def main(): lp = LoadParm() lp.load_default() print("\nLoaded loadparm:") print(" samdb_url: ", lp.samdb_url()) print(" server_role: ", lp.server_role()) creds = Credentials() creds.guess(lp) print("\nCredentials:") creds.set_kerberos_state(MUST_USE_KERBEROS) # If MUST_USE_KERBEROS and we have no ticket, yields this error: # "Failed to connect to 'ldap://dc1' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER" # Local #samdb = SamDB(lp=lp) # Remote samdb = SamDB(lp=lp, url='ldap://dc1', credentials=creds) print("\nOpened SAM DB:") print(" domain_dn: ", samdb.domain_dn()) print(" domain_dns_name:", samdb.domain_dns_name()) for q in sys.argv[1:]: query(samdb, q)
def setUp(self): super(DCKeytabTests, self).setUp() self.lp = LoadParm() self.lp.load_default() self.creds = self.insta_creds(template=self.get_credentials()) self.ktfile = os.path.join(self.lp.get('private dir'), 'test.keytab') self.principal = self.creds.get_principal()
def __init__(self, username=None, no_dry_run=False, mysql_string=None): self.lp = LoadParm() self.lp.set('debug level', '0') self.lp.load_default() self.username = username self.no_dry_run = no_dry_run self.conn = self._open_mysql_conn(mysql_string)
def setUp(self): super(GPOTests, self).setUp() self.server = os.environ["SERVER"] self.dc_account = self.server.upper() + '$' self.lp = LoadParm() self.lp.load_default() self.creds = self.insta_creds(template=self.get_credentials())
def __init__(self, parser): from samba.param import LoadParm optparse.OptionGroup.__init__(self, parser, "Samba Common Options") self.add_option("-s", "--configfile", action="callback", type=str, metavar="FILE", help="Configuration file", callback=self._load_configfile) self.add_option("-d", "--debuglevel", action="callback", type=int, metavar="DEBUGLEVEL", help="debug level", callback=self._set_debuglevel) self.add_option("--option", action="callback", type=str, metavar="OPTION", help="set smb.conf option from command line", callback=self._set_option) self.add_option("--realm", action="callback", type=str, metavar="REALM", help="set the realm name", callback=self._set_realm) self._configfile = None self._lp = LoadParm() self.realm = None
def user_policy_apply(user, password): user = user.split('\\')[-1] logger = logging.getLogger('gpupdate') logger.addHandler(logging.StreamHandler(sys.stdout)) logger.setLevel(logging.CRITICAL) log_level = lp.log_level() if log_level == 1: logger.setLevel(logging.ERROR) elif log_level == 2: logger.setLevel(logging.WARNING) elif log_level == 3: logger.setLevel(logging.INFO) elif log_level >= 4: logger.setLevel(logging.DEBUG) lp = LoadParm() lp.load_default() creds = Credentials() creds.guess(lp) creds.set_username(user) creds.set_password(password) _, user_exts = get_gp_client_side_extensions(logger) gp_extensions = [] for ext in user_exts: gp_extensions.append(ext(logger, lp, creds, store)) cache_dir = lp.get('cache directory') store = GPOStorage(os.path.join(cache_dir, 'gpo.tdb')) try: apply_gp(lp, creds, logger, store, gp_extensions) except NTSTATUSError as e: logger.info(e.message)
def get_ad_binddn_from_name(base, server, username, password): lp = LoadParm() creds = Credentials() creds.guess(lp) creds.set_username(username) creds.set_password(password) binddn = 'cn=%s,cn=users,%s' % (ldap.dn.escape_dn_chars(username), base) try: samdb = SamDB(url='ldap://%s' % server, session_info=system_session(), credentials=creds, lp=lp) res = samdb.search(base, scope=ldb.SCOPE_SUBTREE, expression=ldap.filter.filter_format( '(samAccountName=%s)', [ username, ]), attrs=['samaccountname']) if res.count == 1: binddn = res.msgs[0].get('dn', idx=0).extended_str() except ldb.LdbError as ex: MODULE.warn('get_dn_from_name() could not get binddn for user %s: %s' % (username, ex)) return binddn
