def backup_smb_dbs(self, private_dir, samdb, lp, logger):
# First, determine if DB backend is MDB. Assume not unless there is a
# 'backendStore' attribute on @PARTITION containing the text 'mdb'
store_label = "backendStore"
res = samdb.search(base="@PARTITION",
scope=ldb.SCOPE_BASE,
attrs=[store_label])
mdb_backend = store_label in res[0] and res[0][store_label][0] == 'mdb'
sam_ldb_path = os.path.join(private_dir, 'sam.ldb')
copy_function = None
if mdb_backend:
logger.info('MDB backend detected. Using mdb backup function.')
copy_function = self.offline_mdb_copy
else:
logger.info('Starting transaction on ' + sam_ldb_path)
copy_function = self.offline_tdb_copy
sam_obj = Ldb(sam_ldb_path, lp=lp)
sam_obj.transaction_start()
logger.info(' backing up ' + sam_ldb_path)
self.offline_tdb_copy(sam_ldb_path)
sam_ldb_d = sam_ldb_path + '.d'
for sam_file in os.listdir(sam_ldb_d):
sam_file = os.path.join(sam_ldb_d, sam_file)
if sam_file.endswith('.ldb'):
logger.info(' backing up locked/related file ' + sam_file)
copy_function(sam_file)
else:
logger.info(' copying locked/related file ' + sam_file)
shutil.copyfile(sam_file, sam_file + self.backup_ext)
if not mdb_backend:
sam_obj.transaction_cancel()
def backup_secrets(self, private_dir, lp, logger):
secrets_path = os.path.join(private_dir, 'secrets')
secrets_obj = Ldb(secrets_path + '.ldb', lp=lp)
logger.info('Starting transaction on ' + secrets_path)
secrets_obj.transaction_start()
self.offline_tdb_copy(secrets_path + '.ldb')
self.offline_tdb_copy(secrets_path + '.tdb')
secrets_obj.transaction_cancel()
def ldif_to_samdb(dburl, lp, ldif_file, forced_local_dsa=None):
"""Routine to import all objects and attributes that are relevent
to the KCC algorithms from a previously exported LDIF file.
The point of this function is to allow a programmer/debugger to
import an LDIF file with non-security relevent information that
was previously extracted from a DC database. The LDIF file is used
to create a temporary abbreviated database. The KCC algorithm can
then run against this abbreviated database for debug or test
verification that the topology generated is computationally the
same between different OSes and algorithms.
:param dburl: path to the temporary abbreviated db to create
:param ldif_file: path to the ldif file to import
"""
if os.path.exists(dburl):
raise LdifError("Specify a database (%s) that doesn't already exist." %
dburl)
# Use ["modules:"] as we are attempting to build a sam
# database as opposed to start it here.
tmpdb = Ldb(url=dburl,
session_info=system_session(),
lp=lp,
options=["modules:"])
tmpdb.transaction_start()
try:
data = read_and_sub_file(ldif_file, None)
tmpdb.add_ldif(data, None)
if forced_local_dsa:
tmpdb.modify_ldif("""dn: @ROOTDSE
changetype: modify
replace: dsServiceName
dsServiceName: CN=NTDS Settings,%s
""" % forced_local_dsa)
tmpdb.add_ldif("""dn: @MODULES
@LIST: rootdse,extended_dn_in,extended_dn_out_ldb,objectguid
-
""")
except Exception as estr:
tmpdb.transaction_cancel()
raise LdifError("Failed to import %s: %s" % (ldif_file, estr))
tmpdb.transaction_commit()
# We have an abbreviated list of options here because we have built
# an abbreviated database. We use the rootdse and extended-dn
# modules only during this re-open
samdb = SamDB(url=dburl, session_info=system_session(), lp=lp)
return samdb
def ldif_to_samdb(dburl, lp, ldif_file, forced_local_dsa=None):
"""Routine to import all objects and attributes that are relevent
to the KCC algorithms from a previously exported LDIF file.
The point of this function is to allow a programmer/debugger to
import an LDIF file with non-security relevent information that
was previously extracted from a DC database. The LDIF file is used
to create a temporary abbreviated database. The KCC algorithm can
then run against this abbreviated database for debug or test
verification that the topology generated is computationally the
same between different OSes and algorithms.
