1 # Unix SMB/CIFS implementation.
3 # manage assigned authentication silos on a user
5 # Copyright (C) Catalyst.Net Ltd. 2023
7 # Written by Rob van der Linde <rob@catalyst.net.nz>
9 # This program is free software; you can redistribute it and/or modify
10 # it under the terms of the GNU General Public License as published by
11 # the Free Software Foundation; either version 3 of the License, or
12 # (at your option) any later version.
14 # This program is distributed in the hope that it will be useful,
15 # but WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
19 # You should have received a copy of the GNU General Public License
20 # along with this program. If not, see <http://www.gnu.org/licenses/>.
23 import samba
.getopt
as options
24 from samba
.domain
.models
import AuthenticationSilo
, User
25 from samba
.domain
.models
.exceptions
import ModelError
26 from samba
.netcmd
import Command
, CommandError
, Option
, SuperCommand
29 class cmd_user_auth_silo_assign(Command
):
30 """Set the assigned authentication silo on a user."""
32 synopsis
= "%prog <username> [options]"
34 takes_args
= ["username"]
36 takes_optiongroups
= {
37 "sambaopts": options
.SambaOptions
,
38 "credopts": options
.CredentialsOptions
,
39 "hostopts": options
.HostOptions
,
43 Option("--silo", help="Authentication silo name.",
44 action
="store", dest
="silo_name", type=str, required
=True),
47 def run(self
, username
, hostopts
=None, sambaopts
=None, credopts
=None,
50 ldb
= self
.ldb_connect(hostopts
, sambaopts
, credopts
)
53 user
= User
.find(ldb
, username
)
54 silo
= AuthenticationSilo
.get(ldb
, name
=silo_name
)
55 except ModelError
as e
:
58 # User and silo exist.
60 raise CommandError(f
"User {username} not found.")
62 raise CommandError(f
"Authentication silo {silo_name} not found.")
65 user
.assigned_silo
= silo
.dn
69 except ModelError
as e
:
70 raise CommandError(f
"Set assigned authentication silo failed: {e}")
72 # Display silo member status.
73 if user
.dn
in silo
.members
:
78 print(f
"User {username} assigned to authentication silo {silo} ({status})",
82 class cmd_user_auth_silo_remove(Command
):
83 """Remove the assigned authentication silo on a user."""
85 synopsis
= "%prog <username> [options]"
87 takes_args
= ["username"]
89 takes_optiongroups
= {
90 "sambaopts": options
.SambaOptions
,
91 "credopts": options
.CredentialsOptions
,
92 "hostopts": options
.HostOptions
,
95 def run(self
, username
, hostopts
=None, sambaopts
=None, credopts
=None):
97 ldb
= self
.ldb_connect(hostopts
, sambaopts
, credopts
)
100 user
= User
.find(ldb
, username
)
101 except ModelError
as e
:
102 raise CommandError(e
)
106 raise CommandError(f
"User {username} not found.")
108 # Get previous silo for display.
109 if user
.assigned_silo
:
111 silo
= AuthenticationSilo
.get(ldb
, dn
=user
.assigned_silo
)
112 except ModelError
as e
:
113 raise CommandError(e
)
117 # Unset assigned authentication silo
118 user
.assigned_silo
= None
122 except ModelError
as e
:
123 raise CommandError(f
"Remove assigned authentication silo failed: {e}")
125 # Display silo member status.
126 if silo
and user
.dn
in silo
.members
:
131 print(f
"User {username} removed from authentication silo {silo} ({status})",
135 class cmd_user_auth_silo_view(Command
):
136 """View the current assigned authentication silo on a user."""
138 synopsis
= "%prog <username> [options]"
140 takes_args
= ["username"]
142 takes_optiongroups
= {
143 "sambaopts": options
.SambaOptions
,
144 "credopts": options
.CredentialsOptions
,
145 "hostopts": options
.HostOptions
,
148 def run(self
, username
, hostopts
=None, sambaopts
=None, credopts
=None):
150 ldb
= self
.ldb_connect(hostopts
, sambaopts
, credopts
)
153 user
= User
.find(ldb
, username
)
155 # Check user exists before fetching silo.
157 raise CommandError(f
"User {username} not found.")
159 # Only fetch silo is one is assigned.
160 if user
.assigned_silo
:
161 silo
= AuthenticationSilo
.get(ldb
, dn
=user
.assigned_silo
)
165 except ModelError
as e
:
166 raise CommandError(e
)
168 # Display silo member status.
169 if silo
and user
.dn
in silo
.members
:
175 print(f
"User {username} assigned to authentication silo {silo} ({status})",
178 print(f
"User {username} has no assigned authentication silo.",
182 class cmd_user_auth_silo(SuperCommand
):
183 """Manage authentication silos on a user."""
186 "assign": cmd_user_auth_silo_assign(),
187 "remove": cmd_user_auth_silo_remove(),
188 "view": cmd_user_auth_silo_view(),