def setUp(self): super(KCCTests, self).setUp() self.lp = LoadParm() self.creds = Credentials() self.creds.guess(self.lp) self.creds.set_username(os.environ["USERNAME"]) self.creds.set_password(os.environ["PASSWORD"])
def dc_watcher(self): (r1, w1) = os.pipe() pid = os.fork() if pid != 0: # Parent process return the result socket to the caller. return r1 # Load the lp context for the Domain Controller, rather than the # member server. config_file = os.environ["DC_SERVERCONFFILE"] lp_ctx = LoadParm() lp_ctx.load(config_file) # # Is the message a SamLogon authentication? def is_sam_logon(m): if m is None: return False msg = json.loads(m) return (msg["type"] == "Authentication" and msg["Authentication"]["serviceDescription"] == "SamLogon") # # Handler function for received authentication messages. def message_handler(context, msgType, src, message): # Print the message to help debugging the tests. # as it's a JSON message it does not look like a sub-unit message. print(message) self.dc_msgs.append(message) # Set up a messaging context to listen for authentication events on # the domain controller. msg_ctx = Messaging((1, ), lp_ctx=lp_ctx) msg_ctx.irpc_add_name(AUTH_EVENT_NAME) msg_handler_and_context = (message_handler, None) msg_ctx.register(msg_handler_and_context, msg_type=MSG_AUTH_LOG) # Wait for the SamLogon message. # As there could be other SamLogon's in progress we need to collect # all the SamLogons and let the caller match them to the session. self.dc_msgs = [] start_time = time.time() while (time.time() - start_time < 1): msg_ctx.loop_once(0.1) # Only interested in SamLogon messages, filter out the rest msgs = list(filter(is_sam_logon, self.dc_msgs)) if msgs: for m in msgs: m += "\n" os.write(w1, get_bytes(m)) else: os.write(w1, get_bytes("None\n")) os.close(w1) msg_ctx.deregister(msg_handler_and_context, msg_type=MSG_AUTH_LOG) msg_ctx.irpc_remove_name(AUTH_EVENT_NAME) os._exit(0)
def test_setntacl_invalidbackend(self): lp = LoadParm() acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" open(self.tempf, 'w').write("empty") self.assertRaises(XattrBackendError, setntacl, lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", "ttdb", os.path.join(self.tempdir, "eadbtest.tdb"))
def force_drs_replication(source_dc=None, destination_dc=None, partition_dn=None, direction="in"): if not package_installed('univention-samba4'): print( 'force_drs_replication(): skip, univention-samba4 not installed.') return if not source_dc: source_dc = get_available_s4connector_dc() if not source_dc: return 1 if not destination_dc: destination_dc = socket.gethostname() if destination_dc == source_dc: return if not partition_dn: lp = LoadParm() lp.load('/etc/samba/smb.conf') samdb = SamDB("tdb://%s" % lp.private_path("sam.ldb"), session_info=system_session(lp), lp=lp) partition_dn = str(samdb.domain_dn()) print("USING partition_dn:", partition_dn) if direction == "in": cmd = ("/usr/bin/samba-tool", "drs", "replicate", destination_dc, source_dc, partition_dn) else: cmd = ("/usr/bin/samba-tool", "drs", "replicate", source_dc, destination_dc, partition_dn) return subprocess.call(cmd)
def test_setntacl(self): lp = LoadParm() acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" open(self.tempf, 'w').write("empty") lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb")) setntacl(lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467") os.unlink(os.path.join(self.tempdir, "eadbtest.tdb"))
def test_setntacl_forcenative(self): if os.getuid() == 0: raise SkipTest("Running test as root, test skipped") lp = LoadParm() open(self.tempf, 'w').write("empty") lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb")) self.assertRaises(Exception, setntacl, lp, self.tempf, NTACL_SDDL, DOMAIN_SID, self.session_info, "native")
