def get_session_info(self, domsid=DOM_SID):
"""
Get session_info for setntacl.
"""
if str(domsid) != str(self.samdb.get_domain_sid()):
# fake it with admin session as domsid is not in local db
admin_session = auth.admin_session(self.lp, str(domsid))
auth.session_info_fill_unix(admin_session,
lp_ctx=self.lp,
user_name="Administrator")
return admin_session
dn = '<SID={0}-{1}>'.format(domsid, security.DOMAIN_RID_ADMINISTRATOR)
flags = (auth.AUTH_SESSION_INFO_DEFAULT_GROUPS
| auth.AUTH_SESSION_INFO_AUTHENTICATED
| auth.AUTH_SESSION_INFO_SIMPLE_PRIVILEGES)
session = auth.user_session(self.samdb,
lp_ctx=self.lp,
dn=dn,
session_info_flags=flags)
auth.session_info_fill_unix(session,
lp_ctx=self.lp,
user_name="Administrator")
return session
def test_offline_manual_seized_ridalloc_add_user_as_admin(self):
"""Peform the same actions as test_offline_samba_tool_seized_ridalloc,
but do not create the RID set. Confirm that user-add correctly creates
the RID Set."""
fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
(fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
targetdir = self._test_join(fsmo_not_owner['dns_name'], "RIDALLOCTEST4")
try:
# Connect to the database
ldb_url = "tdb://%s" % os.path.join(targetdir, "private/sam.ldb")
lp = self.get_loadparm()
new_ldb = SamDB(ldb_url, credentials=self.get_credentials(),
session_info=admin_session(lp, self.ldb_dc1.get_domain_sid()), lp=lp)
serviceName = new_ldb.get_dsServiceName()
m = ldb.Message()
m.dn = fsmo_dn
m["fSMORoleOwner"] = ldb.MessageElement(serviceName,
ldb.FLAG_MOD_REPLACE,
"fSMORoleOwner")
new_ldb.modify(m)
# 1. Get server name
res = new_ldb.search(base=ldb.Dn(new_ldb, new_ldb.get_serverName()),
scope=ldb.SCOPE_BASE, attrs=["serverReference"])
# 2. Get server reference
server_ref_dn = ldb.Dn(new_ldb, res[0]['serverReference'][0])
# Assert that no RID Set has been set
res = new_ldb.search(base=server_ref_dn,
scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
self.assertFalse("rIDSetReferences" in res[0])
smbconf = os.path.join(targetdir, "etc/smb.conf")
# Create a user to allocate a RID Set for itself (the RID master)
new_ldb.newuser("ridalloctestuser", "P@ssword!")
# 3. Assert we get the RID Set
res = new_ldb.search(base=server_ref_dn,
scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
self.assertTrue("rIDSetReferences" in res[0])
finally:
self._test_force_demote(fsmo_not_owner['dns_name'], "RIDALLOCTEST4")
shutil.rmtree(targetdir, ignore_errors=True)
def test_offline_manual_seized_ridalloc_add_user_as_admin(self):
"""Peform the same actions as test_offline_samba_tool_seized_ridalloc,
but do not create the RID set. Confirm that user-add correctly creates
the RID Set."""
fsmo_dn = ldb.Dn(self.ldb_dc1, "CN=RID Manager$,CN=System," + self.ldb_dc1.domain_dn())
(fsmo_owner, fsmo_not_owner) = self._determine_fSMORoleOwner(fsmo_dn)
targetdir = self._test_join(fsmo_not_owner['dns_name'], "RIDALLOCTEST4")
try:
# Connect to the database
ldb_url = "tdb://%s" % os.path.join(targetdir, "private/sam.ldb")
lp = self.get_loadparm()
new_ldb = SamDB(ldb_url, credentials=self.get_credentials(),
session_info=admin_session(lp, self.ldb_dc1.get_domain_sid()), lp=lp)
serviceName = new_ldb.get_dsServiceName()
m = ldb.Message()
m.dn = fsmo_dn
m["fSMORoleOwner"] = ldb.MessageElement(serviceName,
ldb.FLAG_MOD_REPLACE,
"fSMORoleOwner")
new_ldb.modify(m)
# 1. Get server name
res = new_ldb.search(base=ldb.Dn(new_ldb, new_ldb.get_serverName()),
scope=ldb.SCOPE_BASE, attrs=["serverReference"])
# 2. Get server reference
server_ref_dn = ldb.Dn(new_ldb, res[0]['serverReference'][0].decode('utf8'))
# Assert that no RID Set has been set
res = new_ldb.search(base=server_ref_dn,
scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
self.assertFalse("rIDSetReferences" in res[0])
smbconf = os.path.join(targetdir, "etc/smb.conf")
# Create a user to allocate a RID Set for itself (the RID master)
new_ldb.newuser("ridalloctestuser", "P@ssword!")
# 3. Assert we get the RID Set
res = new_ldb.search(base=server_ref_dn,
scope=ldb.SCOPE_BASE, attrs=['rIDSetReferences'])
self.assertTrue("rIDSetReferences" in res[0])
finally:
self._test_force_demote(fsmo_not_owner['dns_name'], "RIDALLOCTEST4")
shutil.rmtree(targetdir, ignore_errors=True)
def setUp(self):
super(AuthAdminSessionTests, self).setUp()
self.lp = samba.tests.env_loadparm()
self.admin_session = auth.admin_session(self.lp,
"S-1-5-21-2212615479-2695158682-2101375467")
