def setPasswdExpiration(uid, can_expire=False):
return SambaLDAP().setPasswdExpiration(uid, can_expire)
def enableUser(uid):
return SambaLDAP().enableUser(uid)
def getMachinesLdap(searchFilter=""):
ldapObj = SambaLDAP()
searchFilter = cleanFilter(searchFilter)
return ldapObj.searchMachine(searchFilter)
def activate():
"""
this function define if the module "base" can be activated.
@return: return True if this module can be activate
@rtype: boolean
"""
config = SambaConfig("samba")
if config.disabled:
logger.info("samba plugin disabled by configuration.")
return False
if config.defaultSharesPath:
if config.defaultSharesPath.endswith("/"):
logger.error("Trailing / is not allowed in defaultSharesPath")
return False
if not os.path.exists(config.defaultSharesPath):
logger.error("The default shares path '%s' does not exist" % config.defaultSharesPath)
return False
for cpath in config.authorizedSharePaths:
if cpath.endswith("/"):
logger.error("Trailing / is not allowed in authorizedSharePaths")
return False
if not os.path.exists(cpath):
logger.error("The authorized share path '%s' does not exist" % cpath)
return False
# Verify if samba conf file exist
conf = config.samba_conf_file
if not os.path.exists(conf):
logger.error(conf + " does not exist")
return False
# validate smb.conf
smbconf = SambaConf()
if not smbconf.validate(conf):
logger.error("SAMBA configuration file is not valid")
return False
# For each share, test if it sharePath exists
for share in getDetailedShares():
shareName = share[0]
infos = shareInfo(shareName)
if infos:
sharePath = infos["sharePath"]
if sharePath and not "%" in sharePath and not os.path.exists(sharePath):
# only show error
logger.error("The samba share path '%s' does not exist." % sharePath)
else:
return False
try:
ldapObj = ldapUserGroupControl()
except ldap.INVALID_CREDENTIALS:
logger.error("Can't bind to LDAP: invalid credentials.")
return False
# Test if the Samba LDAP schema is available in the directory
try:
schema = ldapObj.getSchema("sambaSamAccount")
if len(schema) <= 0:
logger.error("Samba schema is not included in LDAP directory")
return False
except:
logger.exception("invalid schema")
return False
# Verify if init script exist
init = config.samba_init_script
if not os.path.exists(init):
logger.error(init + " does not exist")
return False
# If SAMBA is defined as a PDC, make extra checks
if smbconf.isPdc():
samba = SambaLDAP()
# Create SAMBA computers account OU if it doesn't exist
head, path = samba.baseComputersDN.split(",", 1)
ouName = head.split("=")[1]
samba.addOu(ouName, path)
# Check that a sambaDomainName entry is in LDAP directory
domainInfos = samba.getDomain()
# Set domain policy
samba.setDomainPolicy()
if not domainInfos:
logger.error(
"Can't find sambaDomainName entry in LDAP for domain %s. Please check your SAMBA LDAP configuration."
% smbconf.getContent("global", "workgroup")
)
return False
smbconfbasesuffix = smbconf.getContent("global", "ldap suffix")
if not smbconfbasesuffix:
logger.error("SAMBA 'ldap suffix' option is not setted.")
return False
if ldap.explode_dn(samba.baseDN) != ldap.explode_dn(smbconfbasesuffix):
logger.error("SAMBA 'ldap suffix' option is not equal to MMC 'baseDN' option.")
return False
# Check that SAMBA and MMC given OU are in sync
for option in [
("ldap user suffix", "baseUsersDN", samba.baseUsersDN),
("ldap group suffix", "baseGroupsDN", samba.baseGroupsDN),
("ldap machine suffix", "baseComputersDN", samba.baseComputersDN),
]:
smbconfsuffix = smbconf.getContent("global", option[0])
if not smbconfsuffix:
logger.error("SAMBA '" + option[0] + "' option is not setted")
return False
# Do a case insensitive comparison of the corresponding MMC / SAMBA options
if ldap.explode_rdn(smbconfsuffix)[0].lower() != ldap.explode_rdn(option[2])[0].lower():
logger.error("SAMBA option '" + option[0] + "' is not equal to MMC '" + option[1] + "' option.")
return False
# Check that "ldap delete dn" SAMBA option is set to "No"
smbconfdeletedn = smbconf.isValueTrue(smbconf.getContent("global", "ldap delete dn"))
if smbconfdeletedn == 1:
logger.error("SAMBA option 'ldap delete dn' must be disabled.")
return False
# Check that Domain Computers group exists
# We need it to put a machine account in the right group when joigning it to the domain
if not samba.getDomainComputersGroup():
logger.error(
"Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Computers' group. Please check your SAMBA LDAP configuration."
)
return False
# Check that Domain Admins group exists
if not samba.getDomainAdminsGroup():
logger.error(
"Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Admins' group. Please check your SAMBA LDAP configuration."