def _wait_for_drs_replication(ldap_filter, attrs=None, base=None, scope=ldb.SCOPE_SUBTREE, lp=None, timeout=360, delta_t=1, verbose=True, should_exist=True, controls=None): # type: (str, Union[List[str], None, str], Optional[str], int, Optional[LoadParm], int, int, bool, bool, Optional[List[str]]) -> None if not package_installed('univention-samba4'): if package_installed('univention-samba'): time.sleep(15) print('Sleeping 15 seconds as a workaround for http://forge.univention.org/bugzilla/show_bug.cgi?id=52145') elif verbose: print('wait_for_drs_replication(): skip, univention-samba4 not installed.') return if not attrs: attrs = ['dn'] elif not isinstance(attrs, list): attrs = [attrs] if not lp: lp = LoadParm() lp.load('/etc/samba/smb.conf') samdb = SamDB("tdb://%s" % lp.private_path("sam.ldb"), session_info=system_session(lp), lp=lp) if not controls: controls = ["domain_scope:0"] if base is None: ucr = config_registry.ConfigRegistry() ucr.load() base = ucr['samba4/ldap/base'] else: if len(ldap.dn.str2dn(base)[0]) > 1: if verbose: print('wait_for_drs_replication(): skip, multiple RDNs are not supported') return if not base: if verbose: print('wait_for_drs_replication(): skip, no samba domain found') return if verbose: print("Waiting for DRS replication, filter: %r, base: %r, scope: %r, should_exist: %r" % (ldap_filter, base, scope, should_exist), end=' ') t = t0 = time.time() while t < t0 + timeout: try: res = samdb.search(base=base, scope=scope, expression=ldap_filter, attrs=attrs, controls=controls) if bool(res) is bool(should_exist): if verbose: print("\nDRS replication took %d seconds" % (t - t0, )) return # res except ldb.LdbError as exc: (_num, msg) = exc.args if _num == ldb.ERR_INVALID_DN_SYNTAX: raise if _num == ldb.ERR_NO_SUCH_OBJECT and not should_exist: if verbose: print("\nDRS replication took %d seconds" % (t - t0, )) return print("Error during samdb.search: %s" % (msg, )) print('.', end=' ') time.sleep(delta_t) t = time.time() raise DRSReplicationFailed("DRS replication for filter: %r failed due to timeout after %d sec." % (ldap_filter, t - t0))
def test_setntacl_getntacl(self): lp = LoadParm() open(self.tempf, 'w').write("empty") lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb")) setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID, self.session_info) facl = getntacl(lp, self.tempf, self.session_info) anysid = security.dom_sid(security.SID_NT_SELF) self.assertEqual(facl.as_sddl(anysid), NTACL_SDDL) os.unlink(os.path.join(self.tempdir, "eadbtest.tdb"))
def wait_for_drs_replication(ldap_filter, attrs=None, base=None, scope=ldb.SCOPE_SUBTREE, lp=None, timeout=360, delta_t=1, verbose=True, should_exist=True, controls=None): if not package_installed('univention-samba4'): if verbose: print('wait_for_drs_replication(): skip, univention-samba4 not installed.') return if not lp: lp = LoadParm() lp.load('/etc/samba/smb.conf') if not attrs: attrs = ['dn'] elif not isinstance(attrs, list): attrs = [attrs] samdb = SamDB("tdb://%s" % lp.private_path("sam.ldb"), session_info=system_session(lp), lp=lp) if not controls: controls = ["domain_scope:0"] if base is None: base = samdb.domain_dn() else: if len(ldap.dn.str2dn(base)[0]) > 1: if verbose: print('wait_for_drs_replication(): skip, multiple RDNs are not supported') return if not base or base == 'None': if verbose: print('wait_for_drs_replication(): skip, no samba domain found') return if verbose: print("Waiting for DRS replication, filter: %r, base: %r, scope: %r, should_exist: %r" % (ldap_filter, base, scope, should_exist), end=' ') t = t0 = time.time() while t < t0 + timeout: try: res = samdb.search(base=base, scope=scope, expression=ldap_filter, attrs=attrs, controls=controls) if res and should_exist: if verbose: print("\nDRS replication took %d seconds" % (t - t0, )) return res if not res and not should_exist: if verbose: print("\nDRS replication took %d seconds" % (t - t0, )) return res except ldb.LdbError as exc: (_num, msg) = exc.args if _num == ldb.ERR_INVALID_DN_SYNTAX: raise if _num == ldb.ERR_NO_SUCH_OBJECT and not should_exist: if verbose: print("\nDRS replication took %d seconds" % (t - t0, )) return print("Error during samdb.search: %s" % (msg, )) print('.', end=' ') time.sleep(delta_t) t = time.time() raise DRSReplicationFailed("DRS replication for filter: %r failed due to timeout after %d sec." % (ldap_filter, t - t0))
def parse_gpext_conf(smb_conf): lp = LoadParm() if smb_conf is not None: lp.load(smb_conf) else: lp.load_default() ext_conf = lp.state_path('gpext.conf') parser = ConfigParser() parser.read(ext_conf) return lp, parser
def __init__(self, user, password): self.user = user self.password = password _isLastErrorAvailable = False self.lp = LoadParm() self.lp.load_default() self.logger = logging.getLogger(__name__) self.logger.addHandler(logging.StreamHandler(sys.stdout)) self.logger.setLevel(logging.INFO)
def __init__(self): self.samba_lp = LoadParm() self.samba_lp.set('debug level', '0') self.samba_lp.load_default() url = self.samba_lp.get('dcerpc_mapiproxy:samdb_url') or \ self.samba_lp.private_path("sam.ldb") self.samdb = SamDB(url=url, lp=self.samba_lp, session_info=system_session()) self.conn = self._open_mysql_connection()
def test_setntacl_getntacl_param(self): lp = LoadParm() open(self.tempf, 'w').write("empty") setntacl(lp, self.tempf, NTACL_SDDL, DOMAIN_SID, "tdb", os.path.join(self.tempdir, "eadbtest.tdb")) facl = getntacl(lp, self.tempf, "tdb", os.path.join( self.tempdir, "eadbtest.tdb")) domsid = security.dom_sid(security.SID_NT_SELF) self.assertEquals(facl.as_sddl(domsid), NTACL_SDDL) os.unlink(os.path.join(self.tempdir, "eadbtest.tdb"))
def test_setntacl_forcenative(self): if os.getuid() == 0: raise SkipTest("Running test as root, test skipped") lp = LoadParm() acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" open(self.tempf, 'w').write("empty") lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb")) self.assertRaises(Exception, setntacl, lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", "native")
def __init__(self): self.configRegistry = ConfigRegistry() self.configRegistry.load() lp = LoadParm() creds = Credentials() creds.guess(lp) self.samdb = SamDB(url='/var/lib/samba/private/sam.ldb', session_info=system_session(), credentials=creds, lp=lp)
def connection(self): lp = LoadParm() creds = Credentials() creds.guess(lp) creds.set_username("") creds.set_password("") con = SamDB(url='ldap://192.168.100.26:389', session_info=system_session(), credentials=creds, lp=lp) return con
def test_setntacl_getntacl(self): lp = LoadParm() acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" open(self.tempf, 'w').write("empty") lp.set("posix:eadb", os.path.join(self.tempdir, "eadbtest.tdb")) setntacl(lp, self.tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467") facl = getntacl(lp, self.tempf) anysid = security.dom_sid(security.SID_NT_SELF) self.assertEquals(facl.as_sddl(anysid), acl) os.unlink(os.path.join(self.tempdir, "eadbtest.tdb"))
def __init__(self, user, password): self.user = user self.password = password self.lp = LoadParm() self.lp.load_default() self.ip = '127.0.0.1' self.WorkGroup = str(self.lp.get("workgroup")) self.creds = credentials.Credentials() self.creds.set_username(self.user) self.creds.set_password(self.password) self.creds.set_domain(self.WorkGroup) self.creds.set_workstation("")
