def setUp(self):
super(DCKeytabTests, self).setUp()
self.lp = LoadParm()
self.lp.load_default()
self.creds = self.insta_creds(template=self.get_credentials())
self.ktfile = os.path.join(self.lp.get('private dir'), 'test.keytab')
self.principal = self.creds.get_principal()
def force_drs_replication(source_dc=None,
destination_dc=None,
partition_dn=None,
direction="in"):
if not package_installed('univention-samba4'):
print(
'force_drs_replication(): skip, univention-samba4 not installed.')
return
if not source_dc:
source_dc = get_available_s4connector_dc()
if not source_dc:
return 1
if not destination_dc:
destination_dc = socket.gethostname()
if destination_dc == source_dc:
return
if not partition_dn:
lp = LoadParm()
lp.load('/etc/samba/smb.conf')
samdb = SamDB("tdb://%s" % lp.private_path("sam.ldb"),
session_info=system_session(lp),
lp=lp)
partition_dn = str(samdb.domain_dn())
print("USING partition_dn:", partition_dn)
if direction == "in":
cmd = ("/usr/bin/samba-tool", "drs", "replicate", destination_dc,
source_dc, partition_dn)
else:
cmd = ("/usr/bin/samba-tool", "drs", "replicate", source_dc,
destination_dc, partition_dn)
return subprocess.call(cmd)
def __init__(self, parser):
from samba import fault_setup
fault_setup()
from samba.param import LoadParm
optparse.OptionGroup.__init__(self, parser, "Samba Common Options")
self.add_option("-s",
"--configfile",
action="callback",
type=str,
metavar="FILE",
help="Configuration file",
callback=self._load_configfile)
self.add_option("-d",
"--debuglevel",
action="callback",
type=str,
metavar="DEBUGLEVEL",
help="debug level",
callback=self._set_debuglevel)
self.add_option("--option",
action="callback",
type=str,
metavar="OPTION",
help="set smb.conf option from command line",
callback=self._set_option)
self.add_option("--realm",
action="callback",
type=str,
metavar="REALM",
help="set the realm name",
callback=self._set_realm)
self._configfile = None
self._lp = LoadParm()
self.realm = None
def setUp(self):
super(GPOTests, self).setUp()
self.server = os.environ["SERVER"]
self.dc_account = self.server.upper() + '$'
self.lp = LoadParm()
self.lp.load_default()
self.creds = self.insta_creds(template=self.get_credentials())
class DCKeytabTests(tests.TestCase):
def setUp(self):
super(DCKeytabTests, self).setUp()
self.lp = LoadParm()
self.lp.load_default()
self.creds = self.insta_creds(template=self.get_credentials())
self.ktfile = os.path.join(self.lp.get('private dir'), 'test.keytab')
self.principal = self.creds.get_principal()
def tearDown(self):
super(DCKeytabTests, self).tearDown()
os.remove(self.ktfile)
def test_export_keytab(self):
net = Net(None, self.lp)
net.export_keytab(keytab=self.ktfile, principal=self.principal)
assert os.path.exists(self.ktfile), 'keytab was not created'
with open_bytes(self.ktfile) as bytes_kt:
result = ''
for c in bytes_kt.read():
if c in string.printable:
result += c
principal_parts = self.principal.split('@')
assert principal_parts[0] in result and \
principal_parts[1] in result, \
'Principal not found in generated keytab'
def test_setntacl(self):
lp = LoadParm()
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
open(self.tempf, 'w').write("empty")
lp.set("posix:eadb",os.path.join(self.tempdir,"eadbtest.tdb"))
setntacl(lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467")
os.unlink(os.path.join(self.tempdir,"eadbtest.tdb"))
def dc_watcher(self):
(r1, w1) = os.pipe()
pid = os.fork()
if pid != 0:
# Parent process return the result socket to the caller.
return r1
# Load the lp context for the Domain Controller, rather than the
# member server.
config_file = os.environ["DC_SERVERCONFFILE"]
lp_ctx = LoadParm()
lp_ctx.load(config_file)
#
# Is the message a SamLogon authentication?
def is_sam_logon(m):
if m is None:
return False
msg = json.loads(m)
return (
msg["type"] == "Authentication" and
msg["Authentication"]["serviceDescription"] == "SamLogon")
#
# Handler function for received authentication messages.
def message_handler(context, msgType, src, message):
# Print the message to help debugging the tests.
# as it's a JSON message it does not look like a sub-unit message.
print(message)
self.dc_msgs.append(message)
# Set up a messaging context to listen for authentication events on
# the domain controller.
msg_ctx = Messaging((1,), lp_ctx=lp_ctx)
msg_ctx.irpc_add_name(AUTH_EVENT_NAME)
msg_handler_and_context = (message_handler, None)
msg_ctx.register(msg_handler_and_context, msg_type=MSG_AUTH_LOG)
# Wait for the SamLogon message.
# As there could be other SamLogon's in progress we need to collect
# all the SamLogons and let the caller match them to the session.
self.dc_msgs = []
start_time = time.time()
while (time.time() - start_time < 1):
msg_ctx.loop_once(0.1)
# Only interested in SamLogon messages, filter out the rest
msgs = list(filter(is_sam_logon, self.dc_msgs))
if msgs:
for m in msgs:
os.write(w1, get_bytes(m+"\n"))
else:
os.write(w1, get_bytes("None\n"))
os.close(w1)
msg_ctx.deregister(msg_handler_and_context, msg_type=MSG_AUTH_LOG)
msg_ctx.irpc_remove_name(AUTH_EVENT_NAME)
os._exit(0)
class DCKeytabTests(tests.TestCase):
def setUp(self):
super(DCKeytabTests, self).setUp()
self.lp = LoadParm()
self.lp.load_default()
self.creds = self.insta_creds(template=self.get_credentials())
self.ktfile = os.path.join(self.lp.get('private dir'), 'test.keytab')
self.principal = self.creds.get_principal()
def tearDown(self):
super(DCKeytabTests, self).tearDown()
os.remove(self.ktfile)
def test_export_keytab(self):
net = Net(None, self.lp)
net.export_keytab(keytab=self.ktfile, principal=self.principal)
assert os.path.exists(self.ktfile), 'keytab was not created'
with open_bytes(self.ktfile) as bytes_kt:
result = ''
for c in bytes_kt.read():
if c in string.printable:
result += c
principal_parts = self.principal.split('@')
assert principal_parts[0] in result and \
principal_parts[1] in result, \
'Principal not found in generated keytab'
def test_setntacl(self):
lp = LoadParm()
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
open(self.tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb"))
setntacl(lp, self.tempf, acl,
"S-1-5-21-2212615479-2695158682-2101375467")
os.unlink(os.path.join(self.tempdir, "eadbtest.tdb"))
def test_setntacl_forcenative(self):
if os.getuid() == 0:
raise SkipTest("Running test as root, test skipped")
lp = LoadParm()
open(self.tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb"))
self.assertRaises(Exception, setntacl, lp, self.tempf, NTACL_SDDL,
DOMAIN_SID, "native")
def test_setntacl_forcenative(self):
if os.getuid() == 0:
raise SkipTest("Running test as root, test skipped")
lp = LoadParm()
open(self.tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb"))
self.assertRaises(Exception, setntacl, lp, self.tempf, NTACL_SDDL,
DOMAIN_SID, self.session_info, "native")
def _wait_for_drs_replication(ldap_filter, attrs=None, base=None, scope=ldb.SCOPE_SUBTREE, lp=None, timeout=360, delta_t=1, verbose=True, should_exist=True, controls=None):
# type: (str, Union[List[str], None, str], Optional[str], int, Optional[LoadParm], int, int, bool, bool, Optional[List[str]]) -> None
if not package_installed('univention-samba4'):
if package_installed('univention-samba'):
time.sleep(15)
print('Sleeping 15 seconds as a workaround for http://forge.univention.org/bugzilla/show_bug.cgi?id=52145')
elif verbose:
print('wait_for_drs_replication(): skip, univention-samba4 not installed.')