:param dburl: path to the temporary abbreviated db to create
:param ldif_file: path to the ldif file to import
"""
if os.path.exists(dburl):
raise LdifError("Specify a database (%s) that doesn't already exist." %
dburl)
# Use ["modules:"] as we are attempting to build a sam
# database as opposed to start it here.
tmpdb = Ldb(url=dburl, session_info=system_session(),
lp=lp, options=["modules:"])
tmpdb.transaction_start()
try:
data = read_and_sub_file(ldif_file, None)
tmpdb.add_ldif(data, None)
if forced_local_dsa:
tmpdb.modify_ldif("""dn: @ROOTDSE
changetype: modify
replace: dsServiceName
dsServiceName: CN=NTDS Settings,%s
""" % forced_local_dsa)
tmpdb.add_ldif("""dn: @MODULES
@LIST: rootdse,extended_dn_in,extended_dn_out_ldb,objectguid
-
""")
except Exception as estr:
tmpdb.transaction_cancel()
raise LdifError("Failed to import %s: %s" % (ldif_file, estr))
tmpdb.transaction_commit()
# We have an abbreviated list of options here because we have built
# an abbreviated database. We use the rootdse and extended-dn
# modules only during this re-open
samdb = SamDB(url=dburl, session_info=system_session(), lp=lp)
return samdb
def run(self, sambaopts=None, targetdir=None):
logger = logging.getLogger()
logger.setLevel(logging.DEBUG)
logger.addHandler(logging.StreamHandler(sys.stdout))
# Get the absolute paths of all the directories we're going to backup
lp = sambaopts.get_loadparm()
paths = samba.provision.provision_paths_from_lp(lp, lp.get('realm'))
if not (paths.samdb and os.path.exists(paths.samdb)):
raise CommandError('No sam.db found. This backup ' +
'tool is only for AD DCs')
check_targetdir(logger, targetdir)
samdb = SamDB(url=paths.samdb, session_info=system_session(), lp=lp)
sid = get_sid_for_restore(samdb)
backup_dirs = [
paths.private_dir, paths.state_dir,
os.path.dirname(paths.smbconf)
] # etc dir
logger.info('running backup on dirs: {}'.format(backup_dirs))
# Recursively get all file paths in the backup directories
all_files = []
for backup_dir in backup_dirs:
for (working_dir, _, filenames) in os.walk(backup_dir):
if working_dir.startswith(paths.sysvol):
continue
for filename in filenames:
if filename in all_files:
continue
# Assume existing backup files are from a previous backup.
# Delete and ignore.
if filename.endswith(self.backup_ext):
os.remove(os.path.join(working_dir, filename))
continue
all_files.append(os.path.join(working_dir, filename))
# Backup secrets, sam.ldb and their downstream files
self.backup_secrets(paths.private_dir, lp, logger)
self.backup_smb_dbs(paths.private_dir, samdb, lp, logger)
# Open the new backed up samdb, flag it as backed up, and write
# the next SID so the restore tool can add objects.
# WARNING: Don't change this code unless you know what you're doing.
# Writing to a .bak file only works because the DN being
# written to happens to be top level.
samdb = SamDB(url=paths.samdb + self.backup_ext,
session_info=system_session(),
lp=lp)
time_str = get_timestamp()
add_backup_marker(samdb, "backupDate", time_str)
add_backup_marker(samdb, "sidForRestore", sid)
# Now handle all the LDB and TDB files that are not linked to
# anything else. Use transactions for LDBs.
for path in all_files:
if not os.path.exists(path + self.backup_ext):
if path.endswith('.ldb'):
logger.info('Starting transaction on solo db: ' + path)
ldb_obj = Ldb(path, lp=lp)
ldb_obj.transaction_start()
logger.info(' running tdbbackup on the same file')
self.offline_tdb_copy(path)
ldb_obj.transaction_cancel()
elif path.endswith('.tdb'):
logger.info('running tdbbackup on lone tdb file ' + path)
self.offline_tdb_copy(path)
