def setUp(self): super(SamDBTestCase, self).setUp() invocationid = str(uuid.uuid4()) domaindn = "DC=COM,DC=EXAMPLE" self.domaindn = domaindn configdn = "CN=Configuration," + domaindn schemadn = "CN=Schema," + configdn domainguid = str(uuid.uuid4()) policyguid = str(uuid.uuid4()) domainsid = security.random_sid() hostguid = str(uuid.uuid4()) path = os.path.join(self.tempdir, "samdb.ldb") session_info = system_session() hostname = "foo" domain = "EXAMPLE" dnsdomain = "example.com" serverrole = "domain controller" smbconf = os.path.join(self.tempdir, "smb.conf") make_smbconf(smbconf, self.setup_path, hostname, domain, dnsdomain, serverrole, self.tempdir) self.lp = param.LoadParm() self.lp.load(smbconf) names = guess_names(lp=self.lp, hostname=hostname, domain=domain, dnsdomain=dnsdomain, serverrole=serverrole, domaindn=self.domaindn, configdn=configdn, schemadn=schemadn) paths = provision_paths_from_lp(self.lp, names.dnsdomain) provision_backend = ProvisionBackend("ldb", backend_type, paths=paths, setup_path=self.setup_path, lp=self.lp, credentials=None, names=names, message=message, hostname=hostname, root=root, schema=schema, domainsid=domainsid) self.samdb = setup_samdb(path, self.setup_path, session_info, provision_backend, self.lp, names, lambda x: None, domainsid, domainguid, policyguid, False, "secret", "secret", "secret", invocationid, "secret", "domain controller")
def setUp(self): super(SamDBTestCase, self).setUp() invocationid = str(uuid.uuid4()) domaindn = "DC=COM,DC=EXAMPLE" self.domaindn = domaindn configdn = "CN=Configuration," + domaindn schemadn = "CN=Schema," + configdn domainguid = str(uuid.uuid4()) policyguid = DEFAULT_POLICY_GUID domainsid = security.random_sid() path = os.path.join(self.tempdir, "samdb.ldb") session_info = system_session() hostname="foo" domain="EXAMPLE" dnsdomain="example.com" serverrole="domain controller" policyguid_dc = DEFAULT_DC_POLICY_GUID smbconf = os.path.join(self.tempdir, "smb.conf") make_smbconf(smbconf, hostname, domain, dnsdomain, serverrole, self.tempdir) self.lp = param.LoadParm() self.lp.load(smbconf) names = guess_names(lp=self.lp, hostname=hostname, domain=domain, dnsdomain=dnsdomain, serverrole=serverrole, domaindn=self.domaindn, configdn=configdn, schemadn=schemadn) paths = provision_paths_from_lp(self.lp, names.dnsdomain) logger = logging.getLogger("provision") provision_backend = ProvisionBackend("ldb", paths=paths, lp=self.lp, credentials=None, names=names, logger=logger) schema = Schema(domainsid, invocationid=invocationid, schemadn=names.schemadn, serverdn=names.serverdn, am_rodc=False) self.samdb = setup_samdb(path, session_info, provision_backend, self.lp, names, logger, domainsid, domainguid, policyguid, policyguid_dc, False, "secret", "secret", "secret", invocationid, "secret", None, "domain controller", schema=schema)
def setUp(self): super(SamDBTestCase, self).setUp() invocationid = str(uuid.uuid4()) domaindn = "DC=COM,DC=EXAMPLE" self.domaindn = domaindn configdn = "CN=Configuration," + domaindn schemadn = "CN=Schema," + configdn domainguid = str(uuid.uuid4()) policyguid = str(uuid.uuid4()) creds = Credentials() creds.set_anonymous() domainsid = security.random_sid() hostguid = str(uuid.uuid4()) path = os.path.join(self.tempdir, "samdb.ldb") session_info = system_session() hostname = "foo" domain = "EXAMPLE" dnsdomain = "example.com" serverrole = "domain controller" smbconf = os.path.join(self.tempdir, "smb.conf") make_smbconf(smbconf, self.setup_path, hostname, domain, dnsdomain, serverrole, self.tempdir) self.lp = param.LoadParm() self.lp.load(smbconf) names = guess_names(lp=self.lp, hostname=hostname, domain=domain, dnsdomain=dnsdomain, serverrole=serverrole, domaindn=self.domaindn, configdn=configdn, schemadn=schemadn) setup_templatesdb(os.path.join(self.tempdir, "templates.ldb"), self.setup_path, session_info=session_info, lp=self.lp) self.samdb = setup_samdb(path, self.setup_path, session_info, creds, self.lp, names, lambda x: None, domainsid, domainguid, policyguid, False, "secret", "secret", "secret", invocationid, "secret", "domain controller")