return
if not attrs:
attrs = ['dn']
elif not isinstance(attrs, list):
attrs = [attrs]
if not lp:
lp = LoadParm()
lp.load('/etc/samba/smb.conf')
samdb = SamDB("tdb://%s" % lp.private_path("sam.ldb"), session_info=system_session(lp), lp=lp)
if not controls:
controls = ["domain_scope:0"]
if base is None:
ucr = config_registry.ConfigRegistry()
ucr.load()
base = ucr['samba4/ldap/base']
else:
if len(ldap.dn.str2dn(base)[0]) > 1:
if verbose:
print('wait_for_drs_replication(): skip, multiple RDNs are not supported')
return
if not base:
if verbose:
print('wait_for_drs_replication(): skip, no samba domain found')
return
if verbose:
print("Waiting for DRS replication, filter: %r, base: %r, scope: %r, should_exist: %r" % (ldap_filter, base, scope, should_exist), end=' ')
t = t0 = time.time()
while t < t0 + timeout:
try:
res = samdb.search(base=base, scope=scope, expression=ldap_filter, attrs=attrs, controls=controls)
if bool(res) is bool(should_exist):
if verbose:
print("\nDRS replication took %d seconds" % (t - t0, ))
return # res
except ldb.LdbError as exc:
(_num, msg) = exc.args
if _num == ldb.ERR_INVALID_DN_SYNTAX:
raise
if _num == ldb.ERR_NO_SUCH_OBJECT and not should_exist:
if verbose:
print("\nDRS replication took %d seconds" % (t - t0, ))
return
print("Error during samdb.search: %s" % (msg, ))
print('.', end=' ')
time.sleep(delta_t)
t = time.time()
raise DRSReplicationFailed("DRS replication for filter: %r failed due to timeout after %d sec." % (ldap_filter, t - t0))
class AuthSMB4(object):
def __init__(self, user, password):
self.user = user
self.password = password
_isLastErrorAvailable = False
self.lp = LoadParm()
self.lp.load_default()
self.ip = '127.0.0.1'
self.WorkGroup = str(self.lp.get("workgroup"))
self.creds = credentials.Credentials()
self.creds.set_username(self.user)
self.creds.set_password(self.password)
self.creds.set_domain(self.WorkGroup)
self.creds.set_workstation("")
self.logger = logging.getLogger(__name__)
self.logger.addHandler(logging.StreamHandler(sys.stdout))
self.logger.setLevel(logging.INFO)
def Autenticate(self):
try:
session_info_flags = (AUTH_SESSION_INFO_DEFAULT_GROUPS
| AUTH_SESSION_INFO_AUTHENTICATED)
LdapConn = samba.Ldb("ldap://%s" % self.ip,
lp=self.lp,
credentials=self.creds)
DomainDN = LdapConn.get_default_basedn()
search_filter = "sAMAccountName=%s" % self.user
res = LdapConn.search(base=DomainDN,
scope=SCOPE_SUBTREE,
expression=search_filter,
attrs=["dn"])
if len(res) == 0:
return False
user_dn = res[0].dn
session = samba.auth.user_session(
LdapConn,
lp_ctx=self.lp,
dn=user_dn,
session_info_flags=session_info_flags)
token = session.security_token
if (token.has_builtin_administrators()):
return True
if (token.is_system()):
return True
except Exception, e:
if (len(e.args) > 1):
self.logger.info("%s %s" % (e.args[1], e.args[0]))
self.SetError(e.args[1], e.args[0])
else:
self.logger.info("%s " % (e.args[0]))
self.SetError(e.args, 0)
return False
def test_setntacl_forcenative(self):
if os.getuid() == 0:
raise SkipTest("Running test as root, test skipped")
lp = LoadParm()
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
open(self.tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(self.tempdir,"eadbtest.tdb"))
self.assertRaises(Exception, setntacl, lp, self.tempf ,acl,
"S-1-5-21-2212615479-2695158682-2101375467","native")
def test_setntacl_getntacl(self):
lp = LoadParm()
open(self.tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb"))
setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID)
facl = getntacl(lp, self.tempf)
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(facl.as_sddl(anysid), NTACL_SDDL)
os.unlink(os.path.join(self.tempdir, "eadbtest.tdb"))
def test_setntacl_getntacl(self):
lp = LoadParm()
open(self.tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb"))
setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID, self.session_info)
facl = getntacl(lp, self.tempf, self.session_info)
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEqual(facl.as_sddl(anysid), NTACL_SDDL)
os.unlink(os.path.join(self.tempdir, "eadbtest.tdb"))
def wait_for_drs_replication(ldap_filter, attrs=None, base=None, scope=ldb.SCOPE_SUBTREE, lp=None, timeout=360, delta_t=1, verbose=True, should_exist=True, controls=None):
if not package_installed('univention-samba4'):
if verbose:
print('wait_for_drs_replication(): skip, univention-samba4 not installed.')