# Now make the backup tar file and add all
# backed up files and any other files to it.
temp_tar_dir = tempfile.mkdtemp(dir=targetdir,
prefix='INCOMPLETEsambabackupfile')
temp_tar_name = os.path.join(temp_tar_dir, "samba-backup.tar.bz2")
tar = tarfile.open(temp_tar_name, 'w:bz2')
logger.info('running offline ntacl backup of sysvol')
sysvol_tar_fn = 'sysvol.tar.gz'
sysvol_tar = os.path.join(temp_tar_dir, sysvol_tar_fn)
backup_offline(paths.sysvol, sysvol_tar, samdb, paths.smbconf)
tar.add(sysvol_tar, sysvol_tar_fn)
os.remove(sysvol_tar)
create_log_file(temp_tar_dir, lp, "offline", "localhost", True)
backup_fn = os.path.join(temp_tar_dir, "backup.txt")
tar.add(backup_fn, os.path.basename(backup_fn))
os.remove(backup_fn)
logger.info('building backup tar')
for path in all_files:
arc_path = self.get_arc_path(path, paths)
if os.path.exists(path + self.backup_ext):
logger.info(' adding backup ' + arc_path + self.backup_ext +
' to tar and deleting file')
tar.add(path + self.backup_ext, arcname=arc_path)
os.remove(path + self.backup_ext)
elif path.endswith('.ldb') or path.endswith('.tdb'):
logger.info(' skipping ' + arc_path)
else:
logger.info(' adding misc file ' + arc_path)
tar.add(path, arcname=arc_path)
tar.close()
os.rename(
temp_tar_name,
os.path.join(targetdir,
'samba-backup-{}.tar.bz2'.format(time_str)))
os.rmdir(temp_tar_dir)
logger.info('Backup succeeded.')
class OpenChangeDBWithLdbBackend(object):
"""The OpenChange database."""
def __init__(self, url):
self.url = url
self.ldb = Ldb(self.url)
self.nttime = samba.unix2nttime(int(time.time()))
def reopen(self):
self.ldb = Ldb(self.url)
def remove(self):
"""Remove an existing OpenChangeDB file."""
if os.path.exists(self.url):
os.remove(self.url)
self.reopen()
def setup(self, names=None):
self.ldb.add_ldif("""
dn: @OPTIONS
checkBaseOnSearch: TRUE
dn: @INDEXLIST
@IDXATTR: cn
dn: @ATTRIBUTES
cn: CASE_INSENSITIVE
dn: CASE_INSENSITIVE
""")
self.reopen()
if names:
self.add_rootDSE(names.ocserverdn, names.firstorg, names.firstou)
def add_rootDSE(self, ocserverdn, firstorg, firstou):
self.ldb.add({"dn": "@ROOTDSE",
"defaultNamingContext": "CN=%s,CN=%s,%s" % (firstou, firstorg, ocserverdn),
"rootDomainNamingContext": ocserverdn,
"vendorName": "OpenChange Team (http://www.openchange.org)"})
def add_server(self, names):
self.ldb.add({"dn": names.ocserverdn,
"objectClass": ["top", "server"],
"cn": names.netbiosname,
"GlobalCount": "1",
"ChangeNumber": "1",
"ReplicaID": "1"})
self.ldb.add({"dn": "CN=%s,%s" % (names.firstorg, names.ocserverdn),
"objectClass": ["top", "org"],
"cn": names.firstorg})
self.ldb.add({"dn": "CN=%s,CN=%s,%s" % (names.firstou, names.firstorg, names.ocserverdn),
"objectClass": ["top", "ou"],
"cn": names.firstou})
def add_root_public_folder(self, dn, fid, change_num, SystemIdx, childcount):
self.ldb.add({"dn": dn,
"objectClass": ["publicfolder"],
"cn": fid,
"PidTagFolderId": fid,
"PidTagChangeNumber": change_num,
"PidTagDisplayName": "Public Folder Root",
"PidTagCreationTime": "%d" % self.nttime,
"PidTagLastModificationTime": "%d" % self.nttime,
"PidTagSubFolders": str(childcount != 0).upper(),
"PidTagFolderChildCount": str(childcount),
"SystemIdx": str(SystemIdx)})
def add_sub_public_folder(self, dn, parentfid, fid, change_num, name, SystemIndex, childcount):
self.ldb.add({"dn": dn,
"objectClass": ["publicfolder"],
"cn": fid,
"PidTagFolderId": fid,
"PidTagParentFolderId": parentfid,
"PidTagChangeNumber": change_num,
"PidTagDisplayName": name,
"PidTagCreationTime": "%d" % self.nttime,
"PidTagLastModificationTime": "%d" % self.nttime,
"PidTagAttributeHidden": str(0),
"PidTagAttributeReadOnly": str(0),
"PidTagAttributeSystem": str(0),
"PidTagContainerClass": "IPF.Note (check this)",
"PidTagSubFolders": str(childcount != 0).upper(),
