def get_netgroup(self,
queried_groupname='*',
queried_sid=str(),
queried_username=str(),
queried_domain=str(),
ads_path=str(),
admin_count=False,
full_data=False,
custom_filter=str()):
if queried_username:
results = list()
sam_account_name_to_resolve = [queried_username]
first_run = True
while sam_account_name_to_resolve:
sam_account_name = sam_account_name_to_resolve.pop(0)
if first_run:
first_run = False
if admin_count:
custom_filter = '(&{}(admincount=1))'.format(
custom_filter)
objects = self.get_adobject(
queried_sam_account_name=sam_account_name,
queried_domain=queried_domain,
ads_path=ads_path,
custom_filter=custom_filter)
objects += self.get_adobject(queried_name=sam_account_name,
queried_domain=queried_domain,
ads_path=ads_path,
custom_filter=custom_filter)
else:
objects = self.get_adobject(
queried_sam_account_name=sam_account_name,
queried_domain=queried_domain)
objects += self.get_adobject(queried_name=sam_account_name,
queried_domain=queried_domain)
for obj in objects:
try:
if not isinstance(obj.memberof, list):
obj.memberof = [obj.memberof]
except AttributeError:
continue
for group_dn in obj.memberof:
group_sam_account_name = group_dn.split(',')[0].split(
'=')[1]
if not group_sam_account_name in results:
results.append(group_sam_account_name)
sam_account_name_to_resolve.append(
group_sam_account_name)
final_results = list()
for group_sam_account_name in results:
obj_member_of = adobj.Group(list())
setattr(obj_member_of, 'samaccountname',
group_sam_account_name)
final_results.append(obj_member_of)
return final_results
else:
if admin_count:
custom_filter += '(admincount=1)'
group_search_filter = custom_filter
group_search_filter += '(objectCategory=group)'
if queried_sid:
group_search_filter += '(objectSid={})'.format(queried_sid)
elif queried_groupname:
group_search_filter += '(name={})'.format(queried_groupname)
if full_data:
attributes = list()
else:
attributes = ['samaccountname']
group_search_filter = '(&{})'.format(group_search_filter)
return self._ldap_search(group_search_filter,
adobj.Group,
attributes=attributes)
def get_netgroup(self, queried_groupname='*', queried_sid=str(),
queried_username=str(), queried_domain=str(),
ads_path=str(), admin_count=False, full_data=False,
custom_filter=str()):
# RFC 4515, section 3
# However if we escape *, we can no longer use wildcard within `--groupname`
if not '*' in queried_groupname:
queried_groupname = escape_filter_chars(queried_groupname)
else:
self._logger.warning('"*" detected in "{}", if it also contains "(",")" or "\\", '
'script will probably crash ("invalid filter"). '
'Don\'t use wildcard with these characters'.format(queried_groupname))
if queried_username:
self._logger.debug('Queried username = {}'.format(queried_username))
results = list()
sam_account_name_to_resolve = [queried_username]
first_run = True
while sam_account_name_to_resolve:
sam_account_name = escape_filter_chars(sam_account_name_to_resolve.pop(0))
if first_run:
first_run = False
if admin_count:
custom_filter = '(&{}(admincount=1))'.format(custom_filter)
objects = self.get_adobject(queried_sam_account_name=sam_account_name,
queried_domain=queried_domain,
ads_path=ads_path, custom_filter=custom_filter)
objects += self.get_adobject(queried_name=sam_account_name,
queried_domain=queried_domain,
ads_path=ads_path, custom_filter=custom_filter)
else:
objects = self.get_adobject(queried_sam_account_name=sam_account_name,
queried_domain=queried_domain)
objects += self.get_adobject(queried_name=sam_account_name,
queried_domain=queried_domain)
for obj in objects:
try:
if not isinstance(obj.memberof, list):
obj.memberof = [obj.memberof]
except AttributeError:
continue
for group_dn in obj.memberof:
group_sam_account_name = group_dn.split(',')[0].split('=')[1]
if not group_sam_account_name in results:
results.append(group_sam_account_name)
sam_account_name_to_resolve.append(group_sam_account_name)
final_results = list()
for group_sam_account_name in results:
obj_member_of = adobj.Group(list())
obj_member_of._attributes_dict['samaccountname'] = group_sam_account_name
final_results.append(obj_member_of)
return final_results
else:
if admin_count:
custom_filter += '(admincount=1)'
group_search_filter = custom_filter
group_search_filter += '(objectCategory=group)'
if queried_sid:
self._logger.debug('Queried SID = {}'.format(queried_username))
group_search_filter += '(objectSid={})'.format(queried_sid)
elif queried_groupname:
self._logger.debug('Queried groupname = {}'.format(queried_groupname))
group_search_filter += '(name={})'.format(queried_groupname)
if full_data:
attributes=list()
else:
attributes=['samaccountname']
group_search_filter = '(&{})'.format(group_search_filter)
return self._ldap_search(group_search_filter, adobj.Group, attributes=attributes)