return
if not lp:
lp = LoadParm()
lp.load('/etc/samba/smb.conf')
if not attrs:
attrs = ['dn']
elif not isinstance(attrs, list):
attrs = [attrs]
samdb = SamDB("tdb://%s" % lp.private_path("sam.ldb"), session_info=system_session(lp), lp=lp)
if not controls:
controls = ["domain_scope:0"]
if base is None:
base = samdb.domain_dn()
else:
if len(ldap.dn.str2dn(base)[0]) > 1:
if verbose:
print('wait_for_drs_replication(): skip, multiple RDNs are not supported')
return
if not base or base == 'None':
if verbose:
print('wait_for_drs_replication(): skip, no samba domain found')
return
if verbose:
print("Waiting for DRS replication, filter: %r, base: %r, scope: %r, should_exist: %r" % (ldap_filter, base, scope, should_exist), end=' ')
t = t0 = time.time()
while t < t0 + timeout:
try:
res = samdb.search(base=base, scope=scope, expression=ldap_filter, attrs=attrs, controls=controls)
if res and should_exist:
if verbose:
print("\nDRS replication took %d seconds" % (t - t0, ))
return res
if not res and not should_exist:
if verbose:
print("\nDRS replication took %d seconds" % (t - t0, ))
return res
except ldb.LdbError as exc:
(_num, msg) = exc.args
if _num == ldb.ERR_INVALID_DN_SYNTAX:
raise
if _num == ldb.ERR_NO_SUCH_OBJECT and not should_exist:
if verbose:
print("\nDRS replication took %d seconds" % (t - t0, ))
return
print("Error during samdb.search: %s" % (msg, ))
print('.', end=' ')
time.sleep(delta_t)
t = time.time()
raise DRSReplicationFailed("DRS replication for filter: %r failed due to timeout after %d sec." % (ldap_filter, t - t0))
def __init__(self):
self.samba_lp = LoadParm()
self.samba_lp.set('debug level', '0')
self.samba_lp.load_default()
url = self.samba_lp.get('dcerpc_mapiproxy:samdb_url') or \
self.samba_lp.private_path("sam.ldb")
self.samdb = SamDB(url=url,
lp=self.samba_lp,
session_info=system_session())
self.conn = self._open_mysql_connection()
def __init__(self, user, password):
self.user = user
self.password = password
_isLastErrorAvailable = False
self.lp = LoadParm()
self.lp.load_default()
self.logger = logging.getLogger(__name__)
self.logger.addHandler(logging.StreamHandler(sys.stdout))
self.logger.setLevel(logging.INFO)
def test_setntacl_getntacl(self):
lp = LoadParm()
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
open(self.tempf, 'w').write("empty")
lp.set("posix:eadb",os.path.join(self.tempdir,"eadbtest.tdb"))
setntacl(lp,self.tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467")
facl = getntacl(lp,self.tempf)
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(facl.as_sddl(anysid),acl)
os.unlink(os.path.join(self.tempdir,"eadbtest.tdb"))
def test_setntacl_forcenative(self):
if os.getuid() == 0:
raise SkipTest("Running test as root, test skipped")
lp = LoadParm()
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
open(self.tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb"))
self.assertRaises(Exception, setntacl, lp, self.tempf, acl,
"S-1-5-21-2212615479-2695158682-2101375467",
"native")
def parametros(fichero=False):
"""
Intento ser un poco cuidadoso con la forma en que obtenemos la configuración
"""
try:
lp = LoadParm()
lp.load_default() if fichero is False else lp.load(fichero)
return lp
except RuntimeError as e:
log.warning(e.message)
raise ConfiguracionException(e)
def test_setntacl_getntacl(self):
lp = LoadParm()
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
open(self.tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb"))
setntacl(lp, self.tempf, acl,
"S-1-5-21-2212615479-2695158682-2101375467")
facl = getntacl(lp, self.tempf)
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(facl.as_sddl(anysid), acl)
os.unlink(os.path.join(self.tempdir, "eadbtest.tdb"))
def __init__(self, user, password):
self.user = user
self.password = password
self.lp = LoadParm()
self.lp.load_default()
self.ip = '127.0.0.1'
self.WorkGroup = str(self.lp.get("workgroup"))
self.creds = credentials.Credentials()
self.creds.set_username(self.user)
self.creds.set_password(self.password)
self.creds.set_domain(self.WorkGroup)
self.creds.set_workstation("")
def test_setntacl(self):
random.seed()
lp = LoadParm()
path = os.environ['SELFTEST_PREFIX']
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
ntacl = xattr.NTACL()
ntacl.version = 1
open(tempf, 'w').write("empty")
lp.set("posix:eadb",os.path.join(path,"eadbtest.tdb"))
setntacl(lp, tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467")
os.unlink(tempf)
def main():
args = parse_args()
logging.basicConfig(level=logging.DEBUG if args.debug else logging.WARNING)
inpipe = sys.stdin
outpipe = sys.stdout
if args.unix:
import socket
try:
os.remove(args.unix)
except OSError:
pass
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
sock.bind(args.unix)
os.chmod(args.unix, 0o777)
logger.debug("Bound unix socket: {}".format(args.unix))
logger.info("Waiting for connection at {}".format(args.unix))
sock.listen(1)
csock, client_address = sock.accept()
logger.info("Accepted connection from {}".format(client_address))
inpipe = outpipe = csock.makefile()
lp = LoadParm()
lp.load_default()
creds = Credentials()
creds.guess(lp)
creds.set_kerberos_state(MUST_USE_KERBEROS)
# If MUST_USE_KERBEROS and we have no ticket, yields this error:
# "Failed to connect to 'ldap://dc1' with backend 'ldap': LDAP client
# internal error: NT_STATUS_INVALID_PARAMETER"
# lp is required by ldap_connect_send() -> lpcfg_resolve_context()
samdb = SamDB(lp=lp, url=args.url, credentials=creds)
logger.debug("Opened SAM DB:")
logger.debug(" domain_dn: {}".format(samdb.domain_dn()))
logger.debug(" domain_dns_name: {}".format(samdb.domain_dns_name()))
try:
r = SambaResponder(samdb, inpipe, outpipe)
r.run()
finally:
if args.unix:
try:
os.remove(args.unix)
except OSError:
pass
class GPOTests(tests.TestCase):
def setUp(self):
super(GPOTests, self).setUp()
self.server = os.environ["SERVER"]
self.lp = LoadParm()
self.lp.load_default()
self.creds = self.insta_creds(template=self.get_credentials())
def tearDown(self):
super(GPOTests, self).tearDown()
def test_gpo_list(self):
global poldir, dspath
ads = gpo.ADS_STRUCT(self.server, self.lp, self.creds)
if ads.connect():
gpos = ads.get_gpo_list(self.creds.get_username())
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
names = ['Local Policy', guid]
file_sys_paths = [None, '%s\\%s' % (poldir, guid)]
ds_paths = [None, 'CN=%s,%s' % (guid, dspath)]
for i in range(0, len(gpos)):
assert gpos[i].name == names[i], \
'The gpo name did not match expected name %s' % gpos[i].name
assert gpos[i].file_sys_path == file_sys_paths[i], \
'file_sys_path did not match expected %s' % gpos[i].file_sys_path
assert gpos[i].ds_path == ds_paths[i], \
'ds_path did not match expected %s' % gpos[i].ds_path
def test_gpo_ads_does_not_segfault(self):
try:
ads = gpo.ADS_STRUCT(self.server, 42, self.creds)
except:
pass
def test_gpt_version(self):
global gpt_data
local_path = self.lp.get("path", "sysvol")
policies = 'addom.samba.example.com/Policies'
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
gpo_path = os.path.join(local_path, policies, guid)
old_vers = gpo.gpo_get_sysvol_gpt_version(gpo_path)[1]
with open(os.path.join(gpo_path, 'GPT.INI'), 'w') as gpt:
gpt.write(gpt_data % 42)
assert gpo.gpo_get_sysvol_gpt_version(gpo_path)[1] == 42, \
'gpo_get_sysvol_gpt_version() did not return the expected version'
with open(os.path.join(gpo_path, 'GPT.INI'), 'w') as gpt:
gpt.write(gpt_data % old_vers)
assert gpo.gpo_get_sysvol_gpt_version(gpo_path)[1] == old_vers, \
'gpo_get_sysvol_gpt_version() did not return the expected version'
def test_setntacl(self):
random.seed()
lp = LoadParm()
path = os.environ['SELFTEST_PREFIX']
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
tempf = os.path.join(path,
"pytests" + str(int(100000 * random.random())))
ntacl = xattr.NTACL()
ntacl.version = 1
open(tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(path, "eadbtest.tdb"))
setntacl(lp, tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467")
os.unlink(tempf)
def wait_for_drs_replication(ldap_filter,
attrs=None,
base=None,
scope=ldb.SCOPE_SUBTREE,
lp=None,
timeout=360,
delta_t=1,
verbose=True):
if not package_installed('univention-samba4'):
if verbose:
print 'wait_for_drs_replication(): skip, univention-samba4 not installed.'
