def Autenticate(self):
try:
session_info_flags = (AUTH_SESSION_INFO_DEFAULT_GROUPS
| AUTH_SESSION_INFO_AUTHENTICATED)
LdapConn = samba.Ldb("ldap://%s" % self.ip,
lp=self.lp,
credentials=self.creds)
DomainDN = LdapConn.get_default_basedn()
search_filter = "sAMAccountName=%s" % self.user
res = LdapConn.search(base=DomainDN,
scope=SCOPE_SUBTREE,
expression=search_filter,
attrs=["dn"])
if len(res) == 0:
return False
user_dn = res[0].dn
session = samba.auth.user_session(
LdapConn,
lp_ctx=self.lp,
dn=user_dn,
session_info_flags=session_info_flags)
token = session.security_token
if (token.has_builtin_administrators()):
return True
if (token.is_system()):
return True
except Exception, e:
return False
def set_modules(self, modules=[]):
"""Change the modules for this Ldb."""
m = ldb.Message()
m.dn = ldb.Dn(self.ldb, "@MODULES")
m["@LIST"] = ",".join(modules)
self.ldb.add(m)
self.ldb = samba.Ldb(self.filename)
def test_dsdb_Dn_binary(self):
url = self.tempdir + "/test_dsdb_Dn_binary.ldb"
sam = samba.Ldb(url=url)
dn1 = dsdb_Dn(sam, "DC=foo,DC=bar")
dn2 = dsdb_Dn(sam, "B:8:0000000D:<GUID=b3f0ec29-17f4-452a-b002-963e1909d101>;DC=samba,DC=example,DC=com")
self.assertEquals(dn2.binary, "0000000D")
self.assertEquals(13, dn2.get_binary_integer())
os.unlink(url)
def test_searchone(self):
path = self.tempdir + "/searchone.ldb"
l = samba.Ldb(path)
try:
l.add({"dn": "foo=dc", "bar": "bla"})
self.assertEquals("bla",
l.searchone(basedn=ldb.Dn(l, "foo=dc"), attribute="bar"))
finally:
del l
os.unlink(path)
def _connect(username, password, hostname='localhost'):
try:
creds = credentials.Credentials()
creds.set_username(username)
creds.set_password(password)
creds.set_domain("")
creds.set_workstation("")
conn = samba.Ldb("ldap://" + hostname, lp=lp, credentials=creds)
except Exception, e:
return False
def _connect(self):
try:
username = session['username']
password = session['password']
creds = credentials.Credentials()
creds.set_username(username)
creds.set_password(password)
#creds.set_domain("SAMDOM")
creds.set_domain("")
creds.set_workstation("")
self.conn = samba.Ldb("ldap://127.0.0.1",
lp=self.lp,
credentials=creds)
except Exception, e:
raise
def _connect(self):
try:
self.creds = credentials.Credentials()
self.creds.set_username(self.username)
self.creds.set_password(self.password)
#self.creds.set_domain("SAMDOM")
self.creds.set_domain("")
self.creds.set_workstation("")
self.LdapConn = samba.Ldb("ldap://127.0.0.1",lp=self.lp,credentials=self.creds)
self.samrpipe = samr.samr("ncalrpc:", self.lp, self.creds)
self.connect_handle = self.samrpipe.Connect(None, security.SEC_FLAG_MAXIMUM_ALLOWED)
except ldb.LdbError, (num, msg):
self.SetError(msg,num)
return False;
def setUp(self):
super(ASQLDAPTest, self).setUp()
self.ldb = samba.Ldb(url,
credentials=creds,
session_info=system_session(lp),
lp=lp)
self.base_dn = self.ldb.get_default_basedn()
self.NAME_ASQ = "asq_" + format(random.randint(0, 99999), "05")
self.OU_NAME_ASQ = self.NAME_ASQ + "_ou"
self.ou_dn = ldb.Dn(self.ldb,
"ou=" + self.OU_NAME_ASQ + "," + str(self.base_dn))
samba.tests.delete_force(self.ldb,
self.ou_dn,
controls=['tree_delete:1'])
self.ldb.add({
"dn": self.ou_dn,
"objectclass": "organizationalUnit",
"ou": self.OU_NAME_ASQ
})
self.members = []
self.members2 = []
for x in range(20):
name = self.NAME_ASQ + "_" + str(x)
dn = ldb.Dn(self.ldb, "cn=" + name + "," + str(self.ou_dn))
self.members.append(dn)
self.ldb.add({"dn": dn, "objectclass": "group"})
for x in range(20):
name = self.NAME_ASQ + "_" + str(x + 20)
dn = ldb.Dn(self.ldb, "cn=" + name + "," + str(self.ou_dn))
self.members2.append(dn)
self.ldb.add({
"dn": dn,
"objectclass": "group",
"member": [str(x) for x in self.members]
})
name = self.NAME_ASQ + "_" + str(x + 40)
self.top_dn = ldb.Dn(self.ldb, "cn=" + name + "," + str(self.ou_dn))
self.ldb.add({
"dn": self.top_dn,
"objectclass": "group",
"member": [str(x) for x in self.members2]
})
