Id:ddlmZddlmZmZmZmZddlm Z m Z ddl m Z ddl mZGddeZGd d eZGd d eZGd deZGddeZGddeZy)N)Command CommandErrorOption SuperCommand)AuthenticationPolicyAuthenticationSilo) ModelError)cmd_domain_auth_silo_memberceZdZdZdZej ejdZe ddde dd e d d d d dgZ ddZ y)cmd_domain_auth_silo_listz(List authentication silos on the domain.%prog -H [options] sambaoptscredopts-H--URL&LDB URL for database or target server.URLldap_urlhelptypemetavardestz--jsonzOutput results in JSON format. output_format store_constjson)rractionconstNcx|j|||} tj|Dcic]}|j|j }}|dk(r|j|y|jD] }|jj|d"ycc}w#t $r}t |d}~wwxYw)Nr ) ldb_connectrquerycnas_dictr r print_jsonkeysoutfwrite) selfrrrrldbsilosiloses ?/usr/lib/python3/dist-packages/samba/netcmd/domain/auth/silo.pyrunzcmd_domain_auth_silo_list.run0sxH= "!3!9!9#!>@WWdlln,@E@ F " OOE "  - 4& , -@ "q/ ! "s(B "BB B B9) B44B9NNNN __name__ __module__ __qualname____doc__synopsisoptions SambaOptionsCredentialsOptionstakes_optiongroupsrstr takes_optionsr1r0r r sg2)H)).. tW#KZ 9x>#M IM;?-r@r ceZdZdZdZej ejdZe ddde dd e d d d d e gZ ddZ y)cmd_domain_auth_silo_viewz*View an authentication silo on the domain.rrrrrrrr--namez/Name of authentication silo to view (required).namestorerrrrNc |s td|j|||} tj||}|td|d|j |j y#t$r}t|d}~wwxYw)NArgument --name is required.r%Authentication silo not found.)rr#rgetr r'r&)r+rrrrDr,r-r/s r0r1zcmd_domain_auth_silo_view.runVs=> >xH= "%))#$7D <!5dV;GH H  ' "q/ ! "sA** B3 A>>Br2r3r?r@r0rBrBDs^4)H)).. tW#KZ 9xE7 6M(r@rBcleZdZdZdZej ejdZe ddde dd e d d d d e e dddd e e dddd e e dddd e e dddd e e dddd e e ddd d!"e d#d$d%d!"e d&d'd(d!"e d)d*d+d!"g Z e d,Z d/d.Zy-)0cmd_domain_auth_silo_createz/Create a new authentication silo on the domain.rrrrrrrrrC'Name of authentication silo (required).rDrErF --description-Optional description for authentication silo. description--policyz2Use single policy for all principals in this silo.policy --user-policyzUser account policy. user_policy--service-policyzManaged Service Account policy.service_policy--computer-policyzComputer account policy.computer_policy --protect5Protect authentication silo from accidental deletion.protect store_truerrr --unprotect7Unprotect authentication silo from accidental deletion. unprotect--auditOnly audit silo policies.audit --enforceEnforce silo policies.enforcect tj||S#ttf$r}t |d}~wwxYwzHelper function to fetch auth policy or raise CommandError. :param ldb: Ldb connection :param name: Either the DN or name of authentication policy N)rlookup LookupError ValueErrorrr,rDr/s r0 get_policyz&cmd_domain_auth_silo_create.get_policys9 "'..sD9 9Z( "q/ ! "s7 27Nc|s td| r | r td| r | r td||xs|}|xs|}| xs|} |j|||} tj||}|td|dt||}|r!|j ||j |_|r!|j ||j |_| r!