"PidTagFolderChildCount": str(childcount),
"FolderType": str(1),
"SystemIdx": str(SystemIndex)})
def add_one_public_folder(self, parent_fid, path, children, SystemIndex, names, dn_prefix = None):
name = path[-1]
GlobalCount = self.get_message_GlobalCount(names.netbiosname)
ChangeNumber = self.get_message_ChangeNumber(names.netbiosname)
ReplicaID = self.get_message_ReplicaID(names.netbiosname)
if dn_prefix is None:
dn_prefix = "CN=publicfolders,CN=%s,CN=%s,%s" % (names.firstou, names.firstorg, names.ocserverdn)
fid = gen_mailbox_folder_fid(GlobalCount, ReplicaID)
dn = "CN=%s,%s" % (fid, dn_prefix)
change_num = gen_mailbox_folder_fid(ChangeNumber, ReplicaID)
childcount = len(children)
print "\t* %-40s: 0x%.16x (%s)" % (name, int(fid, 10), fid)
if parent_fid == 0:
self.add_root_public_folder(dn, fid, change_num, SystemIndex, childcount)
else:
self.add_sub_public_folder(dn, parent_fid, fid, change_num, name, SystemIndex, childcount)
GlobalCount += 1
self.set_message_GlobalCount(names.netbiosname, GlobalCount=GlobalCount)
ChangeNumber += 1
self.set_message_ChangeNumber(names.netbiosname, ChangeNumber=ChangeNumber)
for name, grandchildren in children.iteritems():
self.add_one_public_folder(fid, path + (name,), grandchildren[0], grandchildren[1], names, dn)
def add_public_folders(self, names):
pfstoreGUID = str(uuid.uuid4())
self.ldb.add({"dn": "CN=publicfolders,CN=%s,CN=%s,%s" % (names.firstou, names.firstorg, names.ocserverdn),
"objectClass": ["container"],
"cn": "publicfolders",
"StoreGUID": pfstoreGUID,
"ReplicaID": str(1)})
public_folders = _public_folders_meta(names)
self.add_one_public_folder(0, ("Public Folder Root",), public_folders[0], public_folders[1], names)
def lookup_server(self, cn, attributes=[]):
# Step 1. Search Server object
filter = "(&(objectClass=server)(cn=%s))" % cn
res = self.ldb.search("", scope=ldb.SCOPE_SUBTREE,
expression=filter, attrs=attributes)
if len(res) != 1:
raise NoSuchServer(cn)
return res[0]
def lookup_mailbox_user(self, server, username, attributes=[]):
"""Check if a user already exists in openchange database.
:param server: Server object name
:param username: Username object
:return: LDB Object of the user
"""
server_dn = self.lookup_server(server, []).dn
# Step 2. Search User object
filter = "(&(objectClass=mailbox)(cn=%s))" % (username)
return self.ldb.search(server_dn, scope=ldb.SCOPE_SUBTREE,
expression=filter, attrs=attributes)
def lookup_public_folder(self, server, displayname, attributes=[]):
"""Retrieve the record for a public folder matching a specific display name
:param server: Server Object Name
:param displayname: Display Name of the Folder
:param attributes: Requested Attributes
:return: LDB Object of the Folder
"""
server_dn = self.lookup_server(server, []).dn
filter = "(&(objectClass=publicfolder)(PidTagDisplayName=%s))" % (displayname)
return self.ldb.search(server_dn, scope=ldb.SCOPE_SUBTREE,
expression=filter, attrs=attributes)
def get_message_attribute(self, server, attribute):
"""Retrieve attribute value from given message database (server).
:param server: Server object name
"""
return int(self.lookup_server(server, [attribute])[attribute][0], 10)
def get_message_ReplicaID(self, server):
"""Retrieve current mailbox Replica ID for given message database (server).
:param server: Server object name
"""
return self.get_message_attribute(server, "ReplicaID")
def get_message_GlobalCount(self, server):
"""Retrieve current mailbox Global Count for given message database (server).
:param server: Server object name
"""
return self.get_message_attribute(server, "GlobalCount")
def set_message_GlobalCount(self, server, GlobalCount):
"""Update current mailbox GlobalCount for given message database (server).