def setUp(self): super(SamDBTestCase, self).setUp() invocationid = str(uuid.uuid4()) domaindn = "DC=COM,DC=EXAMPLE" self.domaindn = domaindn configdn = "CN=Configuration," + domaindn schemadn = "CN=Schema," + configdn domainguid = str(uuid.uuid4()) policyguid = str(uuid.uuid4()) creds = Credentials() creds.set_anonymous() domainsid = security.random_sid() hostguid = str(uuid.uuid4()) path = os.path.join(self.tempdir, "samdb.ldb") session_info = system_session() hostname="foo" domain="EXAMPLE" dnsdomain="example.com" serverrole="domain controller" smbconf = os.path.join(self.tempdir, "smb.conf") make_smbconf(smbconf, self.setup_path, hostname, domain, dnsdomain, serverrole, self.tempdir) self.lp = param.LoadParm() self.lp.load(smbconf) names = guess_names(lp=self.lp, hostname=hostname, domain=domain, dnsdomain=dnsdomain, serverrole=serverrole, domaindn=self.domaindn, configdn=configdn, schemadn=schemadn) setup_templatesdb(os.path.join(self.tempdir, "templates.ldb"), self.setup_path, session_info=session_info, credentials=creds, lp=self.lp) self.samdb = setup_samdb(path, self.setup_path, session_info, creds, self.lp, names, lambda x: None, domainsid, "# no aci", domainguid, policyguid, False, "secret", "secret", "secret", invocationid, "secret", "domain controller")
def setUp(self): super(SamDBTestCase, self).setUp() invocationid = str(uuid.uuid4()) domaindn = "DC=COM,DC=EXAMPLE" self.domaindn = domaindn configdn = "CN=Configuration," + domaindn schemadn = "CN=Schema," + configdn domainguid = str(uuid.uuid4()) policyguid = DEFAULT_POLICY_GUID domainsid = security.random_sid() path = os.path.join(self.tempdir, "samdb.ldb") session_info = system_session() hostname = "foo" domain = "EXAMPLE" dnsdomain = "example.com" serverrole = "domain controller" policyguid_dc = DEFAULT_DC_POLICY_GUID smbconf = os.path.join(self.tempdir, "smb.conf") make_smbconf(smbconf, hostname, domain, dnsdomain, serverrole, self.tempdir) self.lp = param.LoadParm() self.lp.load(smbconf) names = guess_names(lp=self.lp, hostname=hostname, domain=domain, dnsdomain=dnsdomain, serverrole=serverrole, domaindn=self.domaindn, configdn=configdn, schemadn=schemadn) paths = provision_paths_from_lp(self.lp, names.dnsdomain) logger = logging.getLogger("provision") provision_backend = ProvisionBackend("ldb", paths=paths, lp=self.lp, credentials=None, names=names, logger=logger) schema = Schema(domainsid, invocationid=invocationid, schemadn=names.schemadn, serverdn=names.serverdn, am_rodc=False) self.samdb = setup_samdb(path, session_info, provision_backend, self.lp, names, logger, domainsid, domainguid, policyguid, policyguid_dc, False, "secret", "secret", "secret", invocationid, "secret", None, "domain controller", schema=schema)