def main(): args = parse_args() logging.basicConfig(level=logging.DEBUG if args.debug else logging.WARNING) inpipe = sys.stdin outpipe = sys.stdout if args.unix: import socket try: os.remove(args.unix) except OSError: pass sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) sock.bind(args.unix) os.chmod(args.unix, 0o777) logger.debug("Bound unix socket: {}".format(args.unix)) logger.info("Waiting for connection at {}".format(args.unix)) sock.listen(1) csock, client_address = sock.accept() logger.info("Accepted connection from {}".format(client_address)) inpipe = outpipe = csock.makefile() lp = LoadParm() lp.load_default() creds = Credentials() creds.guess(lp) creds.set_kerberos_state(MUST_USE_KERBEROS) # If MUST_USE_KERBEROS and we have no ticket, yields this error: # "Failed to connect to 'ldap://dc1' with backend 'ldap': LDAP client # internal error: NT_STATUS_INVALID_PARAMETER" # lp is required by ldap_connect_send() -> lpcfg_resolve_context() samdb = SamDB(lp=lp, url=args.url, credentials=creds) logger.debug("Opened SAM DB:") logger.debug(" domain_dn: {}".format(samdb.domain_dn())) logger.debug(" domain_dns_name: {}".format(samdb.domain_dns_name())) try: r = SambaResponder(samdb, inpipe, outpipe) r.run() finally: if args.unix: try: os.remove(args.unix) except OSError: pass
def test_setntacl(self): random.seed() lp = LoadParm() path = os.environ['SELFTEST_PREFIX'] acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" tempf = os.path.join(path, "pytests" + str(int(100000 * random.random()))) ntacl = xattr.NTACL() ntacl.version = 1 open(tempf, 'w').write("empty") lp.set("posix:eadb", os.path.join(path, "eadbtest.tdb")) setntacl(lp, tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467") os.unlink(tempf)
def test_setntacl_invalidbackend(self): random.seed() lp = LoadParm() acl = "O:S-1-5-21-2212615479-2695158682-2101375467-512G:S-1-5-21-2212615479-2695158682-2101375467-513D:(A;OICI;0x001f01ff;;;S-1-5-21-2212615479-2695158682-2101375467-512)" path = os.environ['SELFTEST_PREFIX'] tempf = os.path.join(path, "pytests" + str(int(100000 * random.random()))) ntacl = xattr.NTACL() ntacl.version = 1 open(tempf, 'w').write("empty") self.assertRaises(XattrBackendError, setntacl, lp, tempf, acl, "S-1-5-21-2212615479-2695158682-2101375467", "ttdb", os.path.join(path, "eadbtest.tdb"))
def set_acl(path, sddl): print('start set_acl!') print(path) print(sddl) sid = security.dom_sid("S-1-5-21-3874029520-2253553080-878871061") print(sid) try: lp = LoadParm() setntacl(lp, path, sddl, sid) except Exception, e: print str(e)
def wait_for_drs_replication(ldap_filter, attrs=None, base=None, scope=ldb.SCOPE_SUBTREE, lp=None, timeout=360, delta_t=1, verbose=True): if not package_installed('univention-samba4'): if verbose: print 'wait_for_drs_replication(): skip, univention-samba4 not installed.' return if not lp: lp = LoadParm() lp.load('/etc/samba/smb.conf') if not attrs: attrs = ['dn'] elif not isinstance(attrs, list): attrs = [attrs] samdb = SamDB("tdb://%s" % lp.private_path("sam.ldb"), session_info=system_session(lp), lp=lp) controls = ["domain_scope:0"] if base is None: base = samdb.domain_dn() if not base or base == 'None': if verbose: print 'wait_for_drs_replication(): skip, no samba domain found' return if verbose: print "Waiting for DRS replication, filter: '%s'" % (ldap_filter, ), t = t0 = time.time() while t < t0 + timeout: try: res = samdb.search(base=base, scope=scope, expression=ldap_filter, attrs=attrs, controls=controls) if res: if verbose: print "\nDRS replication took %d seconds" % (t - t0, ) return res except ldb.LdbError as (_num, msg): print "Error during samdb.search: %s" % (msg, ) print '.', time.sleep(delta_t) t = time.time()