diff options
author | Isaac Boukris <iboukris@gmail.com> | 2019-10-27 14:02:00 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2019-11-29 11:55:44 +0100 |
commit | 80ea4bde850048474d23f13fa5bf1149b7cc6859 (patch) | |
tree | 50362cfbe334d2e9dbcf3fb0ea177bbbaa21d401 | |
parent | 38db53fa5e930e6bc739f5ac8b7160048b6dd7d6 (diff) | |
download | samba-80ea4bde850048474d23f13fa5bf1149b7cc6859.tar.gz |
samba-tool: add user-sensitive command to set not-delegated flag
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
-rw-r--r-- | python/samba/netcmd/user.py | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py index 437866c0a42..f2019af1b60 100644 --- a/python/samba/netcmd/user.py +++ b/python/samba/netcmd/user.py @@ -2647,6 +2647,64 @@ class cmd_user_move(Command): self.outf.write('Moved user "%s" into "%s"\n' % (username, full_new_parent_dn)) + +class cmd_user_sensitive(Command): + """Set/unset or show UF_NOT_DELEGATED for an account.""" + + synopsis = "%prog <accountname> [(show|on|off)] [options]" + + takes_optiongroups = { + "sambaopts": options.SambaOptions, + "credopts": options.CredentialsOptions, + "versionopts": options.VersionOptions, + } + + takes_options = [ + Option("-H", "--URL", help="LDB URL for database or target server", type=str, + metavar="URL", dest="H"), + ] + + takes_args = ["accountname", "cmd"] + + def run(self, accountname, cmd, H=None, credopts=None, sambaopts=None, + versionopts=None): + + if cmd not in ("show", "on", "off"): + raise CommandError("invalid argument: '%s' (choose from 'show', 'on', 'off')" % cmd) + + lp = sambaopts.get_loadparm() + creds = credopts.get_credentials(lp, fallback_machine=True) + sam = SamDB(url=H, session_info=system_session(), + credentials=creds, lp=lp) + + search_filter = "sAMAccountName=%s" % ldb.binary_encode(accountname) + flag = dsdb.UF_NOT_DELEGATED; + + if cmd == "show": + res = sam.search(scope=ldb.SCOPE_SUBTREE, expression=search_filter, + attrs=["userAccountControl"]) + if len(res) == 0: + raise Exception("Unable to find account where '%s'" % search_filter) + + uac = int(res[0].get("userAccountControl")[0]) + + self.outf.write("Account-DN: %s\n" % str(res[0].dn)) + self.outf.write("UF_NOT_DELEGATED: %s\n" % bool(uac & flag)) + + return + + if cmd == "on": + on = True + elif cmd == "off": + on = False + + try: + sam.toggle_userAccountFlags(search_filter, flag, flags_str="Not-Delegated", + on=on, strict=True) + except Exception as err: + raise CommandError(err) + + class cmd_user(SuperCommand): """User management.""" @@ -2665,3 +2723,4 @@ class cmd_user(SuperCommand): subcommands["edit"] = cmd_user_edit() subcommands["show"] = cmd_user_show() subcommands["move"] = cmd_user_move() + subcommands["sensitive"] = cmd_user_sensitive() |