return
if not lp:
lp = LoadParm()
lp.load('/etc/samba/smb.conf')
if not attrs:
attrs = ['dn']
elif not isinstance(attrs, list):
attrs = [attrs]
samdb = SamDB("tdb://%s" % lp.private_path("sam.ldb"),
session_info=system_session(lp),
lp=lp)
controls = ["domain_scope:0"]
if base is None:
base = samdb.domain_dn()
if not base or base == 'None':
if verbose:
print 'wait_for_drs_replication(): skip, no samba domain found'
return
if verbose:
print "Waiting for DRS replication, filter: '%s'" % (ldap_filter, ),
t = t0 = time.time()
while t < t0 + timeout:
try:
res = samdb.search(base=base,
scope=scope,
expression=ldap_filter,
attrs=attrs,
controls=controls)
if res:
if verbose:
print "\nDRS replication took %d seconds" % (t - t0, )
return res
except ldb.LdbError as (_num, msg):
print "Error during samdb.search: %s" % (msg, )
print '.',
time.sleep(delta_t)
t = time.time()
class GPOTests(tests.TestCase):
def setUp(self):
super(GPOTests, self).setUp()
self.server = os.environ["SERVER"]
self.lp = LoadParm()
self.lp.load_default()
self.creds = self.insta_creds(template=self.get_credentials())
def tearDown(self):
super(GPOTests, self).tearDown()
def test_gpo_list(self):
global poldir, dspath
ads = gpo.ADS_STRUCT(self.server, self.lp, self.creds)
if ads.connect():
gpos = ads.get_gpo_list(self.creds.get_username())
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
names = ['Local Policy', guid]
file_sys_paths = [None, '%s\\%s' % (poldir, guid)]
ds_paths = [None, 'CN=%s,%s' % (guid, dspath)]
for i in range(0, len(gpos)):
assert gpos[i].name == names[i], \
'The gpo name did not match expected name %s' % gpos[i].name
assert gpos[i].file_sys_path == file_sys_paths[i], \
'file_sys_path did not match expected %s' % gpos[i].file_sys_path
assert gpos[i].ds_path == ds_paths[i], \
'ds_path did not match expected %s' % gpos[i].ds_path
def test_gpo_ads_does_not_segfault(self):
try:
ads = gpo.ADS_STRUCT(self.server, 42, self.creds)
except:
pass
def test_gpt_version(self):
global gpt_data
local_path = self.lp.get("path", "sysvol")
policies = 'addom.samba.example.com/Policies'
guid = '{31B2F340-016D-11D2-945F-00C04FB984F9}'
gpo_path = os.path.join(local_path, policies, guid)
old_vers = gpo.gpo_get_sysvol_gpt_version(gpo_path)[1]
with open(os.path.join(gpo_path, 'GPT.INI'), 'w') as gpt:
gpt.write(gpt_data % 42)
assert gpo.gpo_get_sysvol_gpt_version(gpo_path)[1] == 42, \
'gpo_get_sysvol_gpt_version() did not return the expected version'
with open(os.path.join(gpo_path, 'GPT.INI'), 'w') as gpt:
gpt.write(gpt_data % old_vers)
assert gpo.gpo_get_sysvol_gpt_version(gpo_path)[1] == old_vers, \
'gpo_get_sysvol_gpt_version() did not return the expected version'
class Options:
def __init__(self):
self.function_level = None
self.use_xattrs = "auto"
self.lp = LoadParm();
self.lp.load_default();
self.realm = self.lp.get('realm') #default
self.domain = self.lp.get('workgroup') #default
self.adminpass = ''
self.smbconf = self.lp.configfile
self.server_role = self.lp.get("server role") #default
self.samdb_fill = FILL_FULL #default
self.blank = False
self.partitions_only = False
class AuthSMB4(object):
def __init__(self,user,password):
self.user = user
self.password = password
_isLastErrorAvailable=False
self.lp = LoadParm()
self.lp.load_default()
self.ip = '127.0.0.1'
self.WorkGroup = str(self.lp.get("workgroup"))
self.creds = credentials.Credentials()
self.creds.set_username(self.user)
self.creds.set_password(self.password)
self.creds.set_domain(self.WorkGroup)
self.creds.set_workstation("")
self.logger = logging.getLogger(__name__)
self.logger.addHandler(logging.StreamHandler(sys.stdout))
self.logger.setLevel(logging.INFO)
def Autenticate(self):
try:
session_info_flags = ( AUTH_SESSION_INFO_DEFAULT_GROUPS | AUTH_SESSION_INFO_AUTHENTICATED )
LdapConn = samba.Ldb("ldap://%s" % self.ip,lp=self.lp,credentials=self.creds)
DomainDN = LdapConn.get_default_basedn()
search_filter="sAMAccountName=%s" % self.user
res = LdapConn.search(base=DomainDN, scope=SCOPE_SUBTREE,expression=search_filter, attrs=["dn"])
if len(res) == 0:
return False
user_dn = res[0].dn
session = samba.auth.user_session(LdapConn, lp_ctx=self.lp, dn=user_dn,session_info_flags=session_info_flags)
token = session.security_token
if (token.has_builtin_administrators()):
return True
if(token.is_system()):
return True
except Exception,e:
if(len(e.args)>1):
self.logger.info("%s %s" % (e.args[1],e.args[0]))
self.SetError(e.args[1],e.args[0])
else:
self.logger.info("%s " % (e.args[0]))
self.SetError(e.args,0)
return False
def test_setntacl_forcenative(self):
if os.getuid() == 0:
raise TestSkipped("Running test as root, test skipped")
random.seed()
lp = LoadParm()
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
path = os.environ['SELFTEST_PREFIX']
tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
ntacl = xattr.NTACL()
ntacl.version = 1
open(tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(path,"eadbtest.tdb"))
self.assertRaises(Exception, setntacl, lp, tempf ,acl,
"S-1-5-21-2212615479-2695158682-2101375467","native")
os.unlink(tempf)
def test_vgp_access_add(self):
lp = LoadParm()
lp.load(os.environ['SERVERCONFFILE'])
(result, out, err) = self.runsublevelcmd(
"gpo", ("manage", "access", "add"), self.gpo_guid, "allow",
self.test_user,
lp.get('realm').lower(), "-H", "ldap://%s" % os.environ["SERVER"],
"-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]))
self.assertCmdSuccess(result, out, err, 'Access add failed')
(result, out, err) = self.runsublevelcmd(
"gpo", ("manage", "access", "add"), self.gpo_guid, "deny",
self.test_group,
lp.get('realm').lower(), "-H", "ldap://%s" % os.environ["SERVER"],
"-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]))
self.assertCmdSuccess(result, out, err, 'Access add failed')
allow_entry = '+:%s\\%s:ALL' % (lp.get('realm').lower(),
self.test_user)
deny_entry = '-:%s\\%s:ALL' % (lp.get('realm').lower(),
self.test_group)
(result, out, err) = self.runsublevelcmd(
"gpo", ("manage", "access", "list"), self.gpo_guid, "-H",
"ldap://%s" % os.environ["SERVER"],
"-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]))
self.assertIn(allow_entry, out, 'The test entry was not found!')
self.assertIn(deny_entry, out, 'The test entry was not found!')