def run(self, sambaopts=None, credopts=None, backup_file=None, targetdir=None, newservername=None, host_ip=None, host_ip6=None): if not (backup_file and os.path.exists(backup_file)): raise CommandError('Backup file not found.') if targetdir is None: raise CommandError('Please specify a target directory') # allow restoredc to install into a directory prepopulated by selftest if (os.path.exists(targetdir) and os.listdir(targetdir) and os.environ.get('SAMBA_SELFTEST') != '1'): raise CommandError('Target directory is not empty') if not newservername: raise CommandError('Server name required') logger = logging.getLogger() logger.setLevel(logging.DEBUG) logger.addHandler(logging.StreamHandler(sys.stdout)) # ldapcmp prefers the server's netBIOS name in upper-case newservername = newservername.upper() # extract the backup .tar to a temp directory targetdir = os.path.abspath(targetdir) tf = tarfile.open(backup_file) tf.extractall(targetdir) tf.close() # use the smb.conf that got backed up, by default (save what was # actually backed up, before we mess with it) smbconf = os.path.join(targetdir, 'etc', 'smb.conf') shutil.copyfile(smbconf, smbconf + ".orig") # if a smb.conf was specified on the cmd line, then use that instead cli_smbconf = sambaopts.get_loadparm_path() if cli_smbconf: logger.info("Using %s as restored domain's smb.conf" % cli_smbconf) shutil.copyfile(cli_smbconf, smbconf) lp = samba.param.LoadParm() lp.load(smbconf) # open a DB connection to the restored DB private_dir = os.path.join(targetdir, 'private') samdb_path = os.path.join(private_dir, 'sam.ldb') samdb = SamDB(url=samdb_path, session_info=system_session(), lp=lp) # Create account using the join_add_objects function in the join object # We need namingContexts, account control flags, and the sid saved by # the backup process. res = samdb.search(base="", scope=ldb.SCOPE_BASE, attrs=['namingContexts']) ncs = [str(r) for r in res[0].get('namingContexts')] creds = credopts.get_credentials(lp) ctx = DCJoinContext(logger, creds=creds, lp=lp, forced_local_samdb=samdb, netbios_name=newservername) ctx.nc_list = ncs ctx.full_nc_list = ncs ctx.userAccountControl = (samba.dsdb.UF_SERVER_TRUST_ACCOUNT | samba.dsdb.UF_TRUSTED_FOR_DELEGATION) # rewrite the smb.conf to make sure it uses the new targetdir settings. # (This doesn't update all filepaths in a customized config, but it # corrects the same paths that get set by a new provision) logger.info('Updating basic smb.conf settings...') make_smbconf(smbconf, newservername, ctx.domain_name, ctx.realm, targetdir, lp=lp, serverrole="active directory domain controller") # Get the SID saved by the backup process and create account res = samdb.search(base=ldb.Dn(samdb, "@SAMBA_DSDB"), scope=ldb.SCOPE_BASE, attrs=['sidForRestore', 'backupRename']) is_rename = True if 'backupRename' in res[0] else False sid = res[0].get('sidForRestore')[0] logger.info('Creating account with SID: ' + str(sid)) ctx.join_add_objects(specified_sid=dom_sid(sid)) m = ldb.Message() m.dn = ldb.Dn(samdb, '@ROOTDSE') ntds_guid = str(ctx.ntds_guid) m["dsServiceName"] = ldb.MessageElement("<GUID=%s>" % ntds_guid, ldb.FLAG_MOD_REPLACE, "dsServiceName") samdb.modify(m) # if we renamed the backed-up domain, then we need to add the DNS # objects for the new realm (we do this in the restore, now that we # know the new DC's IP address) if is_rename: self.register_dns_zone(logger, samdb, lp, ctx.ntds_guid, host_ip, host_ip6) secrets_path = os.path.join(private_dir, 'secrets.ldb') secrets_ldb = Ldb(secrets_path, session_info=system_session(), lp=lp) secretsdb_self_join(secrets_ldb, domain=ctx.domain_name, realm=ctx.realm, dnsdomain=ctx.dnsdomain, netbiosname=ctx.myname, domainsid=ctx.domsid, machinepass=ctx.acct_pass, key_version_number=ctx.key_version_number, secure_channel_type=misc.SEC_CHAN_BDC) # Seize DNS roles domain_dn = samdb.domain_dn() forest_dn = samba.dn_from_dns_name(samdb.forest_dns_name()) domaindns_dn = ("CN=Infrastructure,DC=DomainDnsZones,", domain_dn) forestdns_dn = ("CN=Infrastructure,DC=ForestDnsZones,", forest_dn) for dn_prefix, dns_dn in [forestdns_dn, domaindns_dn]: if dns_dn not in ncs: continue full_dn = dn_prefix + dns_dn m = ldb.Message() m.dn = ldb.Dn(samdb, full_dn) m["fSMORoleOwner"] = ldb.MessageElement(samdb.get_dsServiceName(), ldb.FLAG_MOD_REPLACE, "fSMORoleOwner") samdb.modify(m) # Seize other roles for role in ['rid', 'pdc', 'naming', 'infrastructure', 'schema']: self.seize_role(role, samdb, force=True) # Get all DCs and remove them (this ensures these DCs cannot # replicate because they will not have a password) search_expr = "(&(objectClass=Server)(serverReference=*))" res = samdb.search(samdb.get_config_basedn(), scope=ldb.SCOPE_SUBTREE, expression=search_expr) for m in res: cn = m.get('cn')[0] if cn != newservername: remove_dc(samdb, logger, cn) # Remove the repsFrom and repsTo from each NC to ensure we do # not try (and fail) to talk to the old DCs for nc in ncs: msg = ldb.Message() msg.dn = ldb.Dn(samdb, nc) msg["repsFrom"] = ldb.MessageElement([], ldb.FLAG_MOD_REPLACE, "repsFrom") msg["repsTo"] = ldb.MessageElement([], ldb.FLAG_MOD_REPLACE, "repsTo") samdb.modify(msg) # Update the krbtgt passwords twice, ensuring no tickets from # the old domain are valid update_krbtgt_account_password(samdb) update_krbtgt_account_password(samdb) # restore the sysvol directory from the backup tar file, including the # original NTACLs. Note that the backup_restore() will fail if not root sysvol_tar = os.path.join(targetdir, 'sysvol.tar.gz') dest_sysvol_dir = lp.get('path', 'sysvol') if not os.path.exists(dest_sysvol_dir): os.makedirs(dest_sysvol_dir) backup_restore(sysvol_tar, dest_sysvol_dir, samdb, smbconf) os.remove(sysvol_tar) # fix up any stale links to the old DCs we just removed logger.info("Fixing up any remaining references to the old DCs...") self.fix_old_dc_references(samdb) # Remove DB markers added by the backup process m = ldb.Message() m.dn = ldb.Dn(samdb, "@SAMBA_DSDB") m["backupDate"] = ldb.MessageElement([], ldb.FLAG_MOD_DELETE, "backupDate") m["sidForRestore"] = ldb.MessageElement([], ldb.FLAG_MOD_DELETE, "sidForRestore") if is_rename: m["backupRename"] = ldb.MessageElement([], ldb.FLAG_MOD_DELETE, "backupRename") samdb.modify(m) logger.info("Backup file successfully restored to %s" % targetdir) logger.info("Please check the smb.conf settings are correct before " "starting samba.")
def setUp(self): super(SamDBTestCase, self).setUp() invocationid = str(uuid.uuid4()) domaindn = "DC=COM,DC=EXAMPLE" self.domaindn = domaindn configdn = "CN=Configuration," + domaindn schemadn = "CN=Schema," + configdn domainguid = str(uuid.uuid4()) policyguid = str(uuid.uuid4()) domainsid = security.random_sid() hostguid = str(uuid.uuid4()) path = os.path.join(self.tempdir, "samdb.ldb") session_info = system_session() hostname = "foo" domain = "EXAMPLE" dnsdomain = "example.com" serverrole = "domain controller" smbconf = os.path.join(self.tempdir, "smb.conf") make_smbconf(smbconf, self.setup_path, hostname, domain, dnsdomain, serverrole, self.tempdir) self.lp = param.LoadParm() self.lp.load(smbconf) names = guess_names( lp=self.lp, hostname=hostname, domain=domain, dnsdomain=dnsdomain, serverrole=serverrole, domaindn=self.domaindn, configdn=configdn, schemadn=schemadn, ) paths = provision_paths_from_lp(self.lp, names.dnsdomain) provision_backend = ProvisionBackend( "ldb", backend_type, paths=paths, setup_path=self.setup_path, lp=self.lp, credentials=None, names=names, message=message, hostname=hostname, root=root, schema=schema, domainsid=domainsid, ) self.samdb = setup_samdb( path, self.setup_path, session_info, provision_backend, self.lp, names, lambda x: None, domainsid, domainguid, policyguid, False, "secret", "secret", "secret", invocationid, "secret", "domain controller", )