)
return False
# Check that Domain Guests group exists
if not samba.getDomainGuestsGroup():
logger.error(
"Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Guests' group. Please check your SAMBA LDAP configuration."
)
return False
# Check that Domain Users group exists
if not samba.getDomainUsersGroup():
logger.error(
"Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Users' group. Please check your SAMBA LDAP configuration."
)
return False
# Check that add machine script option is set, and that the given script exist
addMachineScript = smbconf.getContent("global", "add machine script")
if not addMachineScript:
logger.error("SAMBA 'add machine script' option is not set.")
return False
else:
script = addMachineScript.split(" ")[0]
if not os.path.exists(script):
logger.error("SAMBA 'add machine script' option is set to a non existing file: " + script)
return False
# Issue a warning if NSCD is running
if (
os.path.exists("/var/run/nscd.pid")
or os.path.exists("/var/run/.nscd_socket")
or os.path.exists("/var/run/nscd")
):
logger.warning("Looks like NSCD is installed on your system. You should not run NSCD on a SAMBA server.")
# Check that os level is set to 255
oslevel = smbconf.getContent("global", "os level")
if int(oslevel) < 255:
logger.debug("Set SAMBA os level to 255.")
smbconf.setContent("global", "os level", "255")
smbconf.save()
reloadSamba()
try:
from mmc.plugins.dashboard.manager import DashboardManager
from mmc.plugins.samba.panel import SambaPanel
DM = DashboardManager()
DM.register_panel(SambaPanel("samba"))
except ImportError:
pass
return True
def addMachine(name, comment, addMachineScript=False):
return SambaLDAP().addMachine(name, comment, addMachineScript)
def getMachine(name):
return SambaLDAP().getMachine(name)
def changeUserPasswd(uid, password, oldpasswd=None, bind=False):
return SambaLDAP().changeUserPasswd(uid, password, oldpasswd, bind)
def unlockUser(uid):
return SambaLDAP().unlockUser(uid)
def isSmbUser(uid):
return SambaLDAP().isSmbUser(uid)
def userPasswdHasExpired(uid):
return SambaLDAP().userPasswdHasExpired(uid)
def addSmbAttr(uid, password):
return SambaLDAP().addSmbAttr(uid, password)
def setDomainPolicy():
return SambaLDAP().setDomainPolicy()
def getDomainAdminsGroup():
return SambaLDAP().getDomainAdminsGroup()
def disableUser(uid):
return SambaLDAP().disableUser(uid)
def changeSambaAttributes(uid, attributes):
return SambaLDAP().changeSambaAttributes(uid, attributes)
def lockUser(uid):
return SambaLDAP().lockUser(uid)
def changeUserPrimaryGroup(uid, groupName):
return SambaLDAP().changeUserPrimaryGroup(uid, groupName)
def makeSambaGroup(group):
return SambaLDAP().makeSambaGroup(group)
def delSmbAttr(uid):
return SambaLDAP().delSmbAttr(uid)
def delMachine(name):
return SambaLDAP().delMachine(name)
def isEnabledUser(uid):
return SambaLDAP().isEnabledUser(uid)
def changeMachine(name, options):
return SambaLDAP().changeMachine(name, options)
def isLockedUser(uid):
return SambaLDAP().isLockedUser(uid)
def activate():
"""
this function define if the module "base" can be activated.
@return: return True if this module can be activate
@rtype: boolean
"""
config = SambaConfig("samba")
if config.disabled:
logger.info("samba plugin disabled by configuration.")
return False
if config.defaultSharesPath:
if config.defaultSharesPath.endswith("/"):
logger.error("Trailing / is not allowed in defaultSharesPath")
return False
if not os.path.exists(config.defaultSharesPath):
logger.error("The default shares path '%s' does not exist" %
config.defaultSharesPath)
return False
for cpath in config.authorizedSharePaths:
if cpath.endswith("/"):
logger.error("Trailing / is not allowed in authorizedSharePaths")
return False
if not os.path.exists(cpath):
logger.error("The authorized share path '%s' does not exist" %
cpath)
return False
# Verify if samba conf file exist
conf = config.samba_conf_file
if not os.path.exists(conf):
logger.error(conf + " does not exist")
return False
# validate smb.conf
smbconf = SambaConf()
if not smbconf.validate(conf):
logger.error("SAMBA configuration file is not valid")
return False
# For each share, test if it sharePath exists
for share in getDetailedShares():
shareName = share[0]
infos = shareInfo(shareName)
if infos:
sharePath = infos['sharePath']
if sharePath and not '%' in sharePath and not os.path.exists(
sharePath):
# only show error
logger.error("The samba share path '%s' does not exist." %
sharePath)
else:
return False
try:
ldapObj = ldapUserGroupControl()
except ldap.INVALID_CREDENTIALS:
logger.error("Can't bind to LDAP: invalid credentials.")
