s'" % accountname) - assert(len(res) == 1) - - msg = ldb.Message() - msg.dn = res[0].dn - msg["msDS-AllowedToDelegateTo"] = ldb.MessageElement([principal], - ldb.FLAG_MOD_ADD, - "msDS-AllowedToDelegateTo") - try: - sam.modify(msg) - except Exception, err: - raise CommandError(err) - - -class cmd_delegation_del_service(Command): - """Delete a service principal as msDS-AllowedToDelegateTo.""" - - synopsis = "%prog <accountname> <principal> [options]" - - takes_optiongroups = { - "sambaopts": options.SambaOptions, - "credopts": options.CredentialsOptions, - "versionopts": options.VersionOptions, - } - - takes_args = ["accountname", "principal"] - - def run(self, accountname, principal, credopts=None, sambaopts=None, - versionopts=None): - - lp = sambaopts.get_loadparm() - creds = credopts.get_credentials(lp) - paths = provision.provision_paths_from_lp(lp, lp.get("realm")) - sam = SamDB(paths.samdb, session_info=system_session(), - credentials=creds, lp=lp) - # TODO once I understand how, use the domain info to naildown - # to the correct domain - (cleanedaccount, realm, domain) = _get_user_realm_domain(accountname) - - res = sam.search(expression="sAMAccountName=%s" % - ldb.binary_encode(cleanedaccount), - scope=ldb.SCOPE_SUBTREE, - attrs=["msDS-AllowedToDelegateTo"]) - if len(res) == 0: - raise CommandError("Unable to find account name '%s'" % accountname) - assert(len(res) == 1) - - msg = ldb.Message() - msg.dn = res[0].dn - msg["msDS-AllowedToDelegateTo"] = ldb.MessageElement([principal], - ldb.FLAG_MOD_DELETE, - "msDS-AllowedToDelegateTo") - try: - sam.modify(msg) - except Exception, err: - raise CommandError(err) - - -class cmd_delegation(SuperCommand): - """Delegation management.""" - - subcommands = {} - subcommands["show"] = cmd_delegation_show() - subcommands["for-any-service"] = cmd_delegation_for_any_service() - subcommands["for-any-protocol"] = cmd_delegation_for_any_protocol() - subcommands["add-service"] = cmd_delegation_add_service() - subcommands["del-service"] = cmd_delegation_del_service() |