(result, out, err) = self.runsublevelcmd(
"gpo", ("manage", "access", "remove"), self.gpo_guid, "allow",
self.test_user,
lp.get('realm').lower(), "-H", "ldap://%s" % os.environ["SERVER"],
"-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]))
self.assertCmdSuccess(result, out, err, 'Access remove failed')
(result, out, err) = self.runsublevelcmd(
"gpo", ("manage", "access", "remove"), self.gpo_guid, "deny",
self.test_group,
lp.get('realm').lower(), "-H", "ldap://%s" % os.environ["SERVER"],
"-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]))
self.assertCmdSuccess(result, out, err, 'Access remove failed')
(result, out, err) = self.runsublevelcmd(
"gpo", ("manage", "access", "list"), self.gpo_guid, "-H",
"ldap://%s" % os.environ["SERVER"],
"-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]))
self.assertNotIn(allow_entry, out, 'The test entry was still found!')
self.assertNotIn(deny_entry, out, 'The test entry was still found!')
class auth_base(object):
def __init__(self, user, password):
self.user = user
self.password = password
self.lp = LoadParm()
self.lp.load_default()
self.ip = '127.0.0.1'
self.WorkGroup = str(self.lp.get("workgroup"))
self.creds = credentials.Credentials()
self.creds.set_username(self.user)
self.creds.set_password(self.password)
self.creds.set_domain(self.WorkGroup)
self.creds.set_workstation("")
def autenticate(self):
try:
session_info_flags = (df_gp1 | df_gp2)
LdapConn = samba.Ldb("ldap://%s" % self.ip,
lp=self.lp,
credentials=self.creds)
DomainDN = LdapConn.get_default_basedn()
search_filter = "sAMAccountName=%s" % self.user
res = LdapConn.search(base=DomainDN,
scope=SCOPE_SUBTREE,
expression=search_filter,
attrs=["dn"])
if len(res) == 0:
return False
user_dn = res[0].dn
session = samba.auth.user_session(
LdapConn,
lp_ctx=self.lp,
dn=user_dn,
session_info_flags=session_info_flags)
token = session.security_token
if (token.has_builtin_administrators()):
return True
if (token.is_system()):
return True
except Exception:
return False
return False
def test_setntacl_invalidbackend(self):
lp = LoadParm()
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
open(self.tempf, 'w').write("empty")
self.assertRaises(XattrBackendError, setntacl, lp, self.tempf, acl,
"S-1-5-21-2212615479-2695158682-2101375467", "ttdb",
os.path.join(self.tempdir, "eadbtest.tdb"))
def __init__(self, username=None, no_dry_run=False, mysql_string=None):
self.lp = LoadParm()
self.lp.set('debug level', '0')
self.lp.load_default()
self.username = username
self.no_dry_run = no_dry_run
self.conn = self._open_mysql_conn(mysql_string)
def test_setntacl_getntacl(self):
random.seed()
lp = LoadParm()
path = None
path = os.environ['SELFTEST_PREFIX']
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
tempf = os.path.join(path,"pytests"+str(int(100000*random.random())))
ntacl = xattr.NTACL()
ntacl.version = 1
open(tempf, 'w').write("empty")
lp.set("posix:eadb",os.path.join(path,"eadbtest.tdb"))
setntacl(lp,tempf,acl,"S-1-5-21-2212615479-2695158682-2101375467")
facl = getntacl(lp,tempf)
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(facl.info.as_sddl(anysid),acl)
os.unlink(tempf)
def __init__(self):
self.samba_lp = LoadParm()
self.samba_lp.set("debug level", "0")
self.samba_lp.load_default()
url = self.samba_lp.get("dcerpc_mapiproxy:samdb_url") or self.samba_lp.private_path("sam.ldb")
self.samdb = SamDB(url=url, lp=self.samba_lp, session_info=system_session())
self.conn = self._open_mysql_connection()
def setUp(self):
super(KCCTests, self).setUp()
self.lp = LoadParm()
self.creds = Credentials()
self.creds.guess(self.lp)
self.creds.set_username(os.environ["USERNAME"])
self.creds.set_password(os.environ["PASSWORD"])
def get_ad_binddn_from_name(base, server, username, password):
lp = LoadParm()
creds = Credentials()
creds.guess(lp)
creds.set_username(username)
creds.set_password(password)
binddn = 'cn=%s,cn=users,%s' % (ldap.dn.escape_dn_chars(username), base)
try:
samdb = SamDB(url='ldap://%s' % server,
session_info=system_session(),
credentials=creds,
lp=lp)
res = samdb.search(base,
scope=ldb.SCOPE_SUBTREE,
expression=ldap.filter.filter_format(
'(samAccountName=%s)', [
username,
]),
attrs=['samaccountname'])
if res.count == 1:
binddn = res.msgs[0].get('dn', idx=0).extended_str()
except ldb.LdbError as ex:
MODULE.warn('get_dn_from_name() could not get binddn for user %s: %s' %
(username, ex))
return binddn
def setUp(self):
super(DCKeytabTests, self).setUp()
self.lp = LoadParm()
self.lp.load_default()
self.creds = self.insta_creds(template=self.get_credentials())
self.ktfile = os.path.join(self.lp.get('private dir'), 'test.keytab')
self.principal = self.creds.get_principal()
def __init__(self, user, password):
self.user = user
self.password = password
_isLastErrorAvailable = False
self.lp = LoadParm()
self.lp.load_default()
self.ip = '127.0.0.1'
self.WorkGroup = str(self.lp.get("workgroup"))
self.creds = credentials.Credentials()
self.creds.set_username(self.user)
self.creds.set_password(self.password)
self.creds.set_domain(self.WorkGroup)
self.creds.set_workstation("")
self.logger = logging.getLogger(__name__)
self.logger.addHandler(logging.StreamHandler(sys.stdout))
self.logger.setLevel(logging.INFO)
def test_setntacl_getntacl(self):
random.seed()
lp = LoadParm()
path = None
path = os.environ['SELFTEST_PREFIX']
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
tempf = os.path.join(path,
"pytests" + str(int(100000 * random.random())))
ntacl = xattr.NTACL()
ntacl.version = 1
open(tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(path, "eadbtest.tdb"))
setntacl(lp, tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467")
facl = getntacl(lp, tempf)
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(facl.info.as_sddl(anysid), acl)
os.unlink(tempf)
def test_setntacl_forcenative(self):
if os.getuid() == 0:
raise TestSkipped("Running test as root, test skipped")
random.seed()
lp = LoadParm()
acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)"
path = os.environ['SELFTEST_PREFIX']
tempf = os.path.join(path,
"pytests" + str(int(100000 * random.random())))
ntacl = xattr.NTACL()
ntacl.version = 1
open(tempf, 'w').write("empty")
lp.set("posix:eadb", os.path.join(path, "eadbtest.tdb"))
self.assertRaises(Exception, setntacl, lp, tempf, acl,
