python/samba/netcmd/domain/models/auth_silo.py

   1 # Unix SMB/CIFS implementation.
   2 #
   3 # Authentication silo model.
   4 #
   5 # Copyright (C) Catalyst.Net Ltd. 2023
   6 #
   7 # Written by Rob van der Linde <rob@catalyst.net.nz>
   8 #
   9 # This program is free software; you can redistribute it and/or modify
  10 # it under the terms of the GNU General Public License as published by
  11 # the Free Software Foundation; either version 3 of the License, or
  12 # (at your option) any later version.
  13 #
  14 # This program is distributed in the hope that it will be useful,
  15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17 # GNU General Public License for more details.
  18 #
  19 # You should have received a copy of the GNU General Public License
  20 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 #
  22
  23 from ldb import FLAG_MOD_ADD, FLAG_MOD_DELETE, Message, MessageElement
  24
  25 from .fields import DnField, BooleanField, StringField
  26 from .model import Model
  27
  28
  29 class AuthenticationSilo(Model):
  30     description = StringField("description")
  31     enforced = BooleanField("msDS-AuthNPolicySiloEnforced")
  32     user_policy = DnField("msDS-UserAuthNPolicy")
  33     service_policy = DnField("msDS-ServiceAuthNPolicy")
  34     computer_policy = DnField("msDS-ComputerAuthNPolicy")
  35     members = DnField("msDS-AuthNPolicySiloMembers", many=True)
  36
  37     @staticmethod
  38     def get_base_dn(ldb):
  39         """Return the base DN for the AuthenticationSilo model.
  40
  41         :param ldb: Ldb connection
  42         :return: Dn object of container
  43         """
  44         base_dn = ldb.get_config_basedn()
  45         base_dn.add_child(
  46             "CN=AuthN Silos,CN=AuthN Policy Configuration,CN=Services")
  47         return base_dn
  48
  49     @staticmethod
  50     def get_object_class():
  51         return "msDS-AuthNPolicySilo"
  52
  53     def add_member(self, ldb, member):
  54         """Add a member to the Authentication Silo.
  55
  56         Rather than saving the silo object and writing the entire member
  57         list out again, just add one member only.
  58
  59         :param ldb: Ldb connection
  60         :param member: Member to add to silo
  61         """
  62         # Create a message with only an add member operation.
  63         message = Message(dn=self.dn)
  64         message.add(MessageElement(str(member.dn), FLAG_MOD_ADD,
  65                                    "msDS-AuthNPolicySiloMembers"))
  66
  67         # Update authentication silo.
  68         ldb.modify(message)
  69
  70         # If the modify operation was successful refresh members field.
  71         self.refresh(ldb, fields=["members"])
  72
  73     def remove_member(self, ldb, member):
  74         """Remove a member to the Authentication Silo.
  75
  76         Rather than saving the silo object and writing the entire member
  77         list out again, just remove one member only.
  78
  79         :param ldb: Ldb connection
  80         :param member: Member to remove from silo
  81         """
  82         # Create a message with only a remove member operation.
  83         message = Message(dn=self.dn)
  84         message.add(MessageElement(str(member.dn), FLAG_MOD_DELETE,
  85                                    "msDS-AuthNPolicySiloMembers"))
  86
  87         # Update authentication silo.
  88         ldb.modify(message)
  89
  90         # If the modify operation was successful refresh members field.
  91         self.refresh(ldb, fields=["members"])