def action_usrchk(self, user_name, path): try: user = self.sess.query(User).filter(User.name == user_name.decode("utf-8")).one() except (NoResultFound, MultipleResultsFound): print 'User "%s" not found.' % user_name sys.exit(1) try: domain = SecurityDomain.byPath(path.decode("utf-8")) except (NoResultFound, MultipleResultsFound): print "Domain %s not found." % path sys.exit(1) result = user.inDomain(domain) if not result: print 'User "%s" is not part of domain %s.' % (user.name, path) elif result == DIRECTLY_IN_DOMAIN: print 'User "%s" is directly part of domain %s.' % (user.name, path) elif result == INDIRECTLY_IN_DOMAIN: print 'User "%s" is indirectly part of domain %s.' % (user.name, path)
def action_grpchk(self, group_name, path): try: group = self.sess.query(Group).filter(Group.name == group_name.decode("utf-8")).one() except (NoResultFound, MultipleResultsFound): print 'Group "%s" not found.' % group_name sys.exit(1) try: domain = SecurityDomain.byPath(path.decode("utf-8")) except (NoResultFound, MultipleResultsFound): print "Domain %s not found." % path sys.exit(1) result = group.inDomain(domain) if not result: print 'Group "%s" is not part of domain %s.' % (group.name, path) elif result == DIRECTLY_IN_DOMAIN: print 'Group "%s" is directly part of domain %s.' % (group.name, path) elif result == INDIRECTLY_IN_DOMAIN: print 'Group "%s" is indirectly part of domain %s.' % (group.name, path)
def action_dominfo(self, path): try: domain = SecurityDomain.byPath(path.decode("utf-8")) except (NoResultFound, MultipleResultsFound): print "Domain %s not found." % path sys.exit(1) print """\ About security domain %(path)s: ID: %(id)s Name: %(name)s Parent: %(parent_name)s (%(parent_id)s) Direct Members: NOT IMPLEMENTED Indirect Members: NOT IMPLEMENTED\ """ % { "path": path, "id": domain.id, "name": domain.name, "parent_name": domain.parent.name, "parent_id": domain.parent.id, }
def action_grpdel(self, group_name, path): try: group = self.sess.query(Group).filter(Group.name == group_name.decode("utf-8")).one() except (NoResultFound, MultipleResultsFound): print 'Group "%s" not found.' % group_name sys.exit(1) try: domain = SecurityDomain.byPath(path.decode("utf-8")) except (NoResultFound, MultipleResultsFound): print "Domain %s not found." % path sys.exit(1) if group.inDomain(domain) != DIRECTLY_IN_DOMAIN: print 'Group "%s" is not directly part of domain %s.' % (group.name, path) return group.security_domains.remove(domain) self.sess.merge(group) self.sess.commit() print 'Group "%s" removed from domain %s.' % (group.name, path)
def action_grpadd(self, group_name, path): try: group = self.sess.query(Group).filter(Group.name == group_name.decode("utf-8")).one() except (NoResultFound, MultipleResultsFound): print 'Group "%s" not found.' % group_name sys.exit(1) try: domain = SecurityDomain.byPath(path.decode("utf-8")) except (NoResultFound, MultipleResultsFound): print "Domain %s not found." % path sys.exit(1) if group.inDomain(domain): print 'Group "%s" is already part of domain %s.' % (group.name, path) return group.security_domains.append(domain) self.sess.merge(group) self.sess.commit() print 'Group "%s" added to domain %s.' % (group.name, path)
def action_domdel(self, path): try: domain = SecurityDomain.byPath(path.decode("utf-8")) except (NoResultFound, MultipleResultsFound): print "Domain %s not found." % path sys.exit(1) affected_domains = [] def recursiveDomainDelete(domain, path=()): affected_domains.append(".".join(path)) for child in domain.children: recursiveDomainDelete(child, path + (child.name,)) self.sess.delete(domain) recursiveDomainDelete(domain, tuple(path.split("."))) self.sess.commit() print "The following domains were deleted:" for domain_name in affected_domains: print " * %s" % domain_name
def _closure(self, core, session): user = session.user if user.inDomain(SecurityDomain.byPath(domain_path)): fn(self, core, session) else: user.sendEx(core.bus, PacketError(severity=SEVERITY_WARN, msg="Not permitted to perform action."))