"S-1-5-21-2212615479-2695158682-2101375467",
"native")
os.unlink(tempf)
def test_admx_load(self):
lp = LoadParm()
lp.load(os.environ['SERVERCONFFILE'])
local_path = lp.get('path', 'sysvol')
admx_path = os.path.join(local_path, os.environ['REALM'].lower(),
'Policies', 'PolicyDefinitions')
(result, out, err) = self.runsubcmd(
"gpo", "admxload", "-H", "ldap://%s" % os.environ["SERVER"],
"--admx-dir=%s" % os.path.join(source_path, 'libgpo/admx'),
"-U%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"]))
self.assertCmdSuccess(result, out, err,
'Filling PolicyDefinitions failed')
self.assertTrue(os.path.exists(admx_path),
'PolicyDefinitions was not created')
self.assertTrue(os.path.exists(os.path.join(admx_path, 'samba.admx')),
'Filling PolicyDefinitions failed')
shutil.rmtree(admx_path)
class SambaOCHelper(object):
def __init__(self):
self.samba_lp = LoadParm()
self.samba_lp.set('debug level', '0')
self.samba_lp.load_default()
url = self.samba_lp.get('dcerpc_mapiproxy:samdb_url') or \
self.samba_lp.private_path("sam.ldb")
self.samdb = SamDB(url=url,
lp=self.samba_lp,
session_info=system_session())
self.conn = self._open_mysql_connection()
def _open_mysql_connection(self):
connection_string = self.samba_lp.get('mapiproxy:openchangedb')
if not connection_string:
raise Exception("Not found mapiproxy:openchangedb on samba configuration")
# mysql://openchange:password@localhost/openchange
m = re.search(r'(?P<scheme>.+)://(?P<user>.+):(?P<pass>.+)@(?P<host>.+)/(?P<db>.+)',
connection_string)
if not m:
raise Exception("Unable to parse mapiproxy:openchangedb: %s" %
connection_string)
group_dict = m.groupdict()
if group_dict['scheme'] != 'mysql':
raise Exception("mapiproxy:openchangedb should start with mysql:// (we got %s)",
group_dict['scheme'])
conn = MySQLdb.connect(host=group_dict['host'], user=group_dict['user'],
passwd=group_dict['pass'], db=group_dict['db'])
conn.autocommit(True)
return conn
def invalid_user(self, username):
ret = self.samdb.search(base=self.samdb.domain_dn(),
scope=ldb.SCOPE_SUBTREE,
expression="(sAMAccountName=%s)" % ldb.binary_encode(username))
return len(ret) != 1
def find_email_of(self, username):
ret = self.samdb.search(base=self.samdb.domain_dn(),
scope=ldb.SCOPE_SUBTREE, attrs=["mail"],
expression="(sAMAccountName=%s)" % ldb.binary_encode(username))
return ret[0]["mail"][0]
def active_openchange_users(self):
c = self.conn.cursor()
c.execute("SELECT name FROM mailboxes")
return sorted([row[0] for row in c.fetchall()])
def get_indexing_cache(self):
memcached_server = self.samba_lp.get('mapistore:indexing_cache')
if not memcached_server:
return "127.0.0.1:11211"
# This should has a format like: --SERVER=11.22.33.44:11211
return memcached_server.split('=')[1]
def __init__(self,user,password): self.user = user self.password = password _isLastErrorAvailable=False self.lp = LoadParm() self.lp.load_default() self.logger = logging.getLogger(__name__) self.logger.addHandler(logging.StreamHandler(sys.stdout)) self.logger.setLevel(logging.INFO)
def __init__(self):
self.samba_lp = LoadParm()
self.samba_lp.set('debug level', '0')
self.samba_lp.load_default()
self.next_fmid = None
url = self.samba_lp.get('dcerpc_mapiproxy:samdb_url') or \
self.samba_lp.private_path("sam.ldb")
self.samdb = SamDB(url=url,
lp=self.samba_lp,
session_info=system_session())
self.conn = self._open_mysql_connection()
def apply(cls, cur, **kwargs):
# Mimetise what mapistore_interface.c (mapistore_init) does
# to get the mapping path
if 'lp' in kwargs:
mapping_path = kwargs['lp'].private_path("mapistore")
else:
lp = LoadParm()
lp.load_default()
mapping_path = lp.private_path("mapistore")
if mapping_path is None:
return
cur.execute("START TRANSACTION")
try:
# Get all mailboxes
cur.execute("SELECT name FROM mailboxes")
for row in cur.fetchall():
username = row[0]
path = "{0}/{1}/replica_mapping.tdb".format(mapping_path, username)
try:
tdb_file = tdb.Tdb(path, 0, tdb.DEFAULT, os.O_RDONLY)
for k in tdb_file.iterkeys():
# Check if the key is an integer
try:
repl_id = int(k, base=16)
cls._insert_map(cur, username, repl_id, tdb_file[k])
except ValueError:
# Cannot convert to int, so no repl_id
continue
except IOError:
# Cannot read any replica mapping
continue
cur.execute("COMMIT")
except Exception as e:
print("Error migrating TDB files into the database {}, rollback".format(e), file=sys.stderr)
cur.execute("ROLLBACK")
raise
class AuthBase(object): def __init__(self,user,password): self.user = user self.password = password _isLastErrorAvailable=False self.lp = LoadParm() self.lp.load_default() self.logger = logging.getLogger(__name__) self.logger.addHandler(logging.StreamHandler(sys.stdout)) self.logger.setLevel(logging.INFO) def Autenticate(self): pass def SetError(self,message,number=-1): self.LastErrorStr = message self.LastErrorNumber = number #self.Log.LogError(message) self._isLastErrorAvailable=True def IHaveError(self): return self._isLastErrorAvailable
def upgrade_smbconf(oldconf,mark):
"""Remove configuration variables not present in Samba4
:param oldconf: Old configuration structure
:param mark: Whether removed configuration variables should be
kept in the new configuration as "samba3:<name>"
"""
data = oldconf.data()
newconf = LoadParm()
for s in data:
for p in data[s]:
keep = False
for k in smbconf_keep:
if smbconf_keep[k] == p:
keep = True
break
if keep:
newconf.set(s, p, oldconf.get(s, p))
elif mark:
newconf.set(s, "samba3:"+p, oldconf.get(s,p))
return newconf
def __init__(self, parser):
from samba.param import LoadParm
optparse.OptionGroup.__init__(self, parser, "Samba Common Options")
self.add_option("-s", "--configfile", action="callback",
type=str, metavar="FILE", help="Configuration file",
callback=self._load_configfile)
self.add_option("-d", "--debuglevel", action="callback",
type=int, metavar="DEBUGLEVEL", help="debug level",
callback=self._set_debuglevel)
self.add_option("--option", action="callback",
type=str, metavar="OPTION", help="set smb.conf option from command line",
callback=self._set_option)
self.add_option("--realm", action="callback",
type=str, metavar="REALM", help="set the realm name",
callback=self._set_realm)
self._configfile = None
self._lp = LoadParm()
class SambaOCHelper(object):
def __init__(self):