|j || j |_ | | |_ n| |_ |j|| r|j||jjd|d y#t$r}t|d}~wwxYw#t$r}t|d}~wwxYw) NrH2--protect and --unprotect cannot be used together..--audit and --enforce cannot be used together.rIrJz already exists.)r%rRzCreated authentication silo: r")rr#rrLr rodnrVrXrZenforcedsaver]r)r*r+rrrrDrRrTrVrXrZr]rbrerhr,r-r/s r0r1zcmd_domain_auth_silo_create.runs => > yST T WOP P  %/K+5vN-7OxH= "%))#$7D  !5dV;KLM M"T{C #sK@CCD  "&//#~"F"I"ID  #'??3#H#K#KD   #DM %IDM " IIcN S! 7vR@AO "q/ ! "F "q/ ! "s0E $E% E" EE"% E>. E99E> NNNNNNNNNNNNNr4r5r6r7r8r9r:r;r<rr=r> staticmethodror1r?r@r0rNrNjsD9)H)).. tW#KZ 9xG7 6C!' = zHW3 8 *!' = !5$W3 @ ".%gC A {Kl 4 }M  6 y/L 2 {,l 4; MD " "FJ7;?C04>Br@rNcleZdZdZdZej ejdZe ddde dd e d d d d e e dddd e e dddd e e dddd e e dddd e e dddd e e ddd d!"e d#d$d%d!"e d&d'd(d!"e d)d*d+d!"g Z e d,Z d/d.Zy-)0cmd_domain_auth_silo_modifyz,Modify an authentication silo on the domain.rrrrrrrrrCrOrDrErFrPrQrRrSz2Set single policy for all principals in this silo.rTrUzSet User account policy.rVrWz#Set Managed Service Account policy.rXrYzSet Computer Account policy.rZr[r\r]r^r_r`rarbrcrdrerfrgrhc~ tj||S#tttf$r}t |d}~wwxYwrj)rrkrlr rmrrns r0roz&cmd_domain_auth_silo_modify.get_policys; "'..sD9 9Z4 "q/ ! "s< 7<Ncr|s td| r | r td| r | r td||xs|}|xs|}| xs|} |j|||} tj||}|td|d| rd|_n | rd|_|||_|d k(rd|_n#|r!|j||j|_|d k(rd|_ n#|r!|j||j|_ | d k(rd|_ n#| r!|j|| j|_ |j|| r|j|n| r|j||jj!d |d y#t$r}t|d}~wwxYw#t$r}t|d}~wwxYw) NrHrrrqrIrJrKTFzUpdated authentication silo: r")rr#rrLr rtrRrVrorsrXrZrur]rbr)r*rvs r0r1zcmd_domain_auth_silo_modify.runs => > WOP P yST T  %/K+5vN-7OxH= "%))#$7D <!5dV;GH H  DM !DM  "*D  " #D  #sK@CCD  R "&D  "&//#~"F"I"ID  b #'D #'??3#H#K#KD  " IIcN S!s# 7vR@A_ "q/ ! "V "q/ ! "s0F)8F F FF F6& F11F6rwrxr?r@r0r{r{sE6)H)).. tW#KZ 9xG7 6C!' = zHW3 8 .!' = !9$W3 @ "2%gC A {Kl 4 }M  6 y/L 2 {,l 4; MD " "FJ7;?C04FBr@r{ceZdZdZdZej ejdZe ddde dd e d d d d e e ddddgZ ddZ y)cmd_domain_auth_silo_deletez,Delete an authentication silo on the domain.rrrrrrrrrCrOrDrErFz--forcez+Force delete protected authentication silo.forcer^r_Nc|s td|j|||} tj||}|td|d |r|j ||j ||jjd|dy#t$r}t|d}~wwxYw#t$r }|st|dt|d}~wwxYw)NrHrIrJrKz6 Try --force to delete protected authentication silos.zDeleted authentication silo: r") rr#rrLr rbdeleter)r*) r+rrrrDrr,r-r/s r0r1zcmd_domain_auth_silo_delete.runws=> >xH= "%))#$7D <!5dV;GH H &s# KK  7vR@A+ "q/ ! " &"cPQSS#1o%  &s/B $B+ B( B##B(+ C4CC)NNNNNr3r?r@r0rrds{6)H)).. tW#KZ 9xG7 6yLL 2 MFJBr@rc^eZdZdZeeeeee dZ y)cmd_domain_auth_siloz*Manage authentication silos on the domain.)listviewcreatemodifyrmemberN) r4r5r6r7r rBrNr{rr subcommandsr?r@r0rrs24*+)+-/-/-/-/ Kr@r) samba.getoptgetoptr9 samba.netcmdrrrrsamba.netcmd.domain.modelsrr%samba.netcmd.domain.models.exceptionsr silo_memberr r rBrNr{rrr?r@r0rsp.DDO<4"-"-J#(#(LvB'vBr~B'~BB2B'2Bj < r@