return False
# Test if the Samba LDAP schema is available in the directory
try:
schema = ldapObj.getSchema("sambaSamAccount")
if len(schema) <= 0:
logger.error("Samba schema is not included in LDAP directory")
return False
except:
logger.exception("invalid schema")
return False
# Verify if init script exist
init = config.samba_init_script
if not os.path.exists(init):
logger.error(init + " does not exist")
return False
# If SAMBA is defined as a PDC, make extra checks
if smbconf.isPdc():
samba = SambaLDAP()
# Create SAMBA computers account OU if it doesn't exist
head, path = samba.baseComputersDN.split(",", 1)
ouName = head.split("=")[1]
samba.addOu(ouName, path)
# Check that a sambaDomainName entry is in LDAP directory
domainInfos = samba.getDomain()
# Set domain policy
samba.setDomainPolicy()
if not domainInfos:
logger.error(
"Can't find sambaDomainName entry in LDAP for domain %s. Please check your SAMBA LDAP configuration."
% smbconf.getContent("global", "workgroup"))
return False
smbconfbasesuffix = smbconf.getContent("global", "ldap suffix")
if not smbconfbasesuffix:
logger.error("SAMBA 'ldap suffix' option is not setted.")
return False
if ldap.explode_dn(samba.baseDN) != ldap.explode_dn(smbconfbasesuffix):
logger.error(
"SAMBA 'ldap suffix' option is not equal to MMC 'baseDN' option."
)
return False
# Check that SAMBA and MMC given OU are in sync
for option in [
("ldap user suffix", "baseUsersDN", samba.baseUsersDN),
("ldap group suffix", "baseGroupsDN", samba.baseGroupsDN),
("ldap machine suffix", "baseComputersDN", samba.baseComputersDN)
]:
smbconfsuffix = smbconf.getContent("global", option[0])
if not smbconfsuffix:
logger.error("SAMBA '" + option[0] + "' option is not setted")
return False
# Do a case insensitive comparison of the corresponding MMC / SAMBA options
if ldap.explode_rdn(smbconfsuffix)[0].lower() != ldap.explode_rdn(
option[2])[0].lower():
logger.error("SAMBA option '" + option[0] +
"' is not equal to MMC '" + option[1] +
"' option.")
return False
# Check that "ldap delete dn" SAMBA option is set to "No"
smbconfdeletedn = smbconf.isValueTrue(
smbconf.getContent("global", "ldap delete dn"))
if smbconfdeletedn == 1:
logger.error("SAMBA option 'ldap delete dn' must be disabled.")
return False
# Check that Domain Computers group exists
# We need it to put a machine account in the right group when joigning it to the domain
if not samba.getDomainComputersGroup():
logger.error(
"Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Computers' group. Please check your SAMBA LDAP configuration."
)
return False
# Check that Domain Admins group exists
if not samba.getDomainAdminsGroup():
logger.error(
"Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Admins' group. Please check your SAMBA LDAP configuration."
)
return False
# Check that Domain Guests group exists
if not samba.getDomainGuestsGroup():
logger.error(
"Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Guests' group. Please check your SAMBA LDAP configuration."
)
return False
# Check that Domain Users group exists
if not samba.getDomainUsersGroup():
logger.error(
"Can't find sambaGroupMapping entry in LDAP corresponding to 'Domain Users' group. Please check your SAMBA LDAP configuration."
)
return False
# Check that add machine script option is set, and that the given script exist
addMachineScript = smbconf.getContent("global", "add machine script")
if not addMachineScript:
logger.error("SAMBA 'add machine script' option is not set.")
return False
else:
script = addMachineScript.split(" ")[0]
if not os.path.exists(script):
logger.error(
"SAMBA 'add machine script' option is set to a non existing file: "
+ script)
return False
# Issue a warning if NSCD is running
if os.path.exists("/var/run/nscd.pid") or os.path.exists(
"/var/run/.nscd_socket") or os.path.exists("/var/run/nscd"):
logger.warning(
"Looks like NSCD is installed on your system. You should not run NSCD on a SAMBA server."
)
# Check that os level is set to 255
oslevel = smbconf.getContent("global", "os level")
if int(oslevel) < 255:
logger.debug("Set SAMBA os level to 255.")
smbconf.setContent("global", "os level", "255")
smbconf.save()
reloadSamba()
try:
from mmc.plugins.dashboard.manager import DashboardManager
from mmc.plugins.samba.panel import SambaPanel
DM = DashboardManager()
DM.register_panel(SambaPanel("samba"))
except ImportError:
pass
return True
def getMachinesLdap(searchFilter=""):
ldapObj = SambaLDAP()
searchFilter = cleanFilter(searchFilter)
return ldapObj.searchMachine(searchFilter)
