1 # Unix SMB/CIFS implementation.
3 # Authentication silo model.
5 # Copyright (C) Catalyst.Net Ltd. 2023
7 # Written by Rob van der Linde <rob@catalyst.net.nz>
9 # This program is free software; you can redistribute it and/or modify
10 # it under the terms of the GNU General Public License as published by
11 # the Free Software Foundation; either version 3 of the License, or
12 # (at your option) any later version.
14 # This program is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
19 # You should have received a copy of the GNU General Public License
20 # along with this program. If not, see <http://www.gnu.org/licenses/>.
23 from ldb
import FLAG_MOD_ADD
, FLAG_MOD_DELETE
, Message
, MessageElement
25 from .fields
import DnField
, BooleanField
, StringField
26 from .model
import Model
29 class AuthenticationSilo(Model
):
30 description
= StringField("description")
31 enforced
= BooleanField("msDS-AuthNPolicySiloEnforced")
32 user_policy
= DnField("msDS-UserAuthNPolicy")
33 service_policy
= DnField("msDS-ServiceAuthNPolicy")
34 computer_policy
= DnField("msDS-ComputerAuthNPolicy")
35 members
= DnField("msDS-AuthNPolicySiloMembers", many
=True)
39 """Return the base DN for the AuthenticationSilo model.
41 :param ldb: Ldb connection
42 :return: Dn object of container
44 base_dn
= ldb
.get_config_basedn()
46 "CN=AuthN Silos,CN=AuthN Policy Configuration,CN=Services")
50 def get_object_class():
51 return "msDS-AuthNPolicySilo"
53 def add_member(self
, ldb
, member
):
54 """Add a member to the Authentication Silo.
56 Rather than saving the silo object and writing the entire member
57 list out again, just add one member only.
59 :param ldb: Ldb connection
60 :param member: Member to add to silo
62 # Create a message with only an add member operation.
63 message
= Message(dn
=self
.dn
)
64 message
.add(MessageElement(str(member
.dn
), FLAG_MOD_ADD
,
65 "msDS-AuthNPolicySiloMembers"))
67 # Update authentication silo.
70 # If the modify operation was successful refresh members field.
71 self
.refresh(ldb
, fields
=["members"])
73 def remove_member(self
, ldb
, member
):
74 """Remove a member to the Authentication Silo.
76 Rather than saving the silo object and writing the entire member
77 list out again, just remove one member only.
79 :param ldb: Ldb connection
80 :param member: Member to remove from silo
82 # Create a message with only a remove member operation.
83 message
= Message(dn
=self
.dn
)
84 message
.add(MessageElement(str(member
.dn
), FLAG_MOD_DELETE
,
85 "msDS-AuthNPolicySiloMembers"))
87 # Update authentication silo.
90 # If the modify operation was successful refresh members field.
91 self
.refresh(ldb
, fields
=["members"])