def test_dsdb_Dn_sorted(self):
url = self.tempdir + "/test_dsdb_Dn_sorted.ldb"
sam = samba.Ldb(url=url)
try:
dn1 = dsdb_Dn(
sam,
"B:8:0000000D:<GUID=b3f0ec29-17f4-452a-b002-963e1909d101>;OU=dn1,DC=samba,DC=example,DC=com"
)
dn2 = dsdb_Dn(
sam,
"B:8:0000000C:<GUID=b3f0ec29-17f4-452a-b002-963e1909d101>;OU=dn1,DC=samba,DC=example,DC=com"
)
dn3 = dsdb_Dn(
sam,
"B:8:0000000F:<GUID=00000000-17f4-452a-b002-963e1909d101>;OU=dn3,DC=samba,DC=example,DC=com"
)
dn4 = dsdb_Dn(
sam,
"B:8:00000000:<GUID=ffffffff-17f4-452a-b002-963e1909d101>;OU=dn4,DC=samba,DC=example,DC=com"
)
dn5 = dsdb_Dn(
sam,
"<GUID=ffffffff-27f4-452a-b002-963e1909d101>;OU=dn5,DC=samba,DC=example,DC=com"
)
dn6 = dsdb_Dn(
sam,
"<GUID=00000000-27f4-452a-b002-963e1909d101>;OU=dn6,DC=samba,DC=example,DC=com"
)
unsorted_links14 = [dn1, dn2, dn3, dn4]
sorted_vals14 = [str(dn) for dn in sorted(unsorted_links14)]
self.assertEquals(sorted_vals14[0], str(dn3))
self.assertEquals(sorted_vals14[1], str(dn2))
self.assertEquals(sorted_vals14[2], str(dn1))
self.assertEquals(sorted_vals14[3], str(dn4))
unsorted_links56 = [dn5, dn6]
sorted_vals56 = [str(dn) for dn in sorted(unsorted_links56)]
self.assertEquals(sorted_vals56[0], str(dn6))
self.assertEquals(sorted_vals56[1], str(dn5))
finally:
del sam
os.unlink(url)
def Autenticate(self):
try:
session_info_flags = (AUTH_SESSION_INFO_DEFAULT_GROUPS
| AUTH_SESSION_INFO_AUTHENTICATED)
# When connecting to a remote server, don't look up the local privilege DB
#if self.url is not None and self.url.startswith('ldap'):
# session_info_flags |= AUTH_SESSION_INFO_SIMPLE_PRIVILEGES
LdapConn = samba.Ldb("ldap://%s" % self.ip,
lp=self.lp,
credentials=self.creds)
DomainDN = LdapConn.get_default_basedn()
search_filter = "sAMAccountName=%s" % self.user
res = LdapConn.search(base=DomainDN,
scope=SCOPE_SUBTREE,
expression=search_filter,
attrs=["dn"])
if len(res) == 0:
return False
user_dn = res[0].dn
session = samba.auth.user_session(
LdapConn,
lp_ctx=self.lp,
dn=user_dn,
session_info_flags=session_info_flags)
token = session.security_token
if (token.has_builtin_administrators()):
return True
if (token.is_system()):
return True
except Exception, e:
if (len(e.args) > 1):
self.logger.info("%s %s" % (e.args[1], e.args[0]))
self.SetError(e.args[1], e.args[0])
else:
self.logger.info("%s " % (e.args[0]))
self.SetError(e.args, 0)
def setUp(self):
super(LdbTestCase, self).setUp()
self.tempfile = tempfile.NamedTemporaryFile(delete=False)
self.filename = self.tempfile.name
self.ldb = samba.Ldb(self.filename)
def setUp(self):
super(LdbTestCase, self).setUp()
self.filename = os.tempnam()
self.ldb = samba.Ldb(self.filename)
def create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid):
"""Create a copy of samdb and give write permissions to named for dns partitions
"""
private_dir = paths.private_dir
samldb_dir = os.path.join(private_dir, "sam.ldb.d")
dns_dir = os.path.dirname(paths.dns)
dns_samldb_dir = os.path.join(dns_dir, "sam.ldb.d")
# Find the partitions and corresponding filenames
partfile = {}
res = samdb.search(base="@PARTITION",
scope=ldb.SCOPE_BASE,
attrs=["partition"])
for tmp in res[0]["partition"]:
(nc, fname) = tmp.split(':')
partfile[nc.upper()] = fname
# Create empty domain partition
domaindn = names.domaindn.upper()
domainpart_file = os.path.join(dns_dir, partfile[domaindn])
try:
os.mkdir(dns_samldb_dir)
file(domainpart_file, 'w').close()
# Fill the basedn and @OPTION records in domain partition
dom_ldb = samba.Ldb(domainpart_file)
domainguid_line = "objectGUID: %s\n-" % domainguid
descr = b64encode(get_domain_descriptor(domainsid))
setup_add_ldif(
dom_ldb, setup_path("provision_basedn.ldif"), {
"DOMAINDN": names.domaindn,
"DOMAINGUID": domainguid_line,
"DOMAINSID": str(domainsid),
"DESCRIPTOR": descr
})
setup_add_ldif(dom_ldb, setup_path("provision_basedn_options.ldif"),
None)
except:
logger.error(
"Failed to setup database for BIND, AD based DNS cannot be used")
