diff options
| author | Rob van der Linde <rob@catalyst.net.nz> | 2024-02-28 13:17:48 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2024-03-01 05:52:53 +0000 |
| commit | cabe817f63e1518f4a3b467694646b0a90fda647 (patch) | |
| tree | d0ca3d4045467648194fd897904f609bc37b0122 /python/samba | |
| parent | 09aa2597888c829378b2eb3d6dfda47abfa93cd2 (diff) | |
| download | samba-cabe817f63e1518f4a3b467694646b0a90fda647.tar.gz samba-cabe817f63e1518f4a3b467694646b0a90fda647.tar.bz2 samba-cabe817f63e1518f4a3b467694646b0a90fda647.zip | |
netcmd: models: Create ClaimType in the model layer instead
Having it inside a command isn't very re-usable.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 1 05:52:53 UTC 2024 on atb-devel-224
Diffstat (limited to 'python/samba')
| -rw-r--r-- | python/samba/netcmd/domain/claim/claim_type.py | 30 | ||||
| -rw-r--r-- | python/samba/netcmd/domain/models/claim_type.py | 48 |
2 files changed, 51 insertions, 27 deletions
diff --git a/python/samba/netcmd/domain/claim/claim_type.py b/python/samba/netcmd/domain/claim/claim_type.py index 632de005cad..0801f0fd0db 100644 --- a/python/samba/netcmd/domain/claim/claim_type.py +++ b/python/samba/netcmd/domain/claim/claim_type.py @@ -20,8 +20,6 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # -import secrets - import samba.getopt as options from samba.netcmd import Command, CommandError, Option, SuperCommand from samba.netcmd.domain.models import AttributeSchema, ClassSchema,\ @@ -97,34 +95,12 @@ class cmd_domain_claim_claim_type_create(Command): try: applies_to = [ClassSchema.find(ldb, name) for name in class_names] attribute = AttributeSchema.find(ldb, attribute_name) - value_type = ValueType.find(ldb, attribute) + claim_type = ClaimType.new_claim_type( + ldb, attribute, applies_to, display_name, + description, enabled) except (ModelError, ValueError) as e: raise CommandError(e) - # Generate the new Claim Type cn. - # Windows creates a random number here containing 16 hex digits. - instance = secrets.token_hex(8) - cn = f"ad://ext/{display_name}:{instance}" - - # adminDescription should be present but still have a fallback. - if description is None: - description = attribute.admin_description or display_name - - # claim_is_value_space_restricted is always False because we don't - # yet support creating claims with a restricted possible values list. - claim_type = ClaimType( - cn=cn, - description=description, - display_name=display_name, - enabled=enabled, - claim_attribute_source=attribute.dn, - claim_is_single_valued=attribute.is_single_valued, - claim_is_value_space_restricted=False, - claim_source_type="AD", - claim_type_applies_to_class=[obj.dn for obj in applies_to], - claim_value_type=value_type.claim_value_type, - ) - # Create claim type try: claim_type.save(ldb) diff --git a/python/samba/netcmd/domain/models/claim_type.py b/python/samba/netcmd/domain/models/claim_type.py index 17ff4336671..3e92c8e1969 100644 --- a/python/samba/netcmd/domain/models/claim_type.py +++ b/python/samba/netcmd/domain/models/claim_type.py @@ -20,9 +20,13 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. # +import binascii +import os + from .fields import BooleanField, DnField, IntegerField,\ PossibleClaimValuesField, StringField from .model import Model +from .value_type import ValueType class ClaimType(Model): @@ -56,3 +60,47 @@ class ClaimType(Model): @staticmethod def get_object_class(): return "msDS-ClaimType" + + @staticmethod + def new_claim_type(ldb, attribute, applies_to, display_name=None, + description=None, enabled=True): + """Creates a ClaimType but does not save the instance. + + :param ldb: SamDB database connection + :param attribute: AttributeSchema object to use for creating ClaimType + :param applies_to: List of ClassSchema objects ClaimType applies to + :param display_name: Optional display name to use or use attribute name + :param description: Optional description or fall back to display_name + :param enabled: Create an enabled or disabled claim type (default True) + :raises NotFound: if the ValueType for this attribute doesn't exist + """ + value_type = ValueType.find(ldb, attribute) + + # Generate the new Claim Type cn. + # Windows creates a random number here containing 16 hex digits. + # We can achieve something similar using urandom(8) + instance = binascii.hexlify(os.urandom(8)).decode() + cn = f"ad://ext/{display_name}:{instance}" + + # if displayName is missing use attribute name. + if display_name is None: + display_name = attribute.name + + # adminDescription should be present but still have a fallback. + if description is None: + description = attribute.admin_description or display_name + + # claim_is_value_space_restricted is always False because we don't + # yet support creating claims with a restricted possible values list. + return ClaimType( + cn=cn, + description=description, + display_name=display_name, + enabled=enabled, + claim_attribute_source=attribute.dn, + claim_is_single_valued=attribute.is_single_valued, + claim_is_value_space_restricted=False, + claim_source_type="AD", + claim_type_applies_to_class=[obj.dn for obj in applies_to], + claim_value_type=value_type.claim_value_type, + ) |