:param server: Server object name
:param index: Mailbox new GlobalCount value
"""
server_dn = self.lookup_server(server, []).dn
newGlobalCount = """
dn: %s
changetype: modify
replace: GlobalCount
GlobalCount: %d
""" % (server_dn, GlobalCount)
self.ldb.transaction_start()
try:
self.ldb.modify_ldif(newGlobalCount)
finally:
self.ldb.transaction_commit()
def get_message_ChangeNumber(self, server):
"""Retrieve current mailbox Global Count for given message database (server).
:param server: Server object name
"""
return self.get_message_attribute(server, "ChangeNumber")
def set_message_ChangeNumber(self, server, ChangeNumber):
"""Update current mailbox ChangeNumber for given message database (server).
:param server: Server object name
:param index: Mailbox new ChangeNumber value
"""
server_dn = self.lookup_server(server, []).dn
newChangeNumber = """
dn: %s
changetype: modify
replace: ChangeNumber
ChangeNumber: %d
""" % (server_dn, ChangeNumber)
self.ldb.transaction_start()
try:
self.ldb.modify_ldif(newChangeNumber)
finally:
self.ldb.transaction_commit()
class Schema(object):
def __init__(self, setup_path, domain_sid, schemadn=None,
serverdn=None, files=None, prefixmap=None):
"""Load schema for the SamDB from the AD schema files and samba4_schema.ldif
:param samdb: Load a schema into a SamDB.
:param setup_path: Setup path function.
:param schemadn: DN of the schema
:param serverdn: DN of the server
Returns the schema data loaded, to avoid double-parsing when then needing to add it to the db
"""
self.schemadn = schemadn
self.ldb = Ldb()
self.schema_data = read_ms_schema(setup_path('ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt'),
setup_path('ad-schema/MS-AD_Schema_2K8_R2_Classes.txt'))
if files is not None:
for file in files:
self.schema_data += open(file, 'r').read()
self.schema_data = substitute_var(self.schema_data, {"SCHEMADN": schemadn})
check_all_substituted(self.schema_data)
self.schema_dn_modify = read_and_sub_file(setup_path("provision_schema_basedn_modify.ldif"),
{"SCHEMADN": schemadn,
"SERVERDN": serverdn,
})
descr = b64encode(get_schema_descriptor(domain_sid))
self.schema_dn_add = read_and_sub_file(setup_path("provision_schema_basedn.ldif"),
{"SCHEMADN": schemadn,
"DESCRIPTOR": descr
})
self.prefixmap_data = open(setup_path("prefixMap.txt"), 'r').read()
if prefixmap is not None:
for map in prefixmap:
self.prefixmap_data += "%s\n" % map
self.prefixmap_data = b64encode(self.prefixmap_data)
# We don't actually add this ldif, just parse it
prefixmap_ldif = "dn: cn=schema\nprefixMap:: %s\n\n" % self.prefixmap_data
self.ldb.set_schema_from_ldif(prefixmap_ldif, self.schema_data)
def write_to_tmp_ldb(self, schemadb_path):
self.ldb.connect(schemadb_path)
self.ldb.transaction_start()
self.ldb.add_ldif("""dn: @ATTRIBUTES
linkID: INTEGER
dn: @INDEXLIST
@IDXATTR: linkID
@IDXATTR: attributeSyntax
""")
# These bits of LDIF are supplied when the Schema object is created
self.ldb.add_ldif(self.schema_dn_add)
self.ldb.modify_ldif(self.schema_dn_modify)
self.ldb.add_ldif(self.schema_data)
self.ldb.transaction_commit()
# Return a hash with the forward attribute as a key and the back as the value
def linked_attributes(self):
return get_linked_attributes(self.schemadn, self.ldb)
def dnsyntax_attributes(self):
return get_dnsyntax_attributes(self.schemadn, self.ldb)
class OpenChangeDBWithLdbBackend(object):
"""The OpenChange database."""
def __init__(self, url):
self.url = url
self.ldb = Ldb(self.url)
self.nttime = samba.unix2nttime(int(time.time()))
def reopen(self):
self.ldb = Ldb(self.url)
def remove(self):
"""Remove an existing OpenChangeDB file."""
