From a77f758df117638ea22b7589323b71d5f5261bd9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 May 2018 13:00:16 +0200 Subject: [PATCH] samba-tool: implement user getgroups command MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit samba-tool user getgroups command to list a users group memberships. Pair-programmed-with: Björn Baumbach Signed-off-by: Stefan Metzmacher Signed-off-by: Björn Baumbach Reviewed-by: Andreas Schneider --- docs-xml/manpages/samba-tool.8.xml | 5 +++ python/samba/netcmd/user.py | 78 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+) diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml index d242d13ad6c..ef55d72e714 100644 --- a/docs-xml/manpages/samba-tool.8.xml +++ b/docs-xml/manpages/samba-tool.8.xml @@ -1198,6 +1198,11 @@ + user getgroups <replaceable>username</replaceable> + Get the direct group memberships of a user account. + + + user show <replaceable>username</replaceable> [options] Display a user AD object. diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py index 8e07e99b71b..c66fd98139c 100644 --- a/python/samba/netcmd/user.py +++ b/python/samba/netcmd/user.py @@ -736,6 +736,83 @@ class cmd_user_password(Command): self.outf.write("Changed password OK\n") +class cmd_user_getgroups(Command): + """Get the direct group memberships of a user account. + +The username specified on the command is the sAMAccountName.""" + synopsis = "%prog [options]" + + takes_optiongroups = { + "sambaopts": options.SambaOptions, + "versionopts": options.VersionOptions, + "credopts": options.CredentialsOptions, + } + + takes_options = [ + Option("-H", "--URL", help="LDB URL for database or target server", + type=str, metavar="URL", dest="H"), + ] + + takes_args = ["username"] + + def run(self, username, credopts=None, sambaopts=None, + versionopts=None, H=None): + + lp = sambaopts.get_loadparm() + creds = credopts.get_credentials(lp) + + samdb = SamDB(url=H, session_info=system_session(), + credentials=creds, lp=lp) + + filter = ("(&(sAMAccountName=%s)(objectClass=user))" % + ldb.binary_encode(username)) + try: + res = samdb.search(base=samdb.domain_dn(), + expression=filter, + scope=ldb.SCOPE_SUBTREE, + attrs=["objectSid", + "memberOf", + "primaryGroupID"]) + user_sid_binary = res[0].get('objectSid', idx=0) + user_sid = ndr_unpack(security.dom_sid, user_sid_binary) + (user_dom_sid, user_rid) = user_sid.split() + user_sid_dn = "" % user_sid + user_pgid = int(res[0].get('primaryGroupID', idx=0)) + user_groups = res[0].get('memberOf') + if user_groups is None: + user_groups = [] + except IndexError: + raise CommandError("Unable to find user '%s'" % (username)) + + primarygroup_sid_dn = "" % (user_dom_sid, user_pgid) + + filter = "(objectClass=group)" + try: + res = samdb.search(base=primarygroup_sid_dn, + expression=filter, + scope=ldb.SCOPE_BASE, + attrs=['sAMAccountName']) + primary_group_dn = str(res[0].dn) + primary_group_name = res[0].get('sAMAccountName') + except IndexError: + raise CommandError("Unable to find primary group '%s'" % (primarygroup_sid_dn)) + + group_names = [] + for gdn in user_groups: + try: + res = samdb.search(base=gdn, + expression=filter, + scope=ldb.SCOPE_BASE, + attrs=['sAMAccountName']) + group_names.extend(res[0].get('sAMAccountName')) + except IndexError: + raise CommandError("Unable to find group '%s'" % (gdn)) + + self.outf.write("%s\n" % primary_group_name) + for group_name in group_names: + self.outf.write("%s\n" % group_name) + + class cmd_user_setprimarygroup(Command): """Set the primary group a user account. @@ -3004,6 +3081,7 @@ class cmd_user(SuperCommand): subcommands["list"] = cmd_user_list() subcommands["setexpiry"] = cmd_user_setexpiry() subcommands["password"] = cmd_user_password() + subcommands["getgroups"] = cmd_user_getgroups() subcommands["setprimarygroup"] = cmd_user_setprimarygroup() subcommands["setpassword"] = cmd_user_setpassword() subcommands["getpassword"] = cmd_user_getpassword() -- 2.11.4.GIT