raise
# This line is critical to the security of the whole scheme.
# We assume there is no secret data in the (to be left out of
# date and essentially read-only) config, schema and metadata partitions.
#
# Only the stub of the domain partition is created above.
#
# That way, things like the krbtgt key do not leak.
del partfile[domaindn]
# Link dns partitions and metadata
domainzonedn = "DC=DOMAINDNSZONES,%s" % names.domaindn.upper()
forestzonedn = "DC=FORESTDNSZONES,%s" % names.rootdn.upper()
domainzone_file = partfile[domainzonedn]
forestzone_file = partfile.get(forestzonedn)
metadata_file = "metadata.tdb"
try:
os.link(os.path.join(samldb_dir, metadata_file),
os.path.join(dns_samldb_dir, metadata_file))
os.link(os.path.join(private_dir, domainzone_file),
os.path.join(dns_dir, domainzone_file))
if forestzone_file:
os.link(os.path.join(private_dir, forestzone_file),
os.path.join(dns_dir, forestzone_file))
except OSError:
logger.error(
"Failed to setup database for BIND, AD based DNS cannot be used")
raise
del partfile[domainzonedn]
if forestzone_file:
del partfile[forestzonedn]
# Copy root, config, schema partitions (and any other if any)
# Since samdb is open in the current process, copy them in a child process
try:
tdb_copy(os.path.join(private_dir, "sam.ldb"),
os.path.join(dns_dir, "sam.ldb"))
for nc in partfile:
pfile = partfile[nc]
tdb_copy(os.path.join(private_dir, pfile),
os.path.join(dns_dir, pfile))
except:
logger.error(
"Failed to setup database for BIND, AD based DNS cannot be used")
raise
# Give bind read/write permissions dns partitions
if paths.bind_gid is not None:
try:
os.chown(samldb_dir, -1, paths.bind_gid)
os.chmod(samldb_dir, 0750)
for dirname, dirs, files in os.walk(dns_dir):
for d in dirs:
dpath = os.path.join(dirname, d)
os.chown(dpath, -1, paths.bind_gid)
os.chmod(dpath, 0770)
for f in files:
if f.endswith('.ldb') or f.endswith('.tdb'):
fpath = os.path.join(dirname, f)
os.chown(fpath, -1, paths.bind_gid)
os.chmod(fpath, 0660)
except OSError:
if not os.environ.has_key('SAMBA_SELFTEST'):
logger.error(
"Failed to set permissions to sam.ldb* files, fix manually"
)
else:
if not os.environ.has_key('SAMBA_SELFTEST'):
logger.warning("""Unable to find group id for BIND,
set permissions to sam.ldb* files manually""")
def setUp(self):
self.filename = os.tempnam()
self.ldb = samba.Ldb(self.filename)
ProvisionNames,
)
from samba.provision.common import (setup_path, setup_add_ldif, setup_ldb)
from samba.provision.sambadns import secretsdb_setup_dns
if __name__ == '__main__':
## most of this is extracted from source4/scripting/python/samba/provision/*
lp = LoadParm()
lp.load('/etc/samba/smb.conf')
samdb = SamDB('/var/lib/samba/private/sam.ldb',
session_info=system_session(lp),
lp=lp)
secretsdb = samba.Ldb('/var/lib/samba/private/secrets.ldb',
session_info=system_session(lp),
lp=lp)
paths = ProvisionPaths()
paths.private_dir = lp.get("private dir")
names = ProvisionNames()
# NT domain, kerberos realm, root dn, domain dn, domain dns name
names.realm = lp.get("realm").upper()
names.domain = lp.get("workgroup").upper()
names.domaindn = samdb.domain_dn()
names.dnsdomain = samba.ldb.Dn(samdb,
names.domaindn).canonical_str().replace(
"/", "")
basedn = samba.dn_from_dns_name(names.dnsdomain)