if os.path.exists(self.url):
os.remove(self.url)
self.reopen()
def setup(self, names=None):
self.ldb.add_ldif("""
dn: @OPTIONS
checkBaseOnSearch: TRUE
dn: @INDEXLIST
@IDXATTR: cn
dn: @ATTRIBUTES
cn: CASE_INSENSITIVE
dn: CASE_INSENSITIVE
""")
self.reopen()
if names:
self.add_rootDSE(names.ocserverdn, names.firstorg, names.firstou)
def add_rootDSE(self, ocserverdn, firstorg, firstou):
self.ldb.add({
"dn":
"@ROOTDSE",
"defaultNamingContext":
"CN=%s,CN=%s,%s" % (firstou, firstorg, ocserverdn),
"rootDomainNamingContext":
ocserverdn,
"vendorName":
"OpenChange Team (http://www.openchange.org)"
})
def add_server(self, names):
self.ldb.add({
"dn": names.ocserverdn,
"objectClass": ["top", "server"],
"cn": names.netbiosname,
"GlobalCount": "1",
"ChangeNumber": "1",
"ReplicaID": "1"
})
self.ldb.add({
"dn": "CN=%s,%s" % (names.firstorg, names.ocserverdn),
"objectClass": ["top", "org"],
"cn": names.firstorg
})
self.ldb.add({
"dn":
"CN=%s,CN=%s,%s" %
(names.firstou, names.firstorg, names.ocserverdn),
"objectClass": ["top", "ou"],
"cn":
names.firstou
})
def add_root_public_folder(self, dn, fid, change_num, SystemIdx,
childcount):
self.ldb.add({
"dn": dn,
"objectClass": ["publicfolder"],
"cn": fid,
"PidTagFolderId": fid,
"PidTagChangeNumber": change_num,
"PidTagDisplayName": "Public Folder Root",
"PidTagCreationTime": "%d" % self.nttime,
"PidTagLastModificationTime": "%d" % self.nttime,
"PidTagSubFolders": str(childcount != 0).upper(),
"PidTagFolderChildCount": str(childcount),
"SystemIdx": str(SystemIdx)
})
def add_sub_public_folder(self, dn, parentfid, fid, change_num, name,
SystemIndex, childcount):
self.ldb.add({
"dn": dn,
"objectClass": ["publicfolder"],
"cn": fid,
"PidTagFolderId": fid,
"PidTagParentFolderId": parentfid,
"PidTagChangeNumber": change_num,
"PidTagDisplayName": name,
"PidTagCreationTime": "%d" % self.nttime,
"PidTagLastModificationTime": "%d" % self.nttime,
"PidTagAttributeHidden": str(0),
"PidTagAttributeReadOnly": str(0),
"PidTagAttributeSystem": str(0),
"PidTagContainerClass": "IPF.Note (check this)",
"PidTagSubFolders": str(childcount != 0).upper(),
"PidTagFolderChildCount": str(childcount),
"FolderType": str(1),
"SystemIdx": str(SystemIndex)
})
def add_one_public_folder(self,
parent_fid,
path,
children,
SystemIndex,
names,
dn_prefix=None):
name = path[-1]
GlobalCount = self.get_message_GlobalCount(names.netbiosname)
ChangeNumber = self.get_message_ChangeNumber(names.netbiosname)
ReplicaID = self.get_message_ReplicaID(names.netbiosname)
if dn_prefix is None:
dn_prefix = "CN=publicfolders,CN=%s,CN=%s,%s" % (
names.firstou, names.firstorg, names.ocserverdn)
fid = gen_mailbox_folder_fid(GlobalCount, ReplicaID)
dn = "CN=%s,%s" % (fid, dn_prefix)
change_num = gen_mailbox_folder_fid(ChangeNumber, ReplicaID)
childcount = len(children)
print "\t* %-40s: 0x%.16x (%s)" % (name, int(fid, 10), fid)
if parent_fid == 0:
self.add_root_public_folder(dn, fid, change_num, SystemIndex,
childcount)
else:
self.add_sub_public_folder(dn, parent_fid, fid, change_num, name,
SystemIndex, childcount)
GlobalCount += 1
self.set_message_GlobalCount(names.netbiosname,
GlobalCount=GlobalCount)
ChangeNumber += 1
self.set_message_ChangeNumber(names.netbiosname,
ChangeNumber=ChangeNumber)
for name, grandchildren in children.iteritems():
self.add_one_public_folder(fid, path + (name, ), grandchildren[0],
grandchildren[1], names, dn)
def add_public_folders(self, names):
pfstoreGUID = str(uuid.uuid4())
self.ldb.add({
"dn":
"CN=publicfolders,CN=%s,CN=%s,%s" %
(names.firstou, names.firstorg, names.ocserverdn),
"objectClass": ["container"],
"cn":
"publicfolders",
"StoreGUID":
pfstoreGUID,
"ReplicaID":
str(1)
})
public_folders = _public_folders_meta(names)
self.add_one_public_folder(0, ("Public Folder Root", ),
public_folders[0], public_folders[1], names)
def lookup_server(self, cn, attributes=[]):
# Step 1. Search Server object
filter = "(&(objectClass=server)(cn=%s))" % cn
res = self.ldb.search("",
scope=ldb.SCOPE_SUBTREE,
expression=filter,
attrs=attributes)
if len(res) != 1:
raise NoSuchServer(cn)
return res[0]
def lookup_mailbox_user(self, server, username, attributes=[]):
"""Check if a user already exists in openchange database.
