python/samba/netcmd/user/sensitive.py

   1 # user management
   2 #
   3 # user sensitive command
   4 #
   5 # Copyright Jelmer Vernooij 2010 <jelmer@samba.org>
   6 # Copyright Theresa Halloran 2011 <theresahalloran@gmail.com>
   7 #
   8 # This program is free software; you can redistribute it and/or modify
   9 # it under the terms of the GNU General Public License as published by
  10 # the Free Software Foundation; either version 3 of the License, or
  11 # (at your option) any later version.
  12 #
  13 # This program is distributed in the hope that it will be useful,
  14 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16 # GNU General Public License for more details.
  17 #
  18 # You should have received a copy of the GNU General Public License
  19 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 #
  21
  22 import samba.getopt as options
  23 from samba import dsdb, ldb
  24 from samba.auth import system_session
  25 from samba.netcmd import Command, CommandError, Option
  26 from samba.samdb import SamDB
  27
  28
  29 class cmd_user_sensitive(Command):
  30     """Set/unset or show UF_NOT_DELEGATED for an account."""
  31
  32     synopsis = "%prog <accountname> [(show|on|off)] [options]"
  33
  34     takes_optiongroups = {
  35         "sambaopts": options.SambaOptions,
  36         "credopts": options.CredentialsOptions,
  37         "versionopts": options.VersionOptions,
  38     }
  39
  40     takes_options = [
  41         Option("-H", "--URL", help="LDB URL for database or target server", type=str,
  42                metavar="URL", dest="H"),
  43     ]
  44
  45     takes_args = ["accountname", "cmd"]
  46
  47     def run(self, accountname, cmd, H=None, credopts=None, sambaopts=None,
  48             versionopts=None):
  49
  50         if cmd not in ("show", "on", "off"):
  51             raise CommandError("invalid argument: '%s' (choose from 'show', 'on', 'off')" % cmd)
  52
  53         lp = sambaopts.get_loadparm()
  54         creds = credopts.get_credentials(lp, fallback_machine=True)
  55         sam = SamDB(url=H, session_info=system_session(),
  56                     credentials=creds, lp=lp)
  57
  58         search_filter = "sAMAccountName=%s" % ldb.binary_encode(accountname)
  59         flag = dsdb.UF_NOT_DELEGATED
  60
  61         if cmd == "show":
  62             res = sam.search(scope=ldb.SCOPE_SUBTREE, expression=search_filter,
  63                              attrs=["userAccountControl"])
  64             if len(res) == 0:
  65                 raise Exception("Unable to find account where '%s'" % search_filter)
  66
  67             uac = int(res[0].get("userAccountControl")[0])
  68
  69             self.outf.write("Account-DN: %s\n" % str(res[0].dn))
  70             self.outf.write("UF_NOT_DELEGATED: %s\n" % bool(uac & flag))
  71
  72             return
  73
  74         if cmd == "on":
  75             on = True
  76         elif cmd == "off":
  77             on = False
  78
  79         try:
  80             sam.toggle_userAccountFlags(search_filter, flag, flags_str="Not-Delegated",
  81                                         on=on, strict=True)
  82         except Exception as err:
  83             raise CommandError(err)