self.samba_lp = LoadParm()
self.samba_lp.set("debug level", "0")
self.samba_lp.load_default()
url = self.samba_lp.get("dcerpc_mapiproxy:samdb_url") or self.samba_lp.private_path("sam.ldb")
self.samdb = SamDB(url=url, lp=self.samba_lp, session_info=system_session())
self.conn = self._open_mysql_connection()
def _open_mysql_connection(self):
connection_string = self.samba_lp.get("mapiproxy:openchangedb")
if not connection_string:
raise Exception("Not found mapiproxy:openchangedb on samba configuration")
# mysql://openchange:password@localhost/openchange
m = re.search(r"(?P<scheme>.+)://(?P<user>.+):(?P<pass>.+)@(?P<host>.+)/(?P<db>.+)", connection_string)
if not m:
raise Exception("Unable to parse mapiproxy:openchangedb: %s" % connection_string)
group_dict = m.groupdict()
if group_dict["scheme"] != "mysql":
raise Exception("mapiproxy:openchangedb should start with mysql:// (we got %s)", group_dict["scheme"])
conn = MySQLdb.connect(
host=group_dict["host"], user=group_dict["user"], passwd=group_dict["pass"], db=group_dict["db"]
)
conn.autocommit(True)
return conn
def invalid_user(self, username):
ret = self.samdb.search(
base=self.samdb.domain_dn(),
scope=ldb.SCOPE_SUBTREE,
expression="(sAMAccountName=%s)" % ldb.binary_encode(username),
)
return len(ret) != 1
def find_email_of(self, username):
ret = self.samdb.search(
base=self.samdb.domain_dn(),
scope=ldb.SCOPE_SUBTREE,
attrs=["mail"],
expression="(sAMAccountName=%s)" % ldb.binary_encode(username),
)
return ret[0]["mail"][0]
def active_openchange_users(self):
c = self.conn.cursor()
c.execute("SELECT name FROM mailboxes")
return sorted([row[0] for row in c.fetchall()])
def __init__(self,user,password):
self.user = user
self.password = password
_isLastErrorAvailable=False
self.lp = LoadParm()
self.lp.load_default()
self.ip = '127.0.0.1'
self.WorkGroup = str(self.lp.get("workgroup"))
self.creds = credentials.Credentials()
self.creds.set_username(self.user)
self.creds.set_password(self.password)
self.creds.set_domain(self.WorkGroup)
self.creds.set_workstation("")
self.logger = logging.getLogger(__name__)
self.logger.addHandler(logging.StreamHandler(sys.stdout))
self.logger.setLevel(logging.INFO)
class SambaOptions(optparse.OptionGroup):
"""General Samba-related command line options."""
def __init__(self, parser):
from samba.param import LoadParm
optparse.OptionGroup.__init__(self, parser, "Samba Common Options")
self.add_option("-s", "--configfile", action="callback",
type=str, metavar="FILE", help="Configuration file",
callback=self._load_configfile)
self.add_option("-d", "--debuglevel", action="callback",
type=int, metavar="DEBUGLEVEL", help="debug level",
callback=self._set_debuglevel)
self.add_option("--option", action="callback",
type=str, metavar="OPTION",
help="set smb.conf option from command line",
callback=self._set_option)
self.add_option("--realm", action="callback",
type=str, metavar="REALM", help="set the realm name",
callback=self._set_realm)
self._configfile = None
self._lp = LoadParm()
self.realm = None
def get_loadparm_path(self):
"""Return path to the smb.conf file specified on the command line."""
return self._configfile
def _load_configfile(self, option, opt_str, arg, parser):
self._configfile = arg
def _set_debuglevel(self, option, opt_str, arg, parser):
if arg < 0:
raise optparse.OptionValueError("invalid %s option value: %s" %
(opt_str, arg))
self._lp.set('debug level', str(arg))
def _set_realm(self, option, opt_str, arg, parser):
self._lp.set('realm', arg)
self.realm = arg
def _set_option(self, option, opt_str, arg, parser):
if arg.find('=') == -1:
raise optparse.OptionValueError(
"--option option takes a 'a=b' argument")
a = arg.split('=')
try:
self._lp.set(a[0], a[1])
except Exception, e:
raise optparse.OptionValueError(
"invalid --option option value %r: %s" % (arg, e))
import ldb
from samba.ndr import ndr_pack, ndr_unpack
from samba.dcerpc import security
from samba.idmap import IDmapDB
from samba.auth import system_session
from samba.param import LoadParm
name='samba4-idmap'
description='Update local IDmap entries'
filter='(&(|(objectClass=sambaSamAccount)(objectClass=sambaGroupMapping))(sambaSID=*))'
attributes=['sambaSID', 'univentionSamba4SID', 'uidNumber', 'gidNumber']
modrdn='1'
### Globals
lp = LoadParm()
lp.load('/etc/samba/smb.conf')
sidAttribute='sambaSID'
if listener.configRegistry.is_false('connector/s4/mapping/sid', False):
sidAttribute='univentionSamba4SID'
def open_idmap():
global lp
listener.setuid(0)
try:
idmap = IDmapDB('/var/lib/samba/private/idmap.ldb', session_info=system_session(), lp=lp)
except ldb.LdbError:
univention.debug.debug(univention.debug.LISTENER, univention.debug.ERROR,
"%s: /var/lib/samba/private/idmap.ldb could not be opened" % name )
class MigrationFix(object):
def __init__(self, username=None, no_dry_run=False, mysql_string=None):
self.lp = LoadParm()
self.lp.set('debug level', '0')
self.lp.load_default()
self.username = username
self.no_dry_run = no_dry_run
self.conn = self._open_mysql_conn(mysql_string)
def _open_mysql_conn(self, mysql_conn):
if mysql_conn is None:
conn_str = self.lp.get('mapiproxy:openchangedb')
else:
conn_str = mysql_conn
if not conn_str:
raise Exception("No mysql connection string specified and no mapiproxy:openchangedb param option found")
# mysql://openchange:password@localhost/openchange
m = re.search('(?P<scheme>.+)://(?P<user>.+):(?P<pass>.+)@'
'(?P<host>.+)/(?P<db>.+)',
conn_str)
if not m:
raise Exception("Unable to parse mysql connection string: %s" % conn_str)
group_dict = m.groupdict()
if group_dict['scheme'] != 'mysql':
raise Exception("mysql connection string should start with mysql:// (got %s)", group_dict['scheme'])
conn = MySQLdb.connect(host=group_dict['host'], user=group_dict['user'],
passwd=group_dict['pass'], db=group_dict['db'])
conn.autocommit(True)
return conn
def fix(self, username, folder_id, uri, mailbox_id, ou_id):
error = False
c = self.conn.cursor()
c.execute("SELECT fmid FROM mapistore_indexing WHERE username=%s AND url=%s", (username,uri))
result = c.fetchone()
if result is None:
print '[KO]: %s: could not find fmid for %s' % (username, uri)
return True
fmid = result[0]
if str(fmid) != str(folder_id):
error = True
if self.no_dry_run is True:
c = self.conn.cursor()