:param server: Server object name
:param username: Username object
:return: LDB Object of the user
"""
server_dn = self.lookup_server(server, []).dn
# Step 2. Search User object
filter = "(&(objectClass=mailbox)(cn=%s))" % (username)
return self.ldb.search(server_dn,
scope=ldb.SCOPE_SUBTREE,
expression=filter,
attrs=attributes)
def lookup_public_folder(self, server, displayname, attributes=[]):
"""Retrieve the record for a public folder matching a specific display name
:param server: Server Object Name
:param displayname: Display Name of the Folder
:param attributes: Requested Attributes
:return: LDB Object of the Folder
"""
server_dn = self.lookup_server(server, []).dn
filter = "(&(objectClass=publicfolder)(PidTagDisplayName=%s))" % (
displayname)
return self.ldb.search(server_dn,
scope=ldb.SCOPE_SUBTREE,
expression=filter,
attrs=attributes)
def get_message_attribute(self, server, attribute):
"""Retrieve attribute value from given message database (server).
:param server: Server object name
"""
return int(self.lookup_server(server, [attribute])[attribute][0], 10)
def get_message_ReplicaID(self, server):
"""Retrieve current mailbox Replica ID for given message database (server).
:param server: Server object name
"""
return self.get_message_attribute(server, "ReplicaID")
def get_message_GlobalCount(self, server):
"""Retrieve current mailbox Global Count for given message database (server).
:param server: Server object name
"""
return self.get_message_attribute(server, "GlobalCount")
def set_message_GlobalCount(self, server, GlobalCount):
"""Update current mailbox GlobalCount for given message database (server).
:param server: Server object name
:param index: Mailbox new GlobalCount value
"""
server_dn = self.lookup_server(server, []).dn
newGlobalCount = """
dn: %s
changetype: modify
replace: GlobalCount
GlobalCount: %d
""" % (server_dn, GlobalCount)
self.ldb.transaction_start()
try:
self.ldb.modify_ldif(newGlobalCount)
finally:
self.ldb.transaction_commit()
def get_message_ChangeNumber(self, server):
"""Retrieve current mailbox Global Count for given message database (server).
:param server: Server object name
"""
return self.get_message_attribute(server, "ChangeNumber")
def set_message_ChangeNumber(self, server, ChangeNumber):
"""Update current mailbox ChangeNumber for given message database (server).
:param server: Server object name
:param index: Mailbox new ChangeNumber value
"""
server_dn = self.lookup_server(server, []).dn
newChangeNumber = """
dn: %s
changetype: modify
replace: ChangeNumber
ChangeNumber: %d
""" % (server_dn, ChangeNumber)
self.ldb.transaction_start()
try:
self.ldb.modify_ldif(newChangeNumber)
finally:
self.ldb.transaction_commit()
class Schema(object):
def __init__(self,
setup_path,
domain_sid,
schemadn=None,
serverdn=None,
files=None,
prefixmap=None):
"""Load schema for the SamDB from the AD schema files and samba4_schema.ldif
:param samdb: Load a schema into a SamDB.
:param setup_path: Setup path function.
