def action_usrchk(self, user_name, path):
try:
user = self.sess.query(User).filter(User.name == user_name.decode("utf-8")).one()
except (NoResultFound, MultipleResultsFound):
print 'User "%s" not found.' % user_name
sys.exit(1)
try:
domain = SecurityDomain.byPath(path.decode("utf-8"))
except (NoResultFound, MultipleResultsFound):
print "Domain %s not found." % path
sys.exit(1)
result = user.inDomain(domain)
if not result:
print 'User "%s" is not part of domain %s.' % (user.name, path)
elif result == DIRECTLY_IN_DOMAIN:
print 'User "%s" is directly part of domain %s.' % (user.name, path)
elif result == INDIRECTLY_IN_DOMAIN:
print 'User "%s" is indirectly part of domain %s.' % (user.name, path)
def action_grpchk(self, group_name, path):
try:
group = self.sess.query(Group).filter(Group.name == group_name.decode("utf-8")).one()
except (NoResultFound, MultipleResultsFound):
print 'Group "%s" not found.' % group_name
sys.exit(1)
try:
domain = SecurityDomain.byPath(path.decode("utf-8"))
except (NoResultFound, MultipleResultsFound):
print "Domain %s not found." % path
sys.exit(1)
result = group.inDomain(domain)
if not result:
print 'Group "%s" is not part of domain %s.' % (group.name, path)
elif result == DIRECTLY_IN_DOMAIN:
print 'Group "%s" is directly part of domain %s.' % (group.name, path)
elif result == INDIRECTLY_IN_DOMAIN:
print 'Group "%s" is indirectly part of domain %s.' % (group.name, path)
def action_dominfo(self, path):
try:
domain = SecurityDomain.byPath(path.decode("utf-8"))
except (NoResultFound, MultipleResultsFound):
print "Domain %s not found." % path
sys.exit(1)
print """\
About security domain %(path)s:
ID: %(id)s
Name: %(name)s
Parent: %(parent_name)s (%(parent_id)s)
Direct Members: NOT IMPLEMENTED
Indirect Members: NOT IMPLEMENTED\
""" % {
"path": path,
"id": domain.id,
"name": domain.name,
"parent_name": domain.parent.name,
"parent_id": domain.parent.id,
}
def action_grpdel(self, group_name, path):
try:
group = self.sess.query(Group).filter(Group.name == group_name.decode("utf-8")).one()
except (NoResultFound, MultipleResultsFound):
print 'Group "%s" not found.' % group_name
sys.exit(1)
try:
domain = SecurityDomain.byPath(path.decode("utf-8"))
except (NoResultFound, MultipleResultsFound):
print "Domain %s not found." % path
sys.exit(1)
if group.inDomain(domain) != DIRECTLY_IN_DOMAIN:
print 'Group "%s" is not directly part of domain %s.' % (group.name, path)
return
group.security_domains.remove(domain)
self.sess.merge(group)
self.sess.commit()
print 'Group "%s" removed from domain %s.' % (group.name, path)
def action_grpadd(self, group_name, path):
try:
group = self.sess.query(Group).filter(Group.name == group_name.decode("utf-8")).one()
except (NoResultFound, MultipleResultsFound):
print 'Group "%s" not found.' % group_name
sys.exit(1)
try:
domain = SecurityDomain.byPath(path.decode("utf-8"))
except (NoResultFound, MultipleResultsFound):
print "Domain %s not found." % path
sys.exit(1)
if group.inDomain(domain):
print 'Group "%s" is already part of domain %s.' % (group.name, path)
return
group.security_domains.append(domain)
self.sess.merge(group)
self.sess.commit()
print 'Group "%s" added to domain %s.' % (group.name, path)
def action_domdel(self, path):
try:
domain = SecurityDomain.byPath(path.decode("utf-8"))
except (NoResultFound, MultipleResultsFound):
print "Domain %s not found." % path
sys.exit(1)
affected_domains = []
def recursiveDomainDelete(domain, path=()):
affected_domains.append(".".join(path))
for child in domain.children:
recursiveDomainDelete(child, path + (child.name,))
self.sess.delete(domain)
recursiveDomainDelete(domain, tuple(path.split(".")))
self.sess.commit()
print "The following domains were deleted:"
for domain_name in affected_domains:
print " * %s" % domain_name
def _closure(self, core, session):
user = session.user
if user.inDomain(SecurityDomain.byPath(domain_path)):
fn(self, core, session)
else:
user.sendEx(core.bus, PacketError(severity=SEVERITY_WARN, msg="Not permitted to perform action."))