c.execute("UPDATE folders SET folder_id=%s WHERE MAPIStoreURI=%s AND mailbox_id=%s AND ou_id=%s", (fmid, uri, mailbox_id, ou_id))
print '[FIX]: %s: folder_id for %s has been fixed and is now set to %s' % (username, uri, folder_id)
else:
print '[KO]: %s: Mismatch for %s: found %s, expected %s' % (username, uri, folder_id, fmid)
return error
def run_all(self):
c = self.conn.cursor()
c.execute("SELECT id,ou_id,name FROM mailboxes")
rows = c.fetchall()
for row in rows:
mailbox_id = row[0]
ou_id = row[1]
username = row[2]
# Retrieve all MAPIStoreURI from folders table for username
c = self.conn.cursor()
c.execute("SELECT folder_id,MAPIStoreURI FROM folders WHERE mailbox_id=%s AND ou_id=%s AND MAPIStoreURI!=\"\"", (mailbox_id,ou_id))
frows = c.fetchall()
# Now check in mapistore_indexing if fmid are matching for given URI
gl_error = False
for frow in frows:
folder_id = frow[0]
uri = frow[1]
error = self.fix(username, folder_id, uri, mailbox_id, ou_id)
if error is True:
gl_error = True
if gl_error is False:
print '[OK]: %s is OK' % (username)
def run(self):
# Retrieve username id, ou_id
c = self.conn.cursor()
c.execute("SELECT id,ou_id FROM mailboxes WHERE name=%s", self.username)
(mailbox_id,ou_id) = c.fetchone()
# Retrieve all MAPIStoreURI from folders table for username
c = self.conn.cursor()
c.execute("SELECT folder_id,MAPIStoreURI FROM folders WHERE mailbox_id=%s AND ou_id=%s AND MAPIStoreURI!=\"\"", (mailbox_id,ou_id))
rows = c.fetchall()
# Now check in mapistore_indexing if fmid are matching for given URI
for row in rows:
folder_id = row[0]
uri = row[1]
self.fix(self.username, folder_id, uri, mailbox_id, ou_id)
class SambaOCHelper(object):
def __init__(self):
self.samba_lp = LoadParm()
self.samba_lp.set('debug level', '0')
self.samba_lp.load_default()
self.next_fmid = None
url = self.samba_lp.get('dcerpc_mapiproxy:samdb_url') or \
self.samba_lp.private_path("sam.ldb")
self.samdb = SamDB(url=url,
lp=self.samba_lp,
session_info=system_session())
self.conn = self._open_mysql_connection()
def _open_mysql_connection(self):
connection_string = self.samba_lp.get('mapiproxy:openchangedb')
if not connection_string:
raise Exception("Not found mapiproxy:openchangedb on samba configuration")
# mysql://openchange:password@localhost/openchange
m = re.search(r'(?P<scheme>.+)://(?P<user>.+):(?P<pass>.+)@(?P<host>.+)/(?P<db>.+)',
connection_string)
if not m:
raise Exception("Unable to parse mapiproxy:openchangedb: %s" %
connection_string)
group_dict = m.groupdict()
if group_dict['scheme'] != 'mysql':
raise Exception("mapiproxy:openchangedb should start with mysql:// (we got %s)",
group_dict['scheme'])
conn = MySQLdb.connect(host=group_dict['host'], user=group_dict['user'],
passwd=group_dict['pass'], db=group_dict['db'])
conn.autocommit(True)
return conn
def invalid_user(self, username):
ret = self.samdb.search(base=self.samdb.domain_dn(),
scope=ldb.SCOPE_SUBTREE,
expression="(sAMAccountName=%s)" % ldb.binary_encode(username))
return len(ret) != 1
def find_email_of(self, username):
ret = self.samdb.search(base=self.samdb.domain_dn(),
scope=ldb.SCOPE_SUBTREE, attrs=["mail"],
expression="(sAMAccountName=%s)" % ldb.binary_encode(username))
return ret[0]["mail"][0]
def active_openchange_users(self):
c = self.conn.cursor()
c.execute("SELECT name FROM mailboxes")
return sorted([row[0] for row in c.fetchall()])
def allocate_fmids(self, count, username):
if self.next_fmid is None:
c = self.conn.cursor()
c.execute("SELECT next_fmid FROM mapistore_indexes WHERE username = '******'" % username)
self.next_fmid = c.fetchone()[0]
if self.next_fmid is not None:
self.next_fmid = int(self.next_fmid) + count
return (int(self.next_fmid) - count, self.next_fmid)
def create_indexes(self, username):
c = self.conn.cursor()
c.execute("INSERT INTO mapistore_indexes (username,next_fmid) VALUES('%s','1024')" % (username))
return
def commit_start(self):
self.conn.autocommit(False)
def insert_indexing(self, username, fmid, url):
c = self.conn.cursor()
c.execute("INSERT INTO mapistore_indexing (username,fmid,url,soft_deleted) VALUES('%s','%s','%s', '0')" % (username, str(fmid), url))
def update_indexes(self, count, username):
c = self.conn.cursor()
updated_number = int(count) + int(self.next_fmid)
print "Updating next_fmid to %s" % str(updated_number)
c.execute("UPDATE mapistore_indexes SET next_fmid='%s' WHERE username='******'" % (str(updated_number), username))
def commit_end(self):
c = self.conn.cursor()
self.conn.commit()
c.close()
self.conn.autocommit(True)
class SambaOptions(optparse.OptionGroup):
"""General Samba-related command line options."""
def __init__(self, parser):
from samba.param import LoadParm
optparse.OptionGroup.__init__(self, parser, "Samba Common Options")
self.add_option("-s", "--configfile", action="callback",
type=str, metavar="FILE", help="Configuration file",
callback=self._load_configfile)
self.add_option("-d", "--debuglevel", action="callback",
type=int, metavar="DEBUGLEVEL", help="debug level",
callback=self._set_debuglevel)
self.add_option("--option", action="callback",
type=str, metavar="OPTION", help="set smb.conf option from command line",
callback=self._set_option)
self.add_option("--realm", action="callback",
type=str, metavar="REALM", help="set the realm name",
callback=self._set_realm)
self._configfile = None
self._lp = LoadParm()
def get_loadparm_path(self):
"""Return the path to the smb.conf file specified on the command line. """
return self._configfile
def _load_configfile(self, option, opt_str, arg, parser):
self._configfile = arg
def _set_debuglevel(self, option, opt_str, arg, parser):
self._lp.set('debug level', str(arg))
def _set_realm(self, option, opt_str, arg, parser):
self._lp.set('realm', arg)
def _set_option(self, option, opt_str, arg, parser):
if arg.find('=') == -1:
print("--option takes a 'a=b' argument")
sys.exit(1)
a = arg.split('=')
self._lp.set(a[0], a[1])
def get_loadparm(self):
"""Return a loadparm object with data specified on the command line. """
if self._configfile is not None:
self._lp.load(self._configfile)
elif os.getenv("SMB_CONF_PATH") is not None:
self._lp.load(os.getenv("SMB_CONF_PATH"))
else:
self._lp.load_default()
return self._lp
def get_hostconfig(self):
return Hostconfig(self.get_loadparm())