:param schemadn: DN of the schema
:param serverdn: DN of the server
Returns the schema data loaded, to avoid double-parsing when then needing to add it to the db
"""
self.schemadn = schemadn
self.ldb = Ldb()
self.schema_data = read_ms_schema(
setup_path('ad-schema/MS-AD_Schema_2K8_Attributes.txt'),
setup_path('ad-schema/MS-AD_Schema_2K8_Classes.txt'))
if files is not None:
for file in files:
self.schema_data += open(file, 'r').read()
self.schema_data = substitute_var(self.schema_data,
{"SCHEMADN": schemadn})
check_all_substituted(self.schema_data)
self.schema_dn_modify = read_and_sub_file(
setup_path("provision_schema_basedn_modify.ldif"), {
"SCHEMADN": schemadn,
"SERVERDN": serverdn,
})
descr = b64encode(get_schema_descriptor(domain_sid))
self.schema_dn_add = read_and_sub_file(
setup_path("provision_schema_basedn.ldif"), {
"SCHEMADN": schemadn,
"DESCRIPTOR": descr
})
self.prefixmap_data = open(setup_path("prefixMap.txt"), 'r').read()
if prefixmap is not None:
for map in prefixmap:
self.prefixmap_data += "%s\n" % map
self.prefixmap_data = b64encode(self.prefixmap_data)
# We don't actually add this ldif, just parse it
prefixmap_ldif = "dn: cn=schema\nprefixMap:: %s\n\n" % self.prefixmap_data
self.ldb.set_schema_from_ldif(prefixmap_ldif, self.schema_data)
def write_to_tmp_ldb(self, schemadb_path):
self.ldb.connect(schemadb_path)
self.ldb.transaction_start()
self.ldb.add_ldif("""dn: @ATTRIBUTES
linkID: INTEGER
dn: @INDEXLIST
@IDXATTR: linkID
@IDXATTR: attributeSyntax
""")
# These bits of LDIF are supplied when the Schema object is created
self.ldb.add_ldif(self.schema_dn_add)
self.ldb.modify_ldif(self.schema_dn_modify)
self.ldb.add_ldif(self.schema_data)
self.ldb.transaction_commit()
# Return a hash with the forward attribute as a key and the back as the value
def linked_attributes(self):
return get_linked_attributes(self.schemadn, self.ldb)
def dnsyntax_attributes(self):
return get_dnsyntax_attributes(self.schemadn, self.ldb)
opts = parser.parse_args()[0]
lp = sambaopts.get_loadparm()
smbconf = lp.configfile
if not opts.database:
print "Parameter database is mandatory"
sys.exit(1)
creds = credopts.get_credentials(lp)
creds.set_kerberos_state(DONT_USE_KERBEROS)
session = system_session()
empty = ldb.Message()
newname="%s.new"%(opts.database)
if os.path.exists(newname):
os.remove(newname)
old_ldb = Ldb(opts.database, session_info=session, credentials=creds,lp=lp)
new_ldb = Ldb(newname,session_info=session, credentials=creds,lp=lp)
new_ldb.transaction_start()
res = old_ldb.search(expression="(dn=*)",base="", scope=SCOPE_SUBTREE)
for i in range(0,len(res)):
if str(res[i].dn) == "@BASEINFO":
continue
if str(res[i].dn).startswith("@INDEX:"):
continue
delta = new_ldb.msg_diff(empty,res[i])
delta.dn = res[i].dn
delta.remove("distinguishedName")
new_ldb.add(delta)
new_ldb.transaction_commit()
opts = parser.parse_args()[0]
lp = sambaopts.get_loadparm()
smbconf = lp.configfile
if not opts.database:
print "Parameter database is mandatory"
sys.exit(1)
creds = credopts.get_credentials(lp)
creds.set_kerberos_state(DONT_USE_KERBEROS)
session = system_session()
empty = ldb.Message()
newname = "%s.new" % (opts.database)
if os.path.exists(newname):
os.remove(newname)
old_ldb = Ldb(opts.database, session_info=session, credentials=creds, lp=lp)
new_ldb = Ldb(newname, session_info=session, credentials=creds, lp=lp)
new_ldb.transaction_start()
res = old_ldb.search(expression="(dn=*)", base="", scope=SCOPE_SUBTREE)
for i in range(0, len(res)):
if str(res[i].dn) == "@BASEINFO":
continue
if str(res[i].dn).startswith("@INDEX:"):
continue
delta = new_ldb.msg_diff(empty, res[i])
delta.dn = res[i].dn
delta.remove("distinguishedName")
new_ldb.add(delta)
new_